Browse code
Merge "Cleanup cinder-rootwrap support"
Jenkins authored on 2014/02/15 11:21:13Showing 1 changed files
| ... | ... |
@@ -184,43 +184,28 @@ function cleanup_cinder() {
|
| 184 | 184 |
function configure_cinder_rootwrap() {
|
| 185 | 185 |
# Set the paths of certain binaries |
| 186 | 186 |
CINDER_ROOTWRAP=$(get_rootwrap_location cinder) |
| 187 |
- if [[ ! -x $CINDER_ROOTWRAP ]]; then |
|
| 188 |
- CINDER_ROOTWRAP=$(get_rootwrap_location oslo) |
|
| 189 |
- if [[ ! -x $CINDER_ROOTWRAP ]]; then |
|
| 190 |
- die $LINENO "No suitable rootwrap found." |
|
| 191 |
- fi |
|
| 192 |
- fi |
|
| 193 | 187 |
|
| 194 |
- # If Cinder ships the new rootwrap filters files, deploy them |
|
| 195 |
- # (owned by root) and add a parameter to $CINDER_ROOTWRAP |
|
| 196 |
- ROOTWRAP_CINDER_SUDOER_CMD="$CINDER_ROOTWRAP" |
|
| 197 |
- if [[ -d $CINDER_DIR/etc/cinder/rootwrap.d ]]; then |
|
| 198 |
- # Wipe any existing rootwrap.d files first |
|
| 199 |
- if [[ -d $CINDER_CONF_DIR/rootwrap.d ]]; then |
|
| 200 |
- sudo rm -rf $CINDER_CONF_DIR/rootwrap.d |
|
| 201 |
- fi |
|
| 202 |
- # Deploy filters to /etc/cinder/rootwrap.d |
|
| 203 |
- sudo mkdir -m 755 $CINDER_CONF_DIR/rootwrap.d |
|
| 204 |
- sudo cp $CINDER_DIR/etc/cinder/rootwrap.d/*.filters $CINDER_CONF_DIR/rootwrap.d |
|
| 205 |
- sudo chown -R root:root $CINDER_CONF_DIR/rootwrap.d |
|
| 206 |
- sudo chmod 644 $CINDER_CONF_DIR/rootwrap.d/* |
|
| 207 |
- # Set up rootwrap.conf, pointing to /etc/cinder/rootwrap.d |
|
| 208 |
- if [[ -f $CINDER_DIR/etc/cinder/rootwrap.conf ]]; then |
|
| 209 |
- sudo cp $CINDER_DIR/etc/cinder/rootwrap.conf $CINDER_CONF_DIR/ |
|
| 210 |
- else |
|
| 211 |
- # rootwrap.conf is no longer shipped in Cinder itself |
|
| 212 |
- echo "filters_path=" | sudo tee $CINDER_CONF_DIR/rootwrap.conf > /dev/null |
|
| 213 |
- fi |
|
| 214 |
- sudo sed -e "s:^filters_path=.*$:filters_path=$CINDER_CONF_DIR/rootwrap.d:" -i $CINDER_CONF_DIR/rootwrap.conf |
|
| 215 |
- sudo chown root:root $CINDER_CONF_DIR/rootwrap.conf |
|
| 216 |
- sudo chmod 0644 $CINDER_CONF_DIR/rootwrap.conf |
|
| 217 |
- # Specify rootwrap.conf as first parameter to rootwrap |
|
| 218 |
- CINDER_ROOTWRAP="$CINDER_ROOTWRAP $CINDER_CONF_DIR/rootwrap.conf" |
|
| 219 |
- ROOTWRAP_CINDER_SUDOER_CMD="$CINDER_ROOTWRAP *" |
|
| 188 |
+ # Deploy new rootwrap filters files (owned by root). |
|
| 189 |
+ # Wipe any existing rootwrap.d files first |
|
| 190 |
+ if [[ -d $CINDER_CONF_DIR/rootwrap.d ]]; then |
|
| 191 |
+ sudo rm -rf $CINDER_CONF_DIR/rootwrap.d |
|
| 220 | 192 |
fi |
| 221 |
- |
|
| 193 |
+ # Deploy filters to /etc/cinder/rootwrap.d |
|
| 194 |
+ sudo mkdir -m 755 $CINDER_CONF_DIR/rootwrap.d |
|
| 195 |
+ sudo cp $CINDER_DIR/etc/cinder/rootwrap.d/*.filters $CINDER_CONF_DIR/rootwrap.d |
|
| 196 |
+ sudo chown -R root:root $CINDER_CONF_DIR/rootwrap.d |
|
| 197 |
+ sudo chmod 644 $CINDER_CONF_DIR/rootwrap.d/* |
|
| 198 |
+ # Set up rootwrap.conf, pointing to /etc/cinder/rootwrap.d |
|
| 199 |
+ sudo cp $CINDER_DIR/etc/cinder/rootwrap.conf $CINDER_CONF_DIR/ |
|
| 200 |
+ sudo sed -e "s:^filters_path=.*$:filters_path=$CINDER_CONF_DIR/rootwrap.d:" -i $CINDER_CONF_DIR/rootwrap.conf |
|
| 201 |
+ sudo chown root:root $CINDER_CONF_DIR/rootwrap.conf |
|
| 202 |
+ sudo chmod 0644 $CINDER_CONF_DIR/rootwrap.conf |
|
| 203 |
+ # Specify rootwrap.conf as first parameter to rootwrap |
|
| 204 |
+ ROOTWRAP_CSUDOER_CMD="$CINDER_ROOTWRAP $CINDER_CONF_DIR/rootwrap.conf *" |
|
| 205 |
+ |
|
| 206 |
+ # Set up the rootwrap sudoers for cinder |
|
| 222 | 207 |
TEMPFILE=`mktemp` |
| 223 |
- echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_CINDER_SUDOER_CMD" >$TEMPFILE |
|
| 208 |
+ echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_CSUDOER_CMD" >$TEMPFILE |
|
| 224 | 209 |
chmod 0440 $TEMPFILE |
| 225 | 210 |
sudo chown root:root $TEMPFILE |
| 226 | 211 |
sudo mv $TEMPFILE /etc/sudoers.d/cinder-rootwrap |