[neutron] oslo.privsep migration in Neutron
skaplons at redhat.com
Wed Mar 31 06:53:56 UTC 2021
On Tue, Mar 30, 2021 at 05:33:40PM +0200, Rodolfo Alonso Hernandez wrote:
> Hello Neutrinos:
> During the last cycles we have been migrating the Neutron code from
> oslo.rootwrap to oslo.privsep. Those efforts are aimed at reaching the goal
> defined in  and are tracked in .
> At this point, starting Xena developing cycle, we can state that we have
> migrated all short lived commands from oslo.rootwrap to oslo.privsep or to
> a native implementation (that could also use oslo.privsep to elevate the
> permissions if needed).
Thanks a lot Rodolfo for working on that. Great job!
> The problem are the daemons or services (long lived processes) that Neutron
> spawns using "ProcessManager"; this is why "ProcessManager.enable" is the
> only code calling "utils.execute" without "privsep_exec" parameter. Those
> process cannot be executed using oslo.privsep because the privsep root
> daemon has a limited number of executing threads. The remaining processes
> are .
> Although we didn't reach the Completion Criteria defined in , that is
> remove the oslo.rootwrap dependency, I think we don't have an alternative
> to run those services and we should keep rootwrap for them. If there are no
> objections, once  is merged we can consider that Neutron (not other
> Stadium projects) finished the efforts on .
Sounds good for me.
> Please, any feedback is always welcome.
Maybe some oslo.privsep experts can take a look into that and help to solve that
problem somehow. If not, then IMO we can live with it like it is now.
Principal Software Engineer
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 488 bytes
Desc: not available
More information about the openstack-discuss