diff options
author | Oliver Walsh <owalsh@redhat.com> | 2017-06-06 12:12:43 +0100 |
---|---|---|
committer | Oliver Walsh <owalsh@redhat.com> | 2017-06-06 21:49:08 +0100 |
commit | 016cef3ea729e1e3aed948ff3d07d650a5d92884 (patch) | |
tree | de4b21db077d14e70a1ab0a7745d48b31dff7a2b /manifests/profile/base/heat/api_cfn.pp | |
parent | 0a75929adeea9ea7a53ad5a45c9bb1f1b6962b9b (diff) |
Add polkit rule to allow kolla nova user access to libvirtd socket on docker host
The polkit rules are currently evaluated in the context of the docker host.
As a result the check fails for the kolla nova compute user, as the uids are not
consistent with the host uids (in fact we probably can't assume a nova user exists
on the docker host).
As a short-term workaround a 'docker_nova' user group is created on the docker host
and the polkit rule is updated to grant this user access to the libvirtd socket.
Longer term solution probably requires running polkitd in a container too.
Change-Id: I91be1f1eacf8eed9017bbfef393ee2d66771e8d6
Related-bug: #1693844
Diffstat (limited to 'manifests/profile/base/heat/api_cfn.pp')
0 files changed, 0 insertions, 0 deletions