Revision caf39b8a man/gnt-instance.sgml
| b/man/gnt-instance.sgml | ||
|---|---|---|
| 579 | 579 |
</listitem> |
| 580 | 580 |
</varlistentry> |
| 581 | 581 |
|
| 582 |
<varlistentry> |
|
| 583 |
<term>security_model</term> |
|
| 584 |
<listitem> |
|
| 585 |
<simpara>Valid for the KVM hypervisor.</simpara> |
|
| 586 |
|
|
| 587 |
<simpara>The security model for kvm. Currently one of |
|
| 588 |
<quote>none</quote>, <quote>user</quote> or |
|
| 589 |
<quote>pool</quote>. Under <quote>none</quote>, the |
|
| 590 |
default, nothing is done and instances are run as |
|
| 591 |
the ganeti daemon user (normally root). |
|
| 592 |
</simpara> |
|
| 593 |
|
|
| 594 |
<simpara>Under <quote>user</quote> kvm will drop |
|
| 595 |
privileges and become the user specified by the |
|
| 596 |
security_domain parameter. |
|
| 597 |
</simpara> |
|
| 598 |
|
|
| 599 |
<simpara>Under <quote>pool</quote> a global cluster |
|
| 600 |
pool of users will be used, making sure no two |
|
| 601 |
instances share the same user on the same node. |
|
| 602 |
(this mode is not implemented yet) |
|
| 603 |
</simpara> |
|
| 604 |
|
|
| 605 |
</listitem> |
|
| 606 |
</varlistentry> |
|
| 607 |
|
|
| 608 |
<varlistentry> |
|
| 609 |
<term>security_domain</term> |
|
| 610 |
<listitem> |
|
| 611 |
<simpara>Valid for the KVM hypervisor.</simpara> |
|
| 612 |
|
|
| 613 |
<simpara>Under security model <quote>user</quote> the username to |
|
| 614 |
run the instance under. It must be a valid username |
|
| 615 |
existing on the host. |
|
| 616 |
</simpara> |
|
| 617 |
<simpara>Cannot be set under security model <quote>none</quote> |
|
| 618 |
or <quote>pool</quote>. |
|
| 619 |
</simpara> |
|
| 620 |
|
|
| 621 |
</listitem> |
|
| 622 |
</varlistentry> |
|
| 623 |
|
|
| 582 | 624 |
</variablelist> |
| 583 | 625 |
|
| 584 | 626 |
</para> |
Also available in: Unified diff