Per the discussion result from the dev ML, there are 3 options for this issue and finally reached agreement to go with option 1).
1) Get Neutron to call XenAPI directly rather than trying to use a daemon - the session management would move from neutron-rootwrap-xen-dom0 into xen_rootwrap_client.py (perhaps this could be better named)
2) Get Neutron to call a local rootwrap daemon (as per the current implementation) which maintains a pool of connections and can efficiently call through to XenAPI
3) Extend oslo.rootwrap (and I presume also privsep) to know that some commands can run in different places, and put the logic for connecting to those different places in there.
Per the discussion result from the dev ML, there are 3 options for this issue and finally reached agreement to go with option 1). rootwrap- xen-dom0 into xen_rootwrap_ client. py (perhaps this could be better named)
1) Get Neutron to call XenAPI directly rather than trying to use a daemon - the session management would move from neutron-
2) Get Neutron to call a local rootwrap daemon (as per the current implementation) which maintains a pool of connections and can efficiently call through to XenAPI
3) Extend oslo.rootwrap (and I presume also privsep) to know that some commands can run in different places, and put the logic for connecting to those different places in there.
See the mail thread: lists.openstack .org/pipermail/ openstack- dev/2016- November/ 106726. html
http://