On Mon, Jul 29, 2013 at 5:51 AM, Thierry Carrez <thie...@openstack.org>wrote:
> John Garbutt wrote: > > I tend to agree that (option 3) aggregating all of the calls to > > rootwrap may be impractical: > >> Sean Dague wrote: > >> The reason there are 20 different call outs is that they aren't all in > the > >> same place. There are phases that happen here, and different kind of > errors > >> needed. I'm skeptical that you could push it all into one place. > > > > However it seems like the quickest way to reduce _some_ of the impact. > > > > Maybe just have python command-lets, like the filters (python code > > that runs as root) that chain a set of shell requests, and the input > > is restricted by the filters in the usual way. I do worry that it > > encourages larger chunks of code running as root, but that is > > something we should be able to avoid. > > Running Python snippets instead of shelling out has been on the rootwrap > feature backlog for a while. The drawback is that you lose "sudo" > backward compat (the ability to run the same command using plain "sudo" > instead of "sudo rootwrap...") so we were kinda waiting for a good use > case justifying such loss. > > However if the run_as_root calls are scattered around and can't be > grouped with minimal logic that will not give us a lot compared to using > shell scripts for aggregation. > > Could someone post a log of the 20 calls involved so that we could check > out how they could be grouped ? It doesn't have to be all in one call, > even reducing those 20 to 5 or 10 would bring a significant performance > improvement. > $ git grep "as_root=True" nova/network/linux_net.py | wc -l 66 Sure we can group some calls together, but then we have to move much of the logic into whatever mechanism we are using to grouping calls together. For example see https://github.com/openstack/nova/blob/master/nova/network/linux_net.py#L783 > > -- > Thierry Carrez (ttx) > > _______________________________________________ > OpenStack-dev mailing list > OpenStack-dev@lists.openstack.org > http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev >
_______________________________________________ OpenStack-dev mailing list OpenStack-dev@lists.openstack.org http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
