yahoo-eng-team team mailing list archive

Thread
Date

[Bug 1479842] Re: os-brick needs to provide it's own rootwrap filters file

To: yahoo-eng-team@xxxxxxxxxxxxxxxxxxx
From: Matt Riedemann <mriedem@xxxxxxxxxx>
Date: Wed, 09 Sep 2015 16:05:56 -0000
Reply-to: Bug 1479842 <1479842@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Dropping devstack from this.  As a tactical fix for liberty we're going
to just make sure the os-brick.filters contents are in volume.filters in
cinder and compute.filters in nova.  This is not ideal long-term because
of the tight-coupling it creates and lockstep upgrades required for nova
and cinder (and os-brick).

We're going to add oslo.rootwrap here since what we'd like to see
discussed at the mitaka summit is the capability in oslo.rootwrap to
load the package_data automatically from os-brick.

So the thinking is something like this, nova's rootwrap.conf would have
some kind of key=value of library to filter to load, e.g.:

filters_from_libraries: os-brick=os-brick.filters(,os-
brick-2.filters,etc),foo-lib=foo.filters

Then oslo.rootwrap could parse that and use:

http://peak.telecommunity.com/DevCenter/PythonEggs#accessing-package-
resources

To load the data, e.g. resource_filename('os-brick', 'os-
brick.filters').

** No longer affects: devstack

** Also affects: oslo.rootwrap
   Importance: Undecided
       Status: New

** Changed in: oslo.rootwrap
       Status: New => Confirmed

** Changed in: oslo.rootwrap
   Importance: Undecided => Wishlist

** Changed in: nova
    Milestone: None => next

-- 
You received this bug notification because you are a member of Yahoo!
Engineering Team, which is subscribed to OpenStack Compute (nova).
https://bugs.launchpad.net/bugs/1479842

Title:
  os-brick needs to provide it's own rootwrap filters file

Status in Cinder:
  Confirmed
Status in OpenStack Compute (nova):
  Confirmed
Status in os-brick:
  Fix Released
Status in oslo.rootwrap:
  Confirmed

Bug description:
  This came up in the review for the scaleio libvirt volume driver in
  nova:

  https://review.openstack.org/#/c/194454/16/etc/nova/rootwrap.d/compute.filters

  Basically, having to define rootwrap filters in nova and cinder for
  things that are run in os-brick is kind of terrible since every time
  os-brick needs to add a new command to run as root, it has to be added
  to nova/cinder, and we have to deal with version compat issues (will
  the version of nova/cinder have the filters required for the version
  of os-brick that's running?).

  This was already introduced with multipathd to compute.filters in the
  os-brick integration change:

  https://review.openstack.org/#/c/175569/32/etc/nova/rootwrap.d/compute.filters

  Rather than revert the os-brick integration change to nova, we should
  work this as a bug so that os-brick can carry it's own os-
  brick.filters file and then that can be dropped into
  /etc/nova/rootwrap.d and /etc/cinder/rootwrap.d.

  So we'll need os-brick changes, nova, cinder and devstack changes to
  land this.

  Also considered a release blocker for liberty for the nova team.

To manage notifications about this bug go to:
https://bugs.launchpad.net/cinder/+bug/1479842/+subscriptions

References

[Bug 1479842] [NEW] os-brick needs to provide it's own rootwrap filters file
From: Matt Riedemann, 2015-07-30