On Thu, Dec 01, 2016 at 09:03:30AM -0500, John Trowbridge wrote:
> 1. Doing tasks as root on the virthost makes clean up trickier. With the
> current model, deleting the non-root quickstart user cleans up almost
> everything. By keeping all of the root privilege tasks in the provision
> and environment roles, it is much easier to reason about the few things
> that do not get cleaned up when deleting the quickstart user. If we
> start allowing root privilege tasks in the libvirt role, this will be
> harder.
> 2. Theoretically, (I have not actually heard anyone actually doing
>    this), someone could set up a virthost for use by quickstart, and
>    then...

The particular use case that inspired the current architecture was the
situation in which people did not want a random script from the
internet running with privileges on their system.

The existing model means that you can manually configure a host for
use by quickstart (installing libvirt, creating the necessary bridges
devices and permissions, etc), and then use quickstart exclusively as
a non-root user.

This is really nice for a number of reasons.  For example, I often
have multiple quickstart-provisioned environments on my virt host,
each associated with a particular user.  Being able to run everything
as a non-root user means that it's easy to keep these separate, and
that I won't accidentally break one environment because of a typo or
something (because my "master tripleo" user is not able to modify the
environment of my "rdo release" user).

Lars Kellogg-Stedman <l...@redhat.com> | larsks @ {freenode,twitter,github}
Cloud Engineering / OpenStack          | http://blog.oddbit.com/

Attachment: signature.asc
Description: PGP signature

OpenStack Development Mailing List (not for usage questions)
Unsubscribe: openstack-dev-requ...@lists.openstack.org?subject:unsubscribe

Reply via email to