OpenStack is an orchestration system for setting up virtual machines and associated other virtual resources such as networks and storage on clusters of computers. At a high level, OpenStack is just configuring existing facilities of the host operating system — there isn’t really a lot of difference between OpenStack and a room full of system admins frantically resolving tickets requesting virtual machines be setup. The only real difference is scale and predictability.
To do its job, OpenStack needs to be able to manipulate parts of the operating system which are normally reserved for administrative users. This talk is the story of how OpenStack has done that thing over time, what we learnt along the way, and what I’d do differently if I had my time again. Lots of systems need to do these things, so even if you never use OpenStack hopefully there are things to be learnt here.
You’ve decided that using sudo to run command lines as root is lame and that it is time to step up and do things properly. How do you do that? Well, here’s a simple guide to adding oslo privsep to your project!
Once you’ve added oslo privsep to your project, how do you make a privileged call? Its actually really easy to do. In this post I will assume you already have privsep running for your project, which at the time of writing limits you to OpenStack Nova in the OpenStack universe.
Erik comments on security advisories based on a brief examination of the ChangeLog. I had a similar experience in July 2007 — at one point the US government issued a unified warning in my case. It seems a bit worrying that the best that security advisory companies can do is sensationalize ChangeLog entries, instead of actually acting in the interests of the users.
Many of the US forms you will have to fill out when you move will ask for an address. Use your work address until you have a permanent place.
A good example is opening your first bank account. The only possible problem with using your work address for your bank account is that some people will compare the shipping address of your online order with the billing address and complain, but you can always change the address you have recorded with the bank once you have a more permanent address.
Opening a bank account without an SSN can be exciting too (it seems to be the primary key for a lot of tables over here, you can’t get paid without one, get health insurance without one, get some cell phone accounts without one, and so forth). Bank of America did the right thing and let me open an account though, and don’t suck too much. Citibank is ok as well, although they seem to suck more for general banking than Bank of America. More on Citibank in a future post about getting money back to Australia.