Containers Service for OpenStack

Go to file

Hongbin Lu d9098aab26 Introduce rootwrap and filter If the zun-compute process is owned by a user who doesn't have passwordless sudo privilege, zun-compute will fail to run privileged command (e.g. sudo privsep-helper ...). A native solution is to grant passwordless sudo to the user who owns the zun process, but the best practice is to leverage Rootwrap [1], which can restrict the privilege escalation. This patch make Zun leverage Rootwrap. In particular, it does the following: * Setup Rootwrap in the Zun devstack plugin * Introduce a sample rootwrap config file * Introduce sample rootwrap filters for executing privsep-helper * Introduce a root helper which basically adds "sudo zun-rootwrap" to the beginning of the command to be execute. * Initialize privsep to use the Zun's root helper [1] https://wiki.openstack.org/wiki/Rootwrap Closes-Bug: #1749342 Needed-By: I69c47d25fa53f8e08efad9daa71d2f550425a5e7 Change-Id: I3ca5d853588b3705cb6cb2410df16e16a621c030 (cherry picked from commit `d412de7100`)		2018-03-20 13:58:01 +00:00
api-ref/source	api-ref: fix the type of restart_policy	2018-03-18 03:59:16 +00:00
contrib	Make 'utils.monkey_patch' py3 compatible	2017-10-10 16:57:03 +08:00
devstack	Introduce rootwrap and filter	2018-03-20 13:58:01 +00:00
doc/source	Update the installation guide on stable/branch	2018-02-08 02:34:39 +00:00
etc	Introduce rootwrap and filter	2018-03-20 13:58:01 +00:00
playbooks	Set capability_scope to global in devstack	2017-12-05 04:29:40 +00:00
releasenotes	Remove setting of version/release from releasenotes	2017-11-17 09:15:36 +05:30
specs	Replace curly quotes with straight quotes	2018-01-24 11:00:55 +08:00
template/capsule	Add detailed parameters for Capsule create	2018-01-12 10:10:36 +08:00
tools	Prepare for using standard python tests	2017-03-15 10:20:39 +05:30
zun	Introduce rootwrap and filter	2018-03-20 13:58:01 +00:00
.coveragerc	Add coverage configuration	2016-11-02 05:15:29 +00:00
.gitignore	Implement basic policy module in code	2017-10-03 13:58:25 +00:00
.gitreview	Update .gitreview for stable/queens	2018-02-05 22:44:34 +00:00
.testr.conf	update higgins with zun	2016-06-08 22:21:34 -05:00
.zuul.yaml	Zuul: Remove project name	2018-01-27 17:17:54 -08:00
CONTRIBUTING.rst	Optimize the link address	2017-04-07 10:50:23 +08:00
HACKING.rst	Fix docs & specs erros.	2017-07-15 16:10:06 +07:00
LICENSE	Initial commit	2016-05-12 14:59:56 -04:00
README.rst	Update our project definition	2018-02-04 17:56:32 +00:00
babel.cfg	Initial commit	2016-05-12 14:59:56 -04:00
requirements.txt	Updated from global requirements	2018-02-01 07:36:51 +00:00
setup.cfg	Introduce rootwrap and filter	2018-03-20 13:58:01 +00:00
setup.py	Updated from global requirements	2017-06-10 13:40:18 +00:00
test-requirements.txt	Updated from global requirements	2018-01-24 01:43:10 +00:00
tox.ini	Update UPPER_CONSTRAINTS_FILE for stable/queens	2018-02-05 22:44:36 +00:00

README.rst

Team and repository tags

Zun

OpenStack Containers service

Zun (ex. Higgins) is the OpenStack Containers service. It aims to provide an API service for running application containers without the need to manage servers or clusters.

Free software: Apache license
Get Started: https://docs.openstack.org/zun/latest/contributor/quickstart.html
Documentation: https://docs.openstack.org/zun/latest/
Source: https://git.openstack.org/cgit/openstack/zun
Bugs: https://bugs.launchpad.net/zun
Blueprints: https://blueprints.launchpad.net/zun
REST Client: https://git.openstack.org/cgit/openstack/python-zunclient

Features

TODO