2023.1 Series Release Notes

2.6.0

New Features

  • Add timeout as parameter to PrivContext and add entrypoint_with_timeout decorator to cover the issues with commands which take random time to finish. PrivsepTimeout is raised if timeout is reached.

    Warning: The daemon (the root process) task won’t stop when timeout is reached. That means we’ll have less available threads if the related thread never finishes.

  • PrivContext accepts a new string parameter called logger_name to define the logger we want to use for the daemon logs of this context.

    By default all contexts use oslo_privsep.daemon, but in some cases we may need finer grained log levels, for example nova running in debug mode could log its own privsep calls on INFO level regardless, but leave all libraries’ privsep calls, such as os-brick’s, to be logged in the normal DEBUG level.

    See bug 1922052.

2.3.0

Other Notes

  • The oslo.privsep client can be called from a program using eventlet. If eventlet.monkey_patch, some libraries will be patched, for example threading or os. When the root daemon is forked from the client process, those libraries remain patched. Now, when the daemon is forked from the client process, those libraries and methods are restored to the original values. The goal is to prevent some timeouts when using eventlet threads (user threads); system threads are preemptive and the code does not need to care about the executor token.

2.0.0

Upgrade Notes

  • Support for Python 2.7 has been dropped. The minimum version of Python now supported is Python 3.6.

1.33.3

Bug Fixes

  • When the privsep helper dies, the client side PrivContext now restarts the client channel and the helper so that privileged commands can continue to be processed. See bug 1715374 for details. In conjunction with the fix for bug 1794708 in oslo.service, the nova-compute service now behaves correctly when it receives SIGHUP.

    Note

    This only works for the ROOTWRAP method of starting the daemon. With the FORK method we’ve dropped privileges and no longer have the ability to restart the daemon in privileged mode.

1.31.0

New Features

  • Privsep now uses multithreading to allow concurrency in executing privileged commands. The number of concurrent threads defaults to the available CPU cores, but can be adjusted by the new thread_pool_size config option.

1.13.0

Other Notes

  • Switch to reno for managing release notes.