change libvirt sock group to nova

Add `nova` user to nova-libvirt container. And change libvirt-socket group to nova. Change-Id: I183c83f4be8b1d7c75d4ac204df7b7e059626aa2 Closes-Bug: #1525583
2015-12-22 14:48:24 +08:00 · 2015-12-22 14:48:24 +08:00 · b54420442e
parent 635ef667a5
commit b54420442e
2 changed files with 4 additions and 5 deletions
--- a/ansible/roles/nova/templates/libvirtd.conf.j2
+++ b/ansible/roles/nova/templates/libvirtd.conf.j2
@ -4,7 +4,7 @@ ca_file = ""
 log_level = 2
 log_outputs = "2:file:/var/log/libvirt/libvirtd.log"
 listen_addr = "{{ hostvars[inventory_hostname]['ansible_' + api_interface]['ipv4']['address'] }}"
-unix_sock_group = "root"
+unix_sock_group = "nova"
 unix_sock_ro_perms = "0777"
 unix_sock_rw_perms = "0770"
 auth_unix_ro = "none"
--- a/docker/nova/nova-libvirt/Dockerfile.j2
+++ b/docker/nova/nova-libvirt/Dockerfile.j2
@ -30,8 +30,7 @@ RUN apt-get install -y --no-install-recommends \
 {% endif %}

 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start
+RUN chmod 755 /usr/local/bin/kolla_extend_start \
+    && useradd --user-group nova

-{{ include_footer }}
-
-# TODO(coolsvap/nihilifer): Run libvirt daemon as non-root user.
+{{ include_footer }}