Public bug reported: Regarding rootwrap, this is the only mention in the nova docs:
https://docs.openstack.org/nova/stein/cli/nova-rootwrap.html And privsep isn't much better: https://docs.openstack.org/nova/stein/search.html?q=privsep There is no documentation really about how rootwrap should be deployed during an install, what compute.filters is or what's in it, there is no links to privsep documentation or how rootwrap is configured with the privsep-helper (which is necessary during deployment if you want nova- compute to work). At the very least we should have something in the compute service install guide about deploying the privsep files (maybe this is missing because deployment packages take care of this for us and we don't have dedicated docs on installing nova from source packages). It would probably also be worth noting the known issue with bug 1715374 where SIGHUP'ing the nova-compute service makes nova-compute unusable because the privsep-helper child processes are gone so anything that needs root access after that (which is most things when you're creating a VM with the libvirt driver) will fail. ** Affects: nova Importance: Undecided Status: New ** Tags: docs privsep -- You received this bug notification because you are a member of Yahoo! Engineering Team, which is subscribed to OpenStack Compute (nova). https://bugs.launchpad.net/bugs/1823192 Title: Lack of documentation for rootwrap and privsep in nova docs Status in OpenStack Compute (nova): New Bug description: Regarding rootwrap, this is the only mention in the nova docs: https://docs.openstack.org/nova/stein/cli/nova-rootwrap.html And privsep isn't much better: https://docs.openstack.org/nova/stein/search.html?q=privsep There is no documentation really about how rootwrap should be deployed during an install, what compute.filters is or what's in it, there is no links to privsep documentation or how rootwrap is configured with the privsep-helper (which is necessary during deployment if you want nova-compute to work). At the very least we should have something in the compute service install guide about deploying the privsep files (maybe this is missing because deployment packages take care of this for us and we don't have dedicated docs on installing nova from source packages). It would probably also be worth noting the known issue with bug 1715374 where SIGHUP'ing the nova-compute service makes nova-compute unusable because the privsep-helper child processes are gone so anything that needs root access after that (which is most things when you're creating a VM with the libvirt driver) will fail. To manage notifications about this bug go to: https://bugs.launchpad.net/nova/+bug/1823192/+subscriptions -- Mailing list: https://launchpad.net/~yahoo-eng-team Post to : [email protected] Unsubscribe : https://launchpad.net/~yahoo-eng-team More help : https://help.launchpad.net/ListHelp
