Browse code
nova.conf: set privsep helper command for os-vif plugins
privsep will default to invoking privsep-helper directly
via sudo, which won't work for people with a locked down
sudo config. To deal with this we should explicitly
configure the os-vif plugins to use nova-rootwrap for
running privsep-helper. This change makes such a change
for the two official in-tree os-vif plugins.
Change-Id: I3d26251206a57599385f2b9f3e0ef7d91daafe35
Daniel P. Berrange authored on 2016/06/09 00:53:06Showing 1 changed files
| ... | ... |
@@ -483,6 +483,9 @@ function create_nova_conf {
|
| 483 | 483 |
|
| 484 | 484 |
iniset $NOVA_CONF privsep_osbrick helper_command "sudo nova-rootwrap \$rootwrap_config privsep-helper --config-file $NOVA_CONF" |
| 485 | 485 |
|
| 486 |
+ iniset $NOVA_CONF vif_plug_ovs_privileged helper_command "sudo nova-rootwrap \$rootwrap_config privsep-helper --config-file $NOVA_CONF" |
|
| 487 |
+ iniset $NOVA_CONF vif_plug_linux_bridge_privileged helper_command "sudo nova-rootwrap \$rootwrap_config privsep-helper --config-file $NOVA_CONF" |
|
| 488 |
+ |
|
| 486 | 489 |
if is_service_enabled n-api; then |
| 487 | 490 |
if is_service_enabled n-api-meta; then |
| 488 | 491 |
# If running n-api-meta as a separate service |