diff options
author | Francisco Redondo Marchena <francisco.marchena@codethink.co.uk> | 2014-11-17 11:59:47 +0000 |
---|---|---|
committer | Francisco Redondo Marchena <francisco.marchena@codethink.co.uk> | 2015-01-22 12:46:23 +0000 |
commit | b8317806e01538ea099831f1222ca2e6a89520a1 (patch) | |
tree | 22f0169289c1216f2ac1d0eb039936bcd80c90cb /openstack-nova.configure | |
parent | 83aadfc62eed373d40f72b20c8b8421f4cba589c (diff) | |
download | definitions-b8317806e01538ea099831f1222ca2e6a89520a1.tar.gz |
Add nova user to sudoers group, using rootwrap to control it
Nova user needs to run commands as a root, in order to filter
this commands openstack uses rootwrap. Nova needs root permissions
to run this commands, so this patch adds it to sudoers for the rootwrap
application and configuration.
Diffstat (limited to 'openstack-nova.configure')
-rw-r--r-- | openstack-nova.configure | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/openstack-nova.configure b/openstack-nova.configure index c04dd82c..ee937007 100644 --- a/openstack-nova.configure +++ b/openstack-nova.configure @@ -61,3 +61,9 @@ ln -sf ../libvirt-guests.service "$wants_dir/libvirt-guests.service" sed -i "s/192\.168\.122\./192\.168\.1\./g" \ "$ROOT"/etc/libvirt/qemu/networks/default.xml + +########################################################################## +# Add nova to sudoers controlling which commands is running as a root +# using the openstack rootwrap. +########################################################################## +echo 'nova ALL=(ALL) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *' >> "$ROOT/etc/sudoers" |