privilege separation for winery components (!165) · Merge requests · Platform / Development / swh-objstorage

Nicolas Dandrimont requested to merge olasd/swh-objstorage:mr/winery-ceph-privsep into master Dec 13, 2023

This pile of changes introduces a separate RBD shard manager, and a separate RW shard cleaner, to decouple these functions from the read-only and packing operations.

This should allow deploying separate components with appropriate privileges:

winery writer, with database creation privileges
winery RBD shard manager with root privileges (to be able to map shards)
winery packer with RBD write privileges (can be handled via udev rules)
winery RW shard cleaner with database deletion privileges
winery reader with read-only privileges on RBD (can be handled via udev rules as well)

This should remove the need for sudo in winery altogether (even though the functionality is kept to enable the monolithic tests and benchmarks to still run).

TODO:

add systemd readiness notification for the shard mapper (to allow having the reader wait for it to have done its first pass before starting)
CLI endpoints
CLI endpoint tests
Better documentation of all the components, and needed permissions

Edited Dec 21, 2023 by Nicolas Dandrimont

privilege separation for winery components

Merge request reports