[Openstack] [Quantum] Removing quantum-rootwrap

balaji patnala patnala003 at gmail.com
Mon Aug 13 05:42:19 UTC 2012


Hello Thierry,

Can we download Folsom branch codebase for understanding Quantum and other
changes in Folsom release?

Please give us your comments,experience and known issues.

Thanks in advance.

-balaji

On Wed, Aug 8, 2012 at 7:01 PM, Thierry Carrez <thierry at openstack.org>wrote:

> Hi everyone,
>
> Quantum currently contains bin/quantum-rootwrap, a copy of nova-rootwrap
> supposed to control its privilege escalation to run commands as root.
>
> However quantum-rootwrap is currently non-functional, missing a lot of
> filter definitions that are necessary for it to work correctly. Quantum
> is generally run with root_helper=sudo and a wildcard sudoers file. That
> means Quantum is not ready to deprecate in Folsom (and remove in
> Grizzly) its ability to run with root_helper=sudo, like Nova and Cinder do.
>
> I discussed this with Dan, and it appears that the sanest approach would
> be to remove quantum-rootwrap from Quantum and only support
> root_helper=sudo (the only option that works). I suspect nobody is
> actually using quantum-rootwrap right now anyway, given how broken it
> seems to be. For the first official release of Quantum as an OpenStack
> core project, I would prefer not to ship half-working options :)
>
> Quantum would then wait for rootwrap to move to openstack-common (should
> be done in Grizzly) to reconsider using it.
>
> Let me know if any of you see issues with that approach.
> (posted to the general list to get the widest feedback).
>
> --
> Thierry Carrez (ttx)
> Release Manager, OpenStack
>
> _______________________________________________
> Mailing list: https://launchpad.net/~openstack
> Post to     : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help   : https://help.launchpad.net/ListHelp
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20120813/71282650/attachment.html>


More information about the Openstack mailing list