Red Hat Bugzilla – Bug 894460
Configure ComputeNodes so that libvirt is R/O for all users except for Nova
Last modified: 2015-06-04 17:50:12 EDT
Description of problem:
It could be problematic if admins can run virsh destroy/undefine on ComputeNodes outside of Nova, since that may cause state to get messed up between ComputeNodes and Nova.
So it might be desirable to make libvirt connections read-only for all users except for Nova.
This should be optional though. Some users may want their admins to have virsh access to VMs even despite the risks.
I think that this is something we should not do. RHEV made libvirt inaccessible to the root user and it has been a total PITA for anyone logging into a box to troubleshoot the system.
If a person has been given root they are all powerful and know they should be careful. We don't need to add child-locks to their account wrt libvirt, which ultimately don't achieve anything besides annoyance for people who need access.
BTW, Nova copes fine if you 'virsh destroy' a running nova guest - it just transitions it to the shutoff state.