<div class="socmaildefaultfont" dir="ltr" style="font-family:Arial, Helvetica, sans-serif;font-size:10pt" ><div dir="ltr" >Hi, all</div>
<div dir="ltr" > </div>
<div dir="ltr" >In the nova live migration doc[1], there is some description of libvirt configuration:</div>
<div dir="ltr" >"</div>
<div dir="ltr" ><span style="color: rgb(51, 51, 51); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;" >Enable password-less SSH so that root on one compute host can log on to any other compute host without providing a password. The<span> </span></span><code class="docutils literal notranslate" style="box-sizing: border-box; font-family: Menlo, Monaco, Consolas, "Courier New", monospace; font-size: 14px; padding: 0px; font-weight: bold; color: rgb(0, 0, 0); font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial;" ><span class="pre" style="box-sizing: border-box;" >libvirtd</span></code><span style="color: rgb(51, 51, 51); font-family: -apple-system, BlinkMacSystemFont, "Segoe UI", Roboto, Oxygen-Sans, Ubuntu, Cantarell, "Helvetica Neue", sans-serif; font-size: 14px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: left; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(255, 255, 255); text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;" ><span> </span>daemon, which runs as root, uses the SSH protocol to copy the instance to the destination and can’t know the passwords of all compute hosts.</span></div>
<div dir="ltr" >"</div>
<div dir="ltr" >According to the description, I understand that the libvirtd daemon runs as the root user for remote copy the instance to the destination.</div>
<div dir="ltr" > </div>
<div dir="ltr" >My question is, why make the libvirtd daemon runs as the "root" user for copy instance rather than other users, like the "nova" user?</div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<div dir="ltr" >Thanks</div>
<div dir="ltr" >Zhi Chang</div>
<div dir="ltr" > </div>
<div dir="ltr" > </div>
<div dir="ltr" >[1]: <a href="https://docs.openstack.org/nova/rocky/admin/configuring-migrations.html" >https://docs.openstack.org/nova/rocky/admin/configuring-migrations.html</a></div></div><BR>