Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

interfaces: allow loopback as a block-device #12728

Merged
merged 1 commit into from Jun 20, 2023
Merged

interfaces: allow loopback as a block-device #12728

merged 1 commit into from Jun 20, 2023

Conversation

sabaini
Copy link
Contributor

@sabaini sabaini commented Apr 13, 2023
edited

Allowing loopback devices in the block-devices interface would be convenient for testing and proof-of-concept setups for users of snaps that consume block devices such as MicroCeph

Use case 1: allow a snap to utilize a preconfigured loopback bdev, for
instance allow MicroCeph to use a loopback device as an OSD for
testing or other non-performance critical work

Use case 2: allow a snap to create a loopback device automatically;
e.g. for the above scenario MicroCeph could automatically set up a
loop bdev for use as an OSD

@pedronis pedronis added the Needs security review Can only be merged once security gave a :+1: label Apr 13, 2023
mvo5
mvo5 approved these changes Apr 14, 2023
View reviewed changes
Copy link
Contributor

@mvo5 mvo5 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This seems okay to me, but let's see what security and Samuele think.

@pedronis pedronis self-requested a review May 15, 2023 08:33
pedronis
pedronis reviewed May 16, 2023
View reviewed changes
Copy link
Collaborator

@pedronis pedronis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

what's the use case in mind here? I wonder if a separate interface only about loopback devices would (also) make sense

interfaces/builtin/block_devices.go Show resolved Hide resolved
@sabaini
interfaces: allow loopback as a block-device
50158c4 
Allowing loopback devices in the block-devices interface would be
convenient for testing and proof-of-concept setups for users of
snaps that consume block devices such as MicroCeph

Use case 1: allow a snap to utilize a preconfigured loopback bdev, for
instance allow MicroCeph to use a loopback device as an OSD for
testing or other non-performance critical work

Use case 2: allow a snap to create a loopback device automatically;
e.g. for the above scenario MicroCeph could automatically set up a
loop bdev for use as an OSD

Signed-off-by: Peter Sabaini <peter.sabaini@canonical.com>
@sabaini
Copy link
Contributor Author

sabaini commented May 16, 2023

what's the use case in mind here? I wonder if a separate interface only about loopback devices would (also) make sense

There's two (related) use cases I'm thinking of, both relating to our MicroCeph snap. To lower the barrier of entry for MicroCeph users it would be great if users could deploy a fully functional Ceph without needing a separate physical block device -- which atm they need for creating an OSD. If they need to run MicroCeph virtualized even more so since e.g. Multipass doesn't even support separate block devices

Use case 1: allow a snap to utilize a preconfigured loopback bdev, for
instance allow MicroCeph to use a loopback device as an OSD for
testing or other non-performance critical work

Use case 2: allow a snap to create a loopback device automatically;
e.g. for the above scenario MicroCeph could automatically set up a
loop bdev for use as an OSD

@sabaini
Copy link
Contributor Author

sabaini commented Jun 2, 2023

This shows a failure to build but I don't suppose this is due to this PR, right?

alexmurray
alexmurray approved these changes Jun 19, 2023
View reviewed changes
Copy link
Collaborator

@alexmurray alexmurray left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - block-devices is already super-privileged and adding support for loopback devices doesn't appreciably increase the attack surface here.

@alexmurray alexmurray removed the Needs security review Can only be merged once security gave a :+1: label Jun 19, 2023
@sabaini sabaini requested a review from pedronis June 20, 2023 08:57
pedronis
pedronis approved these changes Jun 20, 2023
View reviewed changes
Copy link
Collaborator

@pedronis pedronis left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

+1

@mvo5 mvo5 merged commit b36a5c1 into snapcore:master Jun 20, 2023
33 of 50 checks passed
@sabaini sabaini mentioned this pull request Jun 23, 2023
Closed
@mvo5 mvo5 added this to the 2.60 milestone Aug 29, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@alexmurray alexmurray alexmurray approved these changes

@mvo5 mvo5 mvo5 approved these changes

@pedronis pedronis pedronis approved these changes

Assignees
No one assigned
Labels
cherry-picked
Projects
None yet
Milestone
2.60
4 participants
@sabaini @alexmurray @mvo5 @pedronis