[Openstack-devel] Safe access to /etc/nova/nova*.conf from Ceilometer
Julien Danjou
acid at debian.org
Fri Nov 16 10:11:04 UTC 2012
On Fri, Nov 16 2012, Thomas Goirand wrote:
Hi Thomas,
> I wrote what begins to take shape as a Ceilometer package. But I'm
> facing a small problem. Ceilometer needs to access
> /etc/nova/nova-compute.conf and /etc/nova/nova.conf, which it can't,
> because it is running as ceilometer user, and doesn't have access to
> these files.
>
> So I am wondering, should Ceilometer components run as root? Or should I
> add the Ceilometer in the nova group? What's the strategy?
Indeed, this is a real issue we are aware of.
But I've the feeling that this requirements is very limited by now, but
that our configuration code might not be aware of it.
I've created a blueprint¹ so this can done on our side as soon as
possible and that this problem is solved in the proper way.
In the mean time, I don't think using root is really necessary nor a
good idea. I'd propose to add ceilometer to nova group until we fix this
issue. I think that we may be able to remove this group membership later
when Ceilometer is "fixed". Does that sound good enough?
¹ https://blueprints.launchpad.net/ceilometer/+spec/nova-flags-removal
--
Julien Danjou
-- Free Software hacker & freelance
-- http://julien.danjou.info
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 835 bytes
Desc: not available
URL: <http://lists.alioth.debian.org/pipermail/openstack-devel/attachments/20121116/0c560043/attachment-0001.pgp>
More information about the Openstack-devel
mailing list