Open Stack

Hi,

How much work would would be needed to get this added in quantum?

Thanks
chuck


On Wed, 08 Aug 2012 15:31:59 +0200
Thierry Carrez <thierry at openstack.org> wrote:

> Hi everyone,
> 
> Quantum currently contains bin/quantum-rootwrap, a copy of
> nova-rootwrap supposed to control its privilege escalation to run
> commands as root.
> 
> However quantum-rootwrap is currently non-functional, missing a lot of
> filter definitions that are necessary for it to work correctly.
> Quantum is generally run with root_helper=sudo and a wildcard sudoers
> file. That means Quantum is not ready to deprecate in Folsom (and
> remove in Grizzly) its ability to run with root_helper=sudo, like
> Nova and Cinder do.
> 
> I discussed this with Dan, and it appears that the sanest approach
> would be to remove quantum-rootwrap from Quantum and only support
> root_helper=sudo (the only option that works). I suspect nobody is
> actually using quantum-rootwrap right now anyway, given how broken it
> seems to be. For the first official release of Quantum as an OpenStack
> core project, I would prefer not to ship half-working options :)
> 
> Quantum would then wait for rootwrap to move to openstack-common
> (should be done in Grizzly) to reconsider using it.
> 
> Let me know if any of you see issues with that approach.
> (posted to the general list to get the widest feedback).
>