Trove/Blueprints/rootwrap-for-guest
< Trove
Contents
Description
Make use of the oslo-rootwrap library in the guest instead of direct sudo calls
Justification/Benefits
Justification
Right now, trove requires a 'trove' user with full sudo rights to run all his commands on the guest VM. oslo-rootwrap is a library designed to handle these tasks, in the safest manner possible.
Benefits
- It provides a clean view of the commands used by trove
- Make trove behave like all the other Openstack core projects
Impacts
Configuration
- A new key 'rootwrap_config' must be added to the trove configuration files to specify the configuration of rootwrap.
- A new file /etc/trove/trove-roowrap.conf must be created to configure rootwrap
- A directory /etc/trove/trove-rootwrap.d will be created, with files containing the commands that require root privileges.
Database
No changes
Public API
No changes
Internal API
No changes
Guest Agent
This has no impact on the task-manager <-> guest agent communications.