Ubuntu Manpage: nova-rootwrap - Cloud controller fabric

Provided by: nova-common_17.0.13-0ubuntu5.4_all

NAME

       nova-rootwrap - Cloud controller fabric

ROOT WRAPPER FOR NOVA

       Author openstack@lists.openstack.org

       Date   2012-09-27

       Copyright
              OpenStack Foundation

       Version
              2012.1

       Manual section
              1

       Manual group
              cloud computing

   Synopsis
          nova-rootwrap [options]

   Description
       nova-rootwrap is an application that filters which commands nova is allowed to run as another user.

       To use this, you should set the following in nova.conf:

          rootwrap_config=/etc/nova/rootwrap.conf

       You also need to let the nova user run nova-rootwrap as root in sudoers:

          nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *

       To  make  allowed  commands  node-specific,  your packaging should only install {compute,network}.filters
       respectively on compute and network nodes, i.e.  nova-api nodes  should  not  have  any  of  those  files
       installed.

       NOTE:
          nova-rootwrap is being slowly deprecated and replaced by oslo.privsep, and will eventually be removed.

   Options
          General options

   Files
       • /etc/nova/nova.conf

       • /etc/nova/rootwrap.conf

       • /etc/nova/rootwrap.d/

   See Also
       • OpenStack Nova

   Bugs
       • Nova bugs are managed at Launchpad

AUTHOR

       OpenStack

COPYRIGHT

       2010-present, OpenStack Foundation

17.0.13                                           Apr 26, 2023                                  NOVA-ROOTWRAP(1)