Browse code
cinder.conf: Set privsep_osbrick.helper_command
When os-brick starts using privsep, it will need to know how to invoke
its privileged half. Amazingly the name of the rootwrap executable
isn't anywhere else in the config, so the privsep default uses just
"sudo" (no rootwrap).
We need to either:
1. set the privsep command line to use cinder-rootwrap in
cinder.conf (and similar in other configs), or
2. add the privsep-helper line to sudoers and bypass rootwrap entirely.
This change implements (1) for devstack/cinder and is similar to the
corresponding nova change in I90dc41bc77993bd83b80c92286e015e14f290b45
Change-Id: I8a0b1728cc66c4861f69623b1b16b1f759b57b25
Angus Lees authored on 2016/02/15 08:53:20Showing 1 changed files
| ... | ... |
@@ -272,6 +272,8 @@ function configure_cinder {
|
| 272 | 272 |
|
| 273 | 273 |
iniset $CINDER_CONF DEFAULT os_region_name "$REGION_NAME" |
| 274 | 274 |
|
| 275 |
+ iniset $CINDER_CONF privsep_osbrick helper_command "sudo cinder-rootwrap \$rootwrap_config privsep-helper --config-file $CINDER_CONF" |
|
| 276 |
+ |
|
| 275 | 277 |
if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then |
| 276 | 278 |
local enabled_backends="" |
| 277 | 279 |
local default_name="" |