Ubuntu Manpage: nova-rootwrap - Root wrapper daemon for the OpenStack Compute service.

Provided by: nova-common_29.2.0-0ubuntu1_all

NAME

       nova-rootwrap - Root wrapper daemon for the OpenStack Compute service.

SYNOPSIS

          nova-rootwrap CONFIG_FILE COMMAND

DESCRIPTION

       nova-rootwrap is an application that filters which commands nova is allowed to run as another user.

       To use this, you should set the following in nova.conf:

          rootwrap_config=/etc/nova/rootwrap.conf

       You also need to let the nova user run nova-rootwrap as root in sudoers:

          nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *

       To  make  allowed  commands  node-specific,  your packaging should only install {compute,network}.filters
       respectively on compute and network nodes, i.e.  nova-api nodes  should  not  have  any  of  those  files
       installed.

       NOTE:
          nova-rootwrap is being slowly deprecated and replaced by oslo.privsep, and will eventually be removed.

FILES

       • /etc/nova/nova.conf

       • /etc/nova/rootwrap.conf

       • /etc/nova/rootwrap.d/

BUGS

       • Nova bugs are managed at Launchpad

AUTHOR

       openstack@lists.openstack.org

COPYRIGHT

       2010-present, OpenStack Foundation

29.2.0                                            Feb 05, 2025                                  NOVA-ROOTWRAP(1)

NAME

SYNOPSIS

DESCRIPTION

FILES

SEE ALSO

BUGS

AUTHOR

COPYRIGHT