Merge "[User Guides] Add Rootwrap Daemon Information"

2016-06-08 08:48:44 +00:00 · 2016-06-08 08:48:44 +00:00 · 20a8126858
commit 20a8126858
parent 80b4045583 f428c4b1ea
1 changed files with 17 additions and 0 deletions
--- a/doc/admin-guide/source/compute-root-wrap-reference.rst
+++ b/doc/admin-guide/source/compute-root-wrap-reference.rst
@ -41,6 +41,9 @@ filters definition files. This chain ensures that the Compute
 user itself is not in control of the configuration or modules
 used by the :command:`nova-rootwrap` executable.

+Configure rootwrap
+~~~~~~~~~~~~~~~~~~
+
 Configure rootwrap in the ``rootwrap.conf`` file. Because
 it is in the trusted security path, it must be owned and writable
 by only the root user. The ``rootwrap_config=entry`` parameter
@ -99,3 +102,17 @@ should be different for each filter you define:
     - (ListOpt) Comma-separated list containing the filter class to
       use, followed by the Filter arguments (which vary depending
       on the Filter class selected).
+
+Configure the rootwrap daemon
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Administrators can use rootwrap daemon support instead of running
+rootwrap with :command:`sudo`. The rootwrap daemon reduces the
+overhead and performance loss that results from running
+``oslo.rootwrap`` with :command:`sudo`. Each call that needs rootwrap
+privileges requires a new instance of rootwrap. The daemon
+prevents overhead from the repeated calls. The daemon does not support
+long running processes, however.
+
+To enable the rootwrap daemon, set ``use_rootwrap_daemon`` to ``True``
+in the Compute service configuration file.