openstack/nova
Code Issues Proposed changes
nova/doc/source/cli/nova-idmapshift.rst
Stephen Finucane be8fa67024 doc: Populate the 'cli' section 
Per the spec [1]:

  cli/ – command line tool reference docs, similar to man pages These
  may be automatically generated with cliff's sphinx integration, or
  manually written when auto-generation is not possible.

All of the docs currently found in 'man' fit that category, so those and
those alone are moved. It'll be a great day in the parish when we can
replace all of these with cliff's Sphinx integration.

[1] specs.openstack.org/openstack/docs-specs/specs/pike/os-manuals-migration

Change-Id: I45bed324ec37cfea7c1a574ec06af38e7b875a1c
2017-07-13 14:54:11 +01:00

93 lines
3.1 KiB
ReStructuredText
Raw Blame History

===============
nova-idmapshift
===============
-----------------------------------------
Tool used by Nova libvirt-lxc virt driver
-----------------------------------------
:Author: openstack@lists.openstack.org
:Date: 2012-09-27
:Copyright: OpenStack Foundation
:Version: 2012.1
:Manual section: 1
:Manual group: cloud computing
SYNOPSIS
========
nova-idmapshift [options] path
DESCRIPTION
===========
nova-idmapshift is a tool that properly sets the ownership of a filesystem for use
with linux user namespaces. This tool can only be used with linux lxc containers.
When using user namespaces with linux lxc containers, the filesystem of the
container must be owned by the targeted user and group ids being applied
to that container. Otherwise, processes inside the container won't be able
to access the filesystem.
For example:
nova-idmapshift -i -u 0:10000:2000 -g 0:10000:2000 path
This command will idempotently shift `path` to proper ownership using
the provided uid and gid mappings.
When using the uid map string '0:10000:2000', this means that
user ids inside the container between 0 and 1999 will map to user ids on
the host between 10000 and 11999. Root (0) becomes 10000, user 1 becomes
10001, user 50 becomes 10050 and user 1999 becomes 11999. This means that
files that are owned by root need to actually be owned by user 10000, and
files owned by 50 need to be owned by 10050, and so on.
nova-idmapshift will take the uid and gid strings used for user namespaces and
properly set up the filesystem for use by those users. Uids and gids outside
of provided ranges will be mapped to nobody-id (default is max uid/gid)
so that they are inaccessible inside the container.
OPTIONS
=======
Positional arguments
~~~~~~~~~~~~~~~~~~~~
path Root path of the filesystem to be shifted
Optional arguments
~~~~~~~~~~~~~~~~~~
-h, --help Show this help message and exit.
-u USER_MAPS, --uid=USER_MAPS
User ID mappings, in the form:
[[guest-uid:host-uid:count],...]
-g GROUP_MAPS, --gid=GROUP_MAPS
Group ID mappings, in the form:
[[guest-gid:host-gid:count],...]
-n nobody-id, --nobody nobody-id
ID to map all unmapped uid and gids to.
Defaults to 65534.
-i, --idempotent Shift operation will only be performed if filesystem appears unshifted.
Defaults to false.
-c, --confirm Will perform check on the filesystem:
Returns 0 when filesystem appears shifted.
Returns 1 when filesystem appears unshifted.
Defaults to false.
-d, --dry-run Print chown operations, but won't perform them.
Defaults to false.
-v, --verbose Print chown operations while performing them.
Defaults to false.
SEE ALSO
========
* `OpenStack Nova <https://docs.openstack.org/developer/nova>`__
BUGS
====
* Nova bugs are managed at Launchpad `Bugs : Nova <https://bugs.launchpad.net/nova>`__
View Git Blame Copy Permalink