openstack/openstack-ansible-os_nova
Code Issues Proposed changes
486 Commits 7 Branches 145 Tags
15.1.2
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
cmart b715834259 nova user can read kernel for libguestfs on Ubuntu 
Problem: libvirt password/key injection uses libguestfs to mount the
guest filesystem. libguestfs uses a supermin appliance, and in order to
create this appliance, libguestfs (running as nova user) must read the
host's kernel. Unfortunately, Ubuntu sets file permissions which make
compressed kernels non-readable to non-root users, and this breaks
libvirt password/key injection on compute hosts running Ubuntu.

Solution: When compute hosts are running Ubuntu AND the deployer has
enabled libvirt password or SSH key injection, do the following:
- Run `dpkg-statoverride` to set file permissions on compressed
  kernel (/boot/vmlinuz-*), readable to group 'nova'
- Install a script which does same for each new kernel installed via
  system updates in the future

Related-Bug: #1507915
Change-Id: Ic96b69bb80ce11001b2ee5d63324a12b0f68456d
(cherry picked from commit 2bd15db036)
2017-04-07 08:05:15 +00:00
defaults
nova user can read kernel for libguestfs on Ubuntu
2017-04-07 08:05:15 +00:00
doc
Update repository with reference to role git location
2016-12-22 14:26:22 +00:00
examples
[DOCS] Refactor of nova role docs
2016-08-16 18:57:21 -04:00
files
nova user can read kernel for libguestfs on Ubuntu
2017-04-07 08:05:15 +00:00
handlers
Reload service files on Nova services restart
2017-03-31 16:14:22 -05:00
meta
Remove Trusty support from os_nova role
2016-12-15 13:21:13 +00:00
releasenotes
nova user can read kernel for libguestfs on Ubuntu
2017-04-07 08:05:15 +00:00
tasks
nova user can read kernel for libguestfs on Ubuntu
2017-04-07 08:05:15 +00:00
templates
Allow libvirt rbd params to be independent of cinder
2017-04-06 10:31:47 -05:00
tests
Fix Nova upgrade jobs
2017-03-22 10:48:49 +00:00
vars
CentOS pkg cleanup
2017-03-22 17:43:34 +00:00
.gitignore
Using updated tempest method for nova.
2016-11-17 12:49:05 +02:00
.gitreview
Update .gitreview for stable/ocata
2017-02-03 18:58:38 +00:00
bindep.txt
Install python2-pyOpenSSL package on CentOS
2017-03-03 19:38:21 +00:00
CONTRIBUTING.rst
Implement base configuration for independent repository
2016-03-02 00:07:37 +00:00
LICENSE
Implement base configuration for independent repository
2016-03-02 00:07:37 +00:00
manual-test.rc
Use centralised test scripts
2016-09-28 10:27:39 +01:00
README.rst
Show team and repo badges on README
2016-11-25 16:15:31 +01:00
run_tests.sh
Update and clean up run_tests.sh
2017-01-06 16:52:24 +00:00
setup.cfg
modify the home-page info with the developer documentation
2016-09-20 16:34:55 +05:30
setup.py
Updated from global requirements
2016-07-19 21:12:37 +00:00
test-requirements.txt
Updated from global requirements
2016-12-02 05:11:05 +00:00
tox.ini
Split upgrade testing into it's own shell script
2017-03-02 15:16:31 +00:00
Vagrantfile
Remove Trusty support from os_nova role
2016-12-15 13:21:13 +00:00

README.rst

Team and repository tags

image

OpenStack-Ansible nova

Ansible role that installs and configures OpenStack nova and all of its corresponding services.

This role will install the following:
  • nova-api
  • nova-conductor
  • nova-scheduler
  • nova-console
  • nova-compute

Documentation for the project can be found at: http://docs.openstack.org/developer/openstack-ansible-os_nova/

The project home is at: http://launchpad.net/openstack-ansible

View Git Blame Copy Permalink
Description
Role os_nova for OpenStack-Ansible
Readme 16 MiB
Languages
Jinja 66.7%
Python 30.9%
Shell 2.4%