diff options
author | Bruce Ashfield <bruce.ashfield@windriver.com> | 2013-11-28 23:28:04 -0500 |
---|---|---|
committer | Bruce Ashfield <bruce.ashfield@windriver.com> | 2013-11-28 23:39:16 -0500 |
commit | 811633754e5cf5e51b26c569f650d3fd115cb089 (patch) | |
tree | 432b22d9c1f0092457dcfef2d3a808b82fda13e0 /meta-openstack/recipes-devtools/python/python-nova/nova.conf | |
parent | c158209a05d11cdfaf35b13888151777eaf41dba (diff) | |
download | meta-cloud-services-811633754e5cf5e51b26c569f650d3fd115cb089.tar.gz |
python-nova: run services as nova user instead of root
With this change we now run both the nova controller services and compute
node agents as the dedicated "nova" user.
Changes to configuration were made to relocated locks and logs to nova
writeable directories. Wherever possible configuration files and directories
have been changed to nova instead of root (with the notable exception of
rootwrap configuration).
nova has also been granted sudo privileges to run rootwrap commands.
And finally, a libvirt system group has been created and nova added to
that group. This allows the compute agent to communicate with libvirtd
via the "libvirt" group while keeping permissions tight.
Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'meta-openstack/recipes-devtools/python/python-nova/nova.conf')
-rw-r--r-- | meta-openstack/recipes-devtools/python/python-nova/nova.conf | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-nova/nova.conf b/meta-openstack/recipes-devtools/python/python-nova/nova.conf index a495a7d..84ef48b 100644 --- a/meta-openstack/recipes-devtools/python/python-nova/nova.conf +++ b/meta-openstack/recipes-devtools/python/python-nova/nova.conf | |||
@@ -19,6 +19,8 @@ debug = True | |||
19 | verbose = True | 19 | verbose = True |
20 | my_ip = %CONTROLLER_IP% | 20 | my_ip = %CONTROLLER_IP% |
21 | glance_host = %CONTROLLER_IP% | 21 | glance_host = %CONTROLLER_IP% |
22 | lock_path=/var/lock/nova/ | ||
23 | state_path=/var/run/nova/ | ||
22 | 24 | ||
23 | #VNC | 25 | #VNC |
24 | vnc_enabled = true | 26 | vnc_enabled = true |