x/turbo-hipster
Code Issues Proposed changes
turbo-hipster/turbo_hipster/task_plugins/gate_real_db_upgrade/nova-manage-wrapper
Michael Still 49cf70e748 Use netns to block network access from nova-manage. 
This is done for security reasons as we don't trust the code running
inside migrations.

To run this:
 - bind mysql to 0.0.0.0
 - run makenetnamespace.sh as root at boot, passing in the mysql root
   password so that user perms can be setup
 - add this to the sudo config:
   turbo-hipster ALL=(root) NOPASSWD: /sbin/ip netns exec nonet *

Change-Id: I86190fbd515ecf7683194923df14e5b707ab21c5
2013-12-24 19:42:50 +11:00

6 lines
57 B
Bash
Executable File
Raw Blame History

#!/bin/bash
source $1/bin/activate
shift
nova-manage $@
View Git Blame Copy Permalink