On 7/3/2016 10:25 PM, Angus Lees wrote:
I see there are already a few other additions to the rootwrap filters in nova/cinder (the comments suggest (nova) libvirt/imagebackend.py, (cinder) remotefs.py, and (both) vzstorage.py). The various privsep-only suggestions about fallback strategies don't help in these other examples. Any corresponding code changes that rely on these new filters will also need to be reverted and resubmitted during next cycle - or do what usually happens and slip under the radar as they are not exercised by grenade.
This is a good point - there were a couple of rootwrap filters added to nova already for virtuozzo features (vz volume attach support and rescue/resize support using the prl_disk_tool binary). These would fail grenade if we ran it with resize and the virtuozzo config with libvirt.
It seems a bit crazy to me to have to land rootwrap filters 6 months ahead of the code that uses them though, which is why I didn't block those changes from getting in.
- Gus __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
I haven't noticed anyone from the operators community weigh in on this thread, but I'm very curious to how they handle rootwrap filters when doing upgrades. I might start a separate thread in the operators list about that.
-- Thanks, Matt Riedemann __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev