@@ -170,6 +170,15 @@ function configure_ironic_api {

 function configure_ironic_conductor {

     cp $IRONIC_DIR/etc/ironic/rootwrap.conf $IRONIC_ROOTWRAP_CONF

     cp -r $IRONIC_DIR/etc/ironic/rootwrap.d $IRONIC_CONF_DIR

+    IRONIC_ROOTWRAP=$(get_rootwrap_location ironic)

+    ROOTWRAP_ISUDOER_CMD="$IRONIC_ROOTWRAP $IRONIC_CONF_DIR/rootwrap.conf *"

+

+    # Set up the rootwrap sudoers for ironic

+    TEMPFILE=`mktemp`

+    echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_ISUDOER_CMD" >$TEMPFILE

+    chmod 0440 $TEMPFILE

+    sudo chown root:root $TEMPFILE

+    sudo mv $TEMPFILE /etc/sudoers.d/ironic-rootwrap

     iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF

     iniset $IRONIC_CONF_FILE DEFAULT drivers_whitelist $IRONIC_DRIVERS_WHITELIST