python-nova: run services as nova user instead of root

With this change we now run both the nova controller services and compute node agents as the dedicated "nova" user. Changes to configuration were made to relocated locks and logs to nova writeable directories. Wherever possible configuration files and directories have been changed to nova instead of root (with the notable exception of rootwrap configuration). nova has also been granted sudo privileges to run rootwrap commands. And finally, a libvirt system group has been created and nova added to that group. This allows the compute agent to communicate with libvirtd via the "libvirt" group while keeping permissions tight. Signed-off-by: Bruce Ashfield <bruce.ashfield@windriver.com>
author: Bruce Ashfield <bruce.ashfield@windriver.com> 2013-11-28 23:28:04 -0500
committer: Bruce Ashfield <bruce.ashfield@windriver.com> 2013-11-28 23:39:16 -0500
commit: 811633754e5cf5e51b26c569f650d3fd115cb089 (patch)
tree: 432b22d9c1f0092457dcfef2d3a808b82fda13e0 /meta-openstack/recipes-devtools/python/python-nova/nova.init
parent: c158209a05d11cdfaf35b13888151777eaf41dba (diff)
download: meta-cloud-services-811633754e5cf5e51b26c569f650d3fd115cb089.tar.gz
1 files changed, 2 insertions, 1 deletions
diff --git a/meta-openstack/recipes-devtools/python/python-nova/nova.init b/meta-openstack/recipes-devtools/python/python-nova/nova.init
index 3a2bbac..c2882b6 100644
--- a/meta-openstack/recipes-devtools/python/python-nova/nova.init
+++ b/meta-openstack/recipes-devtools/python/python-nova/nova.init
@@ -30,7 +30,8 @@ start ()
    echo -n "Starting $DESC..."
-    start-stop-daemon --start --quiet --background \
+    sudo -u nova \
+        start-stop-daemon --start --quiet --background \
        --pidfile ${PIDFILE} --make-pidfile --exec ${DAEMON}
    if [ $? -eq 0 ]; then
author	Bruce Ashfield <bruce.ashfield@windriver.com>	2013-11-28 23:28:04 -0500
committer	Bruce Ashfield <bruce.ashfield@windriver.com>	2013-11-28 23:39:16 -0500
commit	811633754e5cf5e51b26c569f650d3fd115cb089 (patch)
tree	432b22d9c1f0092457dcfef2d3a808b82fda13e0 /meta-openstack/recipes-devtools/python/python-nova/nova.init
parent	c158209a05d11cdfaf35b13888151777eaf41dba (diff)
download	meta-cloud-services-811633754e5cf5e51b26c569f650d3fd115cb089.tar.gz

diff --git a/meta-openstack/recipes-devtools/python/python-nova/nova.init b/meta-openstack/recipes-devtools/python/python-nova/nova.init index 3a2bbac..c2882b6 100644 --- a/meta-openstack/recipes-devtools/python/python-nova/nova.init +++ b/meta-openstack/recipes-devtools/python/python-nova/nova.init
@@ -30,7 +30,8 @@ start ()
30		30
31	echo -n "Starting $DESC..."	31	echo -n "Starting $DESC..."
32		32
33	start-stop-daemon --start --quiet --background \	33	sudo -u nova \
		34	start-stop-daemon --start --quiet --background \
34	--pidfile ${PIDFILE} --make-pidfile --exec ${DAEMON}	35	--pidfile ${PIDFILE} --make-pidfile --exec ${DAEMON}
35		36
36	if [ $? -eq 0 ]; then	37	if [ $? -eq 0 ]; then