[Openstack-devel] Safe access to /etc/nova/nova*.conf from Ceilometer

Thomas Goirand zigo at debian.org
Fri Nov 16 14:50:14 UTC 2012


On 11/16/2012 06:11 PM, Julien Danjou wrote:
> On Fri, Nov 16 2012, Thomas Goirand wrote:
> 
> Hi Thomas,
> 
>> I wrote what begins to take shape as a Ceilometer package. But I'm
>> facing a small problem. Ceilometer needs to access
>> /etc/nova/nova-compute.conf and /etc/nova/nova.conf, which it can't,
>> because it is running as ceilometer user, and doesn't have access to
>> these files.
>>
>> So I am wondering, should Ceilometer components run as root? Or should I
>> add the Ceilometer in the nova group? What's the strategy?
> 
> Indeed, this is a real issue we are aware of.
> 
> But I've the feeling that this requirements is very limited by now, but
> that our configuration code might not be aware of it.
> I've created a blueprint¹ so this can done on our side as soon as
> possible and that this problem is solved in the proper way.
> 
> In the mean time, I don't think using root is really necessary nor a
> good idea. I'd propose to add ceilometer to nova group until we fix this
> issue. I think that we may be able to remove this group membership later
> when Ceilometer is "fixed". Does that sound good enough?

Hi Julien,

Thanks for your prompt reply, it indeed saves a lot of time when you can
have the info directly! :)

That's exactly what I envisioned as well, thanks for confirming. I'll
add ceilometer to nova group then.

Could you tell what it needs to read in nova*.conf?

Also, I've noticed there's a /etc/ceilometer, but it's empty. Don't you
have any configuration file? Or is the package not doing what it should?

Cheers,

Thomas



More information about the Openstack-devel mailing list