On Wed, Jul 06, 2016 at 11:41:56AM -0500, Matt Riedemann wrote: > On 7/6/2016 10:55 AM, Matthew Treinish wrote: > > > > Well, for better or worse rootwrap filters are put in /etc and treated like > > a > > config file. What you're essentially saying is that it shouldn't be config > > and > > just be in code. I completely agree with that being what we want > > eventually, but > > it's not how we advertise it today. Privsep sounds like it's our way of > > making > > this migration. But, it doesn't change the status quo where it's this hybrid > > config/code thing today, like policy was in nova before: > > > > http://specs.openstack.org/openstack/nova-specs/specs/newton/approved/policy-in-code.html > > > > (which has come up before as another tension point in the past during > > upgrades) > > I don't think we should break what we're currently enforcing today because > > we > > don't like the model we've built. We need to handle the migration to the new > > better thing gracefully so we don't break people who are relying on our > > current > > guarantees, regardless of how bad they are. > > > > -Matt Treinish > > > > > > I just wonder how many deployments are actually relying on this, since as > noted elsewhere in this thread we don't really enforce this for all things, > only what happens to get tested in our CI system, e.g. the virtuozzo > rootwrap filters that don't have grenade testing.
Sure, our testing coverage here is far from perfect, that's never been in dispute. It's always been best effort (which there has been limited in this space) like I'm not aware of anything doing any upgrade testing with virtuozzo enabled, or any of the other random ephemeral storage backends, **cough** ceph **cough**. But, as I said before just because we don't catch all the issues isn't a reason to throw everything out the window. > > Which is also why I'd like to get some operator perspective on this. > I think what we'll find is the people who rely on this don't even realize it. (which is kinda the point) I expect the people on the ops list are knowledgeable enough and have enough experience to figure this kind of issue out and just expect it during the course of an upgrade. This is more likely a trap for young players who haven't even thought about this as being a potential issue before. I don't think there is any disagreement we should move to something better in this space. But, this is something we've said we would guarantee and I don't think we should break that in the process of moving to the new better thing. -Matt Treinish
signature.asc
Description: PGP signature
__________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
