Sean Dague wrote:
On 08/14/2016 06:23 PM, Patrick East wrote: <snip>We were talking through some of the implications of this change in #openstack-nova, and the following further concerns came out. 1) Unix permissions for services in distros Both Ubuntu and RHEL have a dedicated service user per service. Nova services run under nova user, cinder services under cinder. For those services to share a lock path you need to do more than share the path. You must also put both services in a group. Make the lockpath group writable, and ensure all lockfiles get written with g+w permissions (potentially overriding default system umask to get there). 2) Services in containers For people pushing towards putting services in containers, you'd need to do all sorts of additional work to make this lock path actually a shared construct between 2 containers. These are both pretty problematic changes for the entire deploy space without good answers. -Sean
Very good points, both really push me toward a long-term solution that involves an actual lock-management-service (that isn't a single directory); but I know this is a larger change (thankfully all the supporting primitives, services, and libraries should be existing/ready for this kind of change). I'd even go as far to say that the 3 services I would *currently* recommend (etcd, zookeeper, redis) are more than mature enough for this usage by now.
-Josh __________________________________________________________________________ OpenStack Development Mailing List (not for usage questions) Unsubscribe: [email protected]?subject:unsubscribe http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-dev
