change libvirt sock group to nova

Add `nova` user to nova-libvirt container.
And change libvirt-socket group to nova.

Change-Id: I183c83f4be8b1d7c75d4ac204df7b7e059626aa2
Closes-Bug: #1525583

ansible/roles/nova/templates/libvirtd.conf.j2

@@ -4,7 +4,7 @@ ca_file = ""
 log_level = 2
 log_outputs = "2:file:/var/log/libvirt/libvirtd.log"
 listen_addr = "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
-unix_sock_group = "root"
+unix_sock_group = "nova"
 unix_sock_ro_perms = "0777"
 unix_sock_rw_perms = "0770"
 auth_unix_ro = "none"

docker/nova/nova-libvirt/Dockerfile.j2

@@ -30,8 +30,7 @@ RUN apt-get install -y --no-install-recommends \
 {% endif %}
 
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+RUN chmod 755 /usr/local/bin/kolla_extend_start \
+    && useradd --user-group nova
 
-{{ include_footer }}
-
-# TODO(coolsvap/nihilifer): Run libvirt daemon as non-root user.
+{{ include_footer }}