Lack of documentation for rootwrap and privsep in nova docs
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| OpenStack Compute (nova) |
Confirmed
|
Low
|
Unassigned | ||
Bug Description
Regarding rootwrap, this is the only mention in the nova docs:
https:/
And privsep isn't much better:
https:/
There is no documentation really about how rootwrap should be deployed during an install, what compute.filters is or what's in it, there is no links to privsep documentation or how rootwrap is configured with the privsep-helper (which is necessary during deployment if you want nova-compute to work).
At the very least we should have something in the compute service install guide about deploying the privsep files (maybe this is missing because deployment packages take care of this for us and we don't have dedicated docs on installing nova from source packages).
It would probably also be worth noting the known issue with bug 1715374 where SIGHUP'ing the nova-compute service makes nova-compute unusable because the privsep-helper child processes are gone so anything that needs root access after that (which is most things when you're creating a VM with the libvirt driver) will fail.
| Matt Riedemann (mriedem) wrote | #1 |
| summary: |
- Laughable lack of documentation for rootwrap and privsep in nova docs + Lack of documentation for rootwrap and privsep in nova docs |
| Eric Fried (efried) wrote | #2 |
| Changed in nova: | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| tags: |
added: doc removed: docs |
Apparently the search function isn't great, but I found this in the nova admin docs:
https:/
That doesn't mention anything about privsep though and it probably should.