summaryrefslogtreecommitdiffstats
path: root/meta-openstack/recipes-devtools/python/python-nova/nova.conf
diff options
context:
space:
mode:
authorBruce Ashfield <bruce.ashfield@windriver.com>2013-11-28 23:28:04 -0500
committerBruce Ashfield <bruce.ashfield@windriver.com>2013-11-28 23:39:16 -0500
commit811633754e5cf5e51b26c569f650d3fd115cb089 (patch)
tree432b22d9c1f0092457dcfef2d3a808b82fda13e0 /meta-openstack/recipes-devtools/python/python-nova/nova.conf
parentc158209a05d11cdfaf35b13888151777eaf41dba (diff)
downloadmeta-cloud-services-811633754e5cf5e51b26c569f650d3fd115cb089.tar.gz
python-nova: run services as nova user instead of root
With this change we now run both the nova controller services and compute node agents as the dedicated "nova" user. Changes to configuration were made to relocated locks and logs to nova writeable directories. Wherever possible configuration files and directories have been changed to nova instead of root (with the notable exception of rootwrap configuration). nova has also been granted sudo privileges to run rootwrap commands. And finally, a libvirt system group has been created and nova added to that group. This allows the compute agent to communicate with libvirtd via the "libvirt" group while keeping permissions tight. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
Diffstat (limited to 'meta-openstack/recipes-devtools/python/python-nova/nova.conf')
-rw-r--r--meta-openstack/recipes-devtools/python/python-nova/nova.conf2
1 files changed, 2 insertions, 0 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-nova/nova.conf b/meta-openstack/recipes-devtools/python/python-nova/nova.conf
index a495a7d..84ef48b 100644
--- a/meta-openstack/recipes-devtools/python/python-nova/nova.conf
+++ b/meta-openstack/recipes-devtools/python/python-nova/nova.conf
@@ -19,6 +19,8 @@ debug = True
19verbose = True 19verbose = True
20my_ip = %CONTROLLER_IP% 20my_ip = %CONTROLLER_IP%
21glance_host = %CONTROLLER_IP% 21glance_host = %CONTROLLER_IP%
22lock_path=/var/lock/nova/
23state_path=/var/run/nova/
22 24
23#VNC 25#VNC
24vnc_enabled = true 26vnc_enabled = true