> From: Thierry Carrez <thie...@openstack.org> > Date: Thu, 09 Aug 2012 16:32:23 +0200 > [...] > > > My goal is by end of today , or tomorrow morning latest, to have at > > least a reasonably complete understanding of the changes necessary to > > get the quantum-rootwrap facility up to parity with nova/cinder. If I > > get to that deadline and I'm not there, I'll probably punt, as it > > becomes too much of a hail-mary to get the stuff stabilized and > > reviewed etc by tues. > > That sounds reasonable. >
Ok, here's what I think I know, and what I propose to do with it: Fix quantum/bin/quantum-rootwrap to mimic changes to nova/cinder w/r/t conf file. This will introduce the notion of /etc/quantum/rootwrap.conf and allow for specifying path to filter specs. Fix quantum/rootwrap/filters.py likewise; update KillFilter (maybe more?) Fix quantum/rootwrap/wrapper.py likewise; load from files and construct filter datastructures Create etc/quantum/quantum-rootwrap.conf etc/quantum/rootwrap.d/ Move the filter specs from the various agent pieces in quantum/rootwrap to matching files in etc/quantum/filters.d. Update them while I'm at it. This probably means that those files in quantum/rootwrap go away. Alternate implementation: Collect all those pieces into a consolidated quantum.filters file and stick that in there. There appears to be no analog of nova/tests/test_nova_rootwrap.py for quantum, so I'll likely need to write something for that. It looks like the various .ini files in etc/quantum/plugins all set root helper for each agent. Keep that structure for now, revisit later. That likely means I'll need a way to propagate the a default root helper setting from the conf to each agent. Devstack appears to frob configs in nova and cinder, but copy the quantum configs verbatim. So I'm hoping I can get away without modifying devstack. Things I don't know yet: Python compatibility? I'm running 2.7; I don't believe anything I'm doing would break in earlier ones, but I gather that that will need to be tested before I'm done. Will I need to hair up the filter match code? I don't think so, but I haven't gotten enough working yet to tell. Hoping I can leave it as is. Apologies for the not-very coherent description. Please let me know if you think I'm off in the weeds or missing important bits. Thanks in advance... _______________________________________________ Mailing list: https://launchpad.net/~openstack Post to : openstack@lists.launchpad.net Unsubscribe : https://launchpad.net/~openstack More help : https://help.launchpad.net/ListHelp
