dd1a416bc9
This ensures we have version-specific references to other projects [1]. Note that this doesn't mean the URLs are actually valid - we need to do more work (linkcheck?) here, but it's an improvement nonetheless. [1] https://docs.openstack.org/openstackdocstheme/latest/#external-link-helper Change-Id: Ifb99e727110c4904a85bc4a13366c2cae300b8df
1.3 KiB
1.3 KiB
nova-rootwrap
Root wrapper for Nova
- Author
- Copyright
-
OpenStack Foundation
- Manual section
-
1
- Manual group
-
cloud computing
Synopsis
nova-rootwrap [options]Description
nova-rootwrap is
an application that filters which commands nova is allowed to run as
another user.
To use this, you should set the following in
nova.conf:
rootwrap_config=/etc/nova/rootwrap.confYou also need to let the nova user run nova-rootwrap as root in sudoers:
nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *To make allowed commands node-specific, your packaging should only
install {compute,network}.filters respectively on compute
and network nodes, i.e. nova-api nodes should not have any of those files
installed.
Note
nova-rootwrap is
being slowly deprecated and replaced by oslo.privsep, and
will eventually be removed.
Options
General options
Files
/etc/nova/nova.conf/etc/nova/rootwrap.conf/etc/nova/rootwrap.d/
See Also
OpenStack Nova <>
Bugs
- Nova bugs are managed at Launchpad