Open Stack

Hi,

> Wiadomość napisana przez Matt Riedemann <mriedemos at gmail.com> w dniu 03.06.2018, o godz. 16:54:
> 
> On 6/2/2018 1:37 AM, Chris Apsey wrote:
>> This is great.  I would even go so far as to say the install docs should be updated to capture this as the default; as far as I know there is no negative impact when running in daemon mode, even on very small deployments.  I would imagine that there are operators out there who have run into this issue but didn't know how to work through it - making stuff like this less painful is key to breaking the 'openstack is hard' stigma.
> 
> I think changing the default on the root_helper_daemon option is a good idea if everyone is setting that anyway. There are some comments in the code next to the option that make me wonder if there are edge cases where it might not be a good idea, but I don't really know the details, someone from the neutron team that knows more about it would have to speak up.
> 
> Also, I wonder if converting to privsep in the neutron agent would eliminate the need for this option altogether and still gain the performance benefits.

Converting L2 agents to privsep is ongoing process but it’s very slow. There is switch of ip_lib to privsep in progress: https://bugs.launchpad.net/neutron/+bug/1492714
But to completely drop rootwrap there is also tc_lib to switch to privsep for QoS, iptables module for security groups and probably also some other modules. So I would not consider it as possibly done soon :)

> 
> -- 
> 
> Thanks,
> 
> Matt
> 
> _______________________________________________
> OpenStack-operators mailing list
> OpenStack-operators at lists.openstack.org
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators

— 
Slawek Kaplonski
Senior software engineer
Red Hat