nova-rootwrap - Root wrapper daemon for the OpenStack Compute service.

openstack@lists.openstack.org

       • Nova bugs are managed at Launchpad

       2010-present, OpenStack Foundation

31.0.0                                            Apr 03, 2025                                  NOVA-ROOTWRAP(1)

nova-rootwrap is an application that filters which commands nova is allowed to run as another user.

       To use this, you should set the following in nova.conf:

          rootwrap_config=/etc/nova/rootwrap.conf

       You also need to let the nova user run nova-rootwrap as root in sudoers:

          nova ALL = (root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *

       To  make  allowed  commands  node-specific,  your packaging should only install {compute,network}.filters
       respectively on compute and network nodes, i.e.  nova-api nodes  should  not  have  any  of  those  files
       installed.

       NOTE:nova-rootwrap is being slowly deprecated and replaced by oslo.privsep, and will eventually be removed.

       • /etc/nova/nova.conf

       • /etc/nova/rootwrap.conf

       • /etc/nova/rootwrap.d/

       nova-rootwrap - Root wrapper daemon for the OpenStack Compute service.

nova-compute(1)

          nova-rootwrap CONFIG_FILE COMMAND