| Summary: | Reserve static uid/gids for OpenStack packages - swift, glance and nova | ||
|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Mark McLoughlin <markmc> |
| Component: | setup | Assignee: | Ondrej Vasik <ovasik> |
| Status: | CLOSED RAWHIDE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
| Severity: | low | Docs Contact: | |
| Priority: | low | ||
| Version: | rawhide | CC: | ovasik, pknirsch |
| Target Milestone: | --- | ||
| Target Release: | --- | ||
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | Bug Fix | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2011-08-23 08:25:14 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
|
Description
Mark McLoughlin
2011-08-22 13:36:29 UTC
Thanks for filing the request. There are not only pros of static allocation... we have only 200 uidgid pairs which could be reserved statically - and more than 100 is already reserved - so static uidgid allocation should be used only if the system user account handles/stores sensitive data or if it is network facing/communicating between virtual machines - so predictable uid/gid makes sense there. Is that your case? If so, could you please provide homedir and package which will create them for all these 3 users? I'll let you know which pairs will be reserved. Thanks Ondrej
All three accounts are used for network facing daemons which store sensitive data
Homedir for each is /var/lib/{swift,glance,nova} and packages are openstack-{swift,glance,nova}
* Tue Aug 23 2011 Ondrej Vasik <ovasik> 2.8.38-1 - reserve 160:160 for swift (openstack-swift) - #732442 - reserve 161:161 for glance (openstack-glance) - #737442 - reserve 162:162 for nova (openstack-nova) - #737442 Closing RAWHIDE. oops, now I see typos in the changelog :) ... anyway, reserved uidgids are correct :) Thanks again Ondrej :) |