2023.1 Series Release Notes¶
2.6.0¶
New Features¶
Add
timeout
as parameter toPrivContext
and addentrypoint_with_timeout
decorator to cover the issues with commands which take random time to finish.PrivsepTimeout
is raised if timeout is reached.Warning
: The daemon (the root process) task won’t stop when timeout is reached. That means we’ll have less available threads if the related thread never finishes.
PrivContext
accepts a new string parameter calledlogger_name
to define the logger we want to use for the daemon logs of this context.By default all contexts use
oslo_privsep.daemon
, but in some cases we may need finer grained log levels, for example nova running in debug mode could log its own privsep calls on INFO level regardless, but leave all libraries’ privsep calls, such as os-brick’s, to be logged in the normal DEBUG level.See bug 1922052.
2.3.0¶
Other Notes¶
The
oslo.privsep
client can be called from a program using eventlet. Ifeventlet.monkey_patch
, some libraries will be patched, for examplethreading
oros
. When the root daemon is forked from the client process, those libraries remain patched. Now, when the daemon is forked from the client process, those libraries and methods are restored to the original values. The goal is to prevent some timeouts when using eventlet threads (user threads); system threads are preemptive and the code does not need to care about the executor token.
2.0.0¶
Upgrade Notes¶
Support for Python 2.7 has been dropped. The minimum version of Python now supported is Python 3.6.
1.33.3¶
Bug Fixes¶
When the privsep helper dies, the client side PrivContext now restarts the client channel and the helper so that privileged commands can continue to be processed. See bug 1715374 for details. In conjunction with the fix for bug 1794708 in oslo.service, the nova-compute service now behaves correctly when it receives
SIGHUP
.Note
This only works for the
ROOTWRAP
method of starting the daemon. With theFORK
method we’ve dropped privileges and no longer have the ability to restart the daemon in privileged mode.
1.31.0¶
New Features¶
Privsep now uses multithreading to allow concurrency in executing privileged commands. The number of concurrent threads defaults to the available CPU cores, but can be adjusted by the new
thread_pool_size
config option.
1.13.0¶
Other Notes¶
Switch to reno for managing release notes.