New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
interfaces: allow loopback as a block-device #12728
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This seems okay to me, but let's see what security and Samuele think.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
what's the use case in mind here? I wonder if a separate interface only about loopback devices would (also) make sense
Allowing loopback devices in the block-devices interface would be convenient for testing and proof-of-concept setups for users of snaps that consume block devices such as MicroCeph Use case 1: allow a snap to utilize a preconfigured loopback bdev, for instance allow MicroCeph to use a loopback device as an OSD for testing or other non-performance critical work Use case 2: allow a snap to create a loopback device automatically; e.g. for the above scenario MicroCeph could automatically set up a loop bdev for use as an OSD Signed-off-by: Peter Sabaini <peter.sabaini@canonical.com>
b015a4d
to
50158c4
Compare
There's two (related) use cases I'm thinking of, both relating to our MicroCeph snap. To lower the barrier of entry for MicroCeph users it would be great if users could deploy a fully functional Ceph without needing a separate physical block device -- which atm they need for creating an OSD. If they need to run MicroCeph virtualized even more so since e.g. Multipass doesn't even support separate block devices Use case 1: allow a snap to utilize a preconfigured loopback bdev, for Use case 2: allow a snap to create a loopback device automatically; |
This shows a failure to build but I don't suppose this is due to this PR, right? |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM - block-devices is already super-privileged and adding support for loopback devices doesn't appreciably increase the attack surface here.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
+1
Allowing loopback devices in the block-devices interface would be convenient for testing and proof-of-concept setups for users of snaps that consume block devices such as MicroCeph
Use case 1: allow a snap to utilize a preconfigured loopback bdev, for
instance allow MicroCeph to use a loopback device as an OSD for
testing or other non-performance critical work
Use case 2: allow a snap to create a loopback device automatically;
e.g. for the above scenario MicroCeph could automatically set up a
loop bdev for use as an OSD