)]}'
{"/PATCHSET_LEVEL":[{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"14d463d38924451d09d9357a40968c020f12fe9b","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"baac355e_0794dac9","updated":"2021-12-30 20:51:50.000000000","message":"Given that rootwrap (and its cousin privsep) is security sensitive, what are the use cases for adding this new configuration capability? Will it introduce a risk for cloud admins that might inadvertently misconfigure something? In my admittedly experience, I thought the rootwrap.conf supplied by most distros is sufficient.","commit_id":"c495536f9ae134b12cc6d74acf1b1a8894cac8e7"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"4481b9af943ce05bf166cf9c612965b830e526ce","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"4b092c1b_8b532853","updated":"2022-01-05 01:14:41.000000000","message":"I forgot to remove WIP after I checked current usage of oslo.rootwrap, but I think this one is ready now.","commit_id":"c495536f9ae134b12cc6d74acf1b1a8894cac8e7"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"297185353e4ff0352fa4fa3cfb39fbe2b3b97359","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"da834c29_804abaf5","updated":"2022-01-05 06:17:09.000000000","message":"recheck","commit_id":"c495536f9ae134b12cc6d74acf1b1a8894cac8e7"},{"author":{"_account_id":21129,"name":"Alan Bishop","email":"abishopsweng@gmail.com","username":"ASBishop","status":"ex Red Hat"},"change_message_id":"accdd1fa4578cd2decd2b007889aa38ca41fe24c","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"6c8e1a32_40e4cc17","in_reply_to":"45f8a9ed_cffbbfec","updated":"2022-01-04 15:51:12.000000000","message":"If deployments do need to tune cinder\u0027s rootwrap.conf then I\u0027m OK with this patch. As a side note, while I agree that consistency is good, I personally would hold off globally adding this this feature to all puppet modules unless there\u0027s an actual need, but that\u0027s my personal bias.\n\nAs for this patch being WIP, it will be a while before cinder can fully deprecate its reliance on rootwrap, so +2 from me. I\u0027ll hold the +w until you\u0027re ready to proceed.","commit_id":"c495536f9ae134b12cc6d74acf1b1a8894cac8e7"},{"author":{"_account_id":9816,"name":"Takashi Kajinami","email":"kajinamit@oss.nttdata.com","username":"kajinamit"},"change_message_id":"df8380bd70699f4b75fb20d96d0306c39db37a71","unresolved":false,"context_lines":[],"source_content_type":"","patch_set":5,"id":"45f8a9ed_cffbbfec","in_reply_to":"baac355e_0794dac9","updated":"2022-01-02 12:42:06.000000000","message":"oslo.rootwrap supports some logging parameters and tunable parameters which might require customization in some deployments. This file is already supported by puppet-designate and I\u0027m implementing this to have consistent capability in all modules.\n\nOne concern with this (and the reason I put WIP) is that there is a desire to replace oslo.rootwrap by oslo.privsep[1] . However considering the fact that many components are still using oslo.rootwrap, this capability would be still useful, IMO.\n\n[1] https://docs.openstack.org/oslo.privsep/latest/user/index.html#converting-from-rootwrap-to-privsep","commit_id":"c495536f9ae134b12cc6d74acf1b1a8894cac8e7"}]}