* /var/lib/nova/networks should be readable by the `nobody' user,

because dnsmasq runs as nobody and reads its host list from there. svn path=/nixos/trunk/; revision=26740
2011-04-07 12:47:20 +00:00 · 2011-04-07 12:47:20 +00:00 · 05ff7baf48
commit 05ff7baf48
parent 3836e8eb02
1 changed files with 12 additions and 2 deletions
--- a/modules/virtualisation/nova.nix
+++ b/modules/virtualisation/nova.nix
@ -59,7 +59,10 @@ in

    system.activationScripts.nova =
      ''
-        mkdir -m 700 -p /var/lib/nova
+        mkdir -m 755 -p /var/lib/nova
+        mkdir -m 755 -p /var/lib/nova/networks
+        mkdir -m 700 -p /var/lib/nova/instances
+        mkdir -m 700 -p /var/lib/nova/keys

        # Allow the CA certificate generation script (called by
        # nova-api) to work.
@ -80,7 +83,9 @@ in

        startOn = "ip-up";

-        path = [ pkgs.openssl ];
+        # `openssl' is required to generate the CA.  `openssh' is
+        # required to generate key pairs.
+        path = [ pkgs.openssl pkgs.openssh ];
          
        exec = "${nova}/bin/nova-api";
      };
@ -95,6 +100,11 @@ in

        startOn = "ip-up";

+        preStart =
+          ''
+            mkdir -m 700 -p /var/lib/nova/images
+          '';
+
        exec = "${nova}/bin/nova-objectstore --nodaemon";
      };