© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
a60fb26
(Get the code!)
Root squash is enabled because:
* It's the default
* Only the glance user should be accessing this export.
* Providing root access where it is not needed violates the principle of least privilege...A principle which motivates creating an unprivileged account to run the glance service in the first place.
The suggestion was not "ignore errors" or "violate idempotency". The suggestion is to acknowledge that some configuration items (network configuration, NFS export for a glance share, permissions on a mountpoint, etc.) are outside of ansible and to behave accordingly.
The code violates idempotency as it is: success depends on the state of the system. If the share is not mounted yet (i.e., the first time thru), the code succeeds because it performs a useless chmod which will be hidden later. If the share is already mounted (i.e., the second time it is run) the code cannot perform the useless chmod and errors.
If the directory's not an NFS mount point, setting permissions is within the purvue of ansible. If it is, ansible can check that the permissions are workable and throw an error if not. This is not "set once, never again". Nor am I advocating throwing out the error.
Is there any particular reason the permissions on a directory for the exclusive use of the glance user are set to 777 after changing the owner to root? You do have special hooks to ensure that the glance uid/gid are created the same on all hosts.
Finally, I thought the project motto was "secure by default". Should I really have to be trying to talk you into this?