commit 016cef3ea729e1e3aed948ff3d07d650a5d92884
Author: Oliver Walsh <email address hidden>
Date: Tue Jun 6 12:12:43 2017 +0100
Add polkit rule to allow kolla nova user access to libvirtd socket on docker host
The polkit rules are currently evaluated in the context of the docker host.
As a result the check fails for the kolla nova compute user, as the uids are not
consistent with the host uids (in fact we probably can't assume a nova user exists
on the docker host).
As a short-term workaround a 'docker_nova' user group is created on the docker host
and the polkit rule is updated to grant this user access to the libvirtd socket.
Longer term solution probably requires running polkitd in a container too.
Reviewed: https:/ /review. openstack. org/471319 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=016cef3ea72 9e1e3aed948ff3d 07d650a5d92884
Committed: https:/
Submitter: Jenkins
Branch: master
commit 016cef3ea729e1e 3aed948ff3d07d6 50a5d92884
Author: Oliver Walsh <email address hidden>
Date: Tue Jun 6 12:12:43 2017 +0100
Add polkit rule to allow kolla nova user access to libvirtd socket on docker host
The polkit rules are currently evaluated in the context of the docker host.
As a result the check fails for the kolla nova compute user, as the uids are not
consistent with the host uids (in fact we probably can't assume a nova user exists
on the docker host).
As a short-term workaround a 'docker_nova' user group is created on the docker host
and the polkit rule is updated to grant this user access to the libvirtd socket.
Longer term solution probably requires running polkitd in a container too.
Change-Id: I91be1f1eacf8ee d9017bbfef393ee 2d66771e8d6
Related-bug: #1693844