.\" Man page generated from reStructuredText.
.
.TH "NOVA-ROOTWRAP" "1" "May 29, 2019" "18.1.0" "nova"
.SH NAME
nova-rootwrap \- Cloud controller fabric
.
.nr rst2man-indent-level 0
.
.de1 rstReportMargin
\\$1 \\n[an-margin]
level \\n[rst2man-indent-level]
level margin: \\n[rst2man-indent\\n[rst2man-indent-level]]
-
\\n[rst2man-indent0]
\\n[rst2man-indent1]
\\n[rst2man-indent2]
..
.de1 INDENT
.\" .rstReportMargin pre:
. RS \\$1
. nr rst2man-indent\\n[rst2man-indent-level] \\n[an-margin]
. nr rst2man-indent-level +1
.\" .rstReportMargin post:
..
.de UNINDENT
. RE
.\" indent \\n[an-margin]
.\" old: \\n[rst2man-indent\\n[rst2man-indent-level]]
.nr rst2man-indent-level -1
.\" new: \\n[rst2man-indent\\n[rst2man-indent-level]]
.in \\n[rst2man-indent\\n[rst2man-indent-level]]u
..
.SH ROOT WRAPPER FOR NOVA
.INDENT 0.0
.TP
.B Author
\fI\%openstack@lists.openstack.org\fP
.TP
.B Copyright
OpenStack Foundation
.TP
.B Manual section
1
.TP
.B Manual group
cloud computing
.UNINDENT
.SS Synopsis
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
nova\-rootwrap [options]
.ft P
.fi
.UNINDENT
.UNINDENT
.SS Description
.sp
\fBnova\-rootwrap\fP is an application that filters which commands nova is
allowed to run as another user.
.sp
To use this, you should set the following in \fBnova.conf\fP:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
rootwrap_config=/etc/nova/rootwrap.conf
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
You also need to let the nova user run \fBnova\-rootwrap\fP as root in
\fBsudoers\fP:
.INDENT 0.0
.INDENT 3.5
.sp
.nf
.ft C
nova ALL = (root) NOPASSWD: /usr/bin/nova\-rootwrap /etc/nova/rootwrap.conf *
.ft P
.fi
.UNINDENT
.UNINDENT
.sp
To make allowed commands node\-specific, your packaging should only install
\fB{compute,network}.filters\fP respectively on compute and network nodes, i.e.
\fBnova\-api\fP nodes should not have any of those files installed.
.sp
\fBNOTE:\fP
.INDENT 0.0
.INDENT 3.5
\fBnova\-rootwrap\fP is being slowly deprecated and replaced by
\fBoslo.privsep\fP, and will eventually be removed.
.UNINDENT
.UNINDENT
.SS Options
.sp
\fBGeneral options\fP
.SS Files
.INDENT 0.0
.IP \(bu 2
\fB/etc/nova/nova.conf\fP
.IP \(bu 2
\fB/etc/nova/rootwrap.conf\fP
.IP \(bu 2
\fB/etc/nova/rootwrap.d/\fP
.UNINDENT
.SS See Also
.INDENT 0.0
.IP \(bu 2
\fI\%OpenStack Nova\fP
.UNINDENT
.SS Bugs
.INDENT 0.0
.IP \(bu 2
Nova bugs are managed at \fI\%Launchpad\fP
.UNINDENT
.SH AUTHOR
OpenStack
.SH COPYRIGHT
2010-present, OpenStack Foundation
.\" Generated by docutils manpage writer.
.