tripleo

  1. Bug #1693844
  2. Comment #3

Comment 3 for bug 1693844

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Related fix merged to puppet-tripleo (master)

Reviewed: https://review.openstack.org/471319
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=016cef3ea729e1e3aed948ff3d07d650a5d92884
Submitter: Jenkins
Branch: master

commit 016cef3ea729e1e3aed948ff3d07d650a5d92884
Author: Oliver Walsh <email address hidden>
Date: Tue Jun 6 12:12:43 2017 +0100

    Add polkit rule to allow kolla nova user access to libvirtd socket on docker host

    The polkit rules are currently evaluated in the context of the docker host.
    As a result the check fails for the kolla nova compute user, as the uids are not
    consistent with the host uids (in fact we probably can't assume a nova user exists
    on the docker host).

    As a short-term workaround a 'docker_nova' user group is created on the docker host
    and the polkit rule is updated to grant this user access to the libvirtd socket.

    Longer term solution probably requires running polkitd in a container too.

    Change-Id: I91be1f1eacf8eed9017bbfef393ee2d66771e8d6
    Related-bug: #1693844