USE_NAMESPACES requires sahara be run as root
Bug #1271349 reported by
Matthew Farrellee
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Sahara |
Fix Released
|
High
|
Michael McCune |
Bug Description
The USE_NAMESPACES code, which tells savanna-api to setup a proxy into a tenant netns for communication w/ instances, uses 'ip netns exec' as part of its implementation.
root (superuser) privileges are required to successfully run 'ip netns exec', which means savanna-api must be run with such privs instead of a preferred lower-priv daemon account.
description: | updated |
summary: |
- USE_NAMESPACE requires savanna-api be run as root + USE_NAMESPACES requires savanna-api be run as root |
Changed in savanna: | |
status: | New → Confirmed |
importance: | Undecided → Low |
assignee: | nobody → Jonathan Maron (jmaron) |
milestone: | none → icehouse-3 |
Changed in savanna: | |
importance: | Low → High |
Changed in savanna: | |
milestone: | icehouse-3 → next |
Changed in sahara: | |
assignee: | Jonathan Maron (jmaron) → Michael McCune (mimccune) |
Changed in sahara: | |
milestone: | next → kilo-1 |
tags: | added: juno-rc-potential |
tags: | removed: juno-rc-potential |
summary: |
- USE_NAMESPACES requires savanna-api be run as root + USE_NAMESPACES requires sahara be run as root |
Changed in sahara: | |
status: | Fix Committed → Fix Released |
Changed in sahara: | |
milestone: | kilo-1 → 2015.1.0 |
To post a comment you must log in.
RDO workaround: sed -i 's/daemon --user savanna/daemon --user root/' /etc/init. d/openstack- savanna- api