Comment 1 for bug 956876

add the following to /etc/sudoers.d/nova_sudoers

Cmnd_Alias NOVACMDS = /bin/chmod /var/lib/nova/tmp/*/root/.ssh, \
                      /bin/chown /var/lib/nova/tmp/*/root/.ssh, \
                      /bin/chown, \
                      /bin/chmod, \
                      /bin/dd, \
                      /sbin/ip, \
                      /sbin/route, \
                      /sbin/iptables-save, \
                      /sbin/iptables-restore, \
                      /sbin/ip6tables-save, \
                      /sbin/ip6tables-restore, \
                      /sbin/kpartx, \
                      /sbin/losetup, \
                      /sbin/lvcreate, \
                      /sbin/lvdisplay, \
                      /sbin/lvremove, \
                      /bin/mkdir, \
                      /bin/mount, \
                      /sbin/pvcreate, \
                      /usr/bin/tee, \
                      /sbin/tune2fs, \
                      /bin/umount, \
                      /sbin/vgcreate, \
                      /usr/bin/qemu-nbd, \
                      /usr/sbin/brctl, \
                      /sbin/brctl, \
                      /usr/sbin/radvd, \
                      /usr/sbin/vblade-persist, \
                      /bin/kill, \
                      /usr/sbin/ietadm, \
                      /sbin/vgs, \
                      /sbin/iscsiadm, \
                      /usr/bin/socat, \
                      /sbin/parted, \
                      /usr/sbin/dnsmasq, \
                      /usr/bin/arping

nova ALL = (root) NOPASSWD: SETENV: NOVACMDS