fbc2278414
Currently metadata proxy cannot run with nobody user/group as metadata proxy (as other services) uses WatchedFileHandler handler to log to file which does not support permissions drop (the process must be able to r/w after permissions drop to "watch" the file). This change allows to enable/disable log watch in metadata proxies with the new option metadata_proxy_log_watch. It should be disabled when metadata_proxy_user/group is not allowed to read/write metadata proxy log files. Option default value is deduced from metadata_proxy_user: * True if metadata_proxy_user is agent effective user id/name, * False otherwise. When log watch is disabled and logrotate is enabled on metadata proxy logging files, 'copytruncate' logrotate option must be used otherwise metadata proxy logs will be lost after the first log rotation. DocImpact Change-Id: I40a7bd82a2c60d9198312fdb52e3010c60db3511 Partial-Bug: #1427228 |
||
---|---|---|
.. | ||
common | ||
dhcp | ||
l3 | ||
linux | ||
metadata | ||
ovsdb | ||
__init__.py | ||
dhcp_agent.py | ||
firewall.py | ||
l2population_rpc.py | ||
l3_agent.py | ||
metadata_agent.py | ||
rpc.py | ||
securitygroups_rpc.py |