os-brick needs to provide it's own rootwrap filters file
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Cinder |
Won't Fix
|
High
|
Sean McGinnis | ||
OpenStack Compute (nova) |
Won't Fix
|
High
|
Matt Riedemann | ||
os-brick |
Fix Released
|
High
|
Walt Boring | ||
oslo.rootwrap |
Won't Fix
|
Wishlist
|
Unassigned |
Bug Description
This came up in the review for the scaleio libvirt volume driver in nova:
https:/
Basically, having to define rootwrap filters in nova and cinder for things that are run in os-brick is kind of terrible since every time os-brick needs to add a new command to run as root, it has to be added to nova/cinder, and we have to deal with version compat issues (will the version of nova/cinder have the filters required for the version of os-brick that's running?).
This was already introduced with multipathd to compute.filters in the os-brick integration change:
https:/
Rather than revert the os-brick integration change to nova, we should work this as a bug so that os-brick can carry it's own os-brick.filters file and then that can be dropped into /etc/nova/
So we'll need os-brick changes, nova, cinder and devstack changes to land this.
Also considered a release blocker for liberty for the nova team.
Changed in cinder: | |
status: | New → Confirmed |
Changed in nova: | |
status: | New → Confirmed |
Changed in devstack: | |
status: | New → Confirmed |
Changed in os-brick: | |
status: | New → Confirmed |
Changed in cinder: | |
importance: | Undecided → High |
Changed in nova: | |
importance: | Undecided → High |
Changed in os-brick: | |
assignee: | nobody → Walt Boring (walter-boring) |
importance: | Undecided → High |
Changed in devstack: | |
assignee: | nobody → Xing Yang (xing-yang) |
Changed in devstack: | |
assignee: | Xing Yang (xing-yang) → Walt Boring (walter-boring) |
Changed in devstack: | |
assignee: | Walt Boring (walter-boring) → Xing Yang (xing-yang) |
Changed in os-brick: | |
status: | In Progress → Fix Committed |
Changed in os-brick: | |
milestone: | none → 0.4.0 |
status: | Fix Committed → Fix Released |
Changed in nova: | |
status: | In Progress → Confirmed |
Changed in cinder: | |
status: | In Progress → Confirmed |
Changed in cinder: | |
status: | Confirmed → Won't Fix |
We may want to see where this ends up, we should talk to dims and gus per IRC conversation:
https:/ /blueprints. launchpad. net/oslo- incubator/ +spec/privsep
However, I'm not sure how long we want to wait on that since the spec isn't even written yet.