Browse code
Support for running Nova with oslo.rootwrap daemon
Nova is being enhanced to use rootwrap as a daemon. For this effort,
we need an additional entry for nova-rootwrap-daemon in the
sudoers.d/ directory.
Needed by:
I57dc2efa39b86fa1fa20730ad70d056e87617c96
Change-Id: I80c7b9dd8e9e0f940aa4e54a95b241dfc40d3574
Davanum Srinivas authored on 2015/05/14 09:53:08Showing 1 changed files
| ... | ... |
@@ -59,12 +59,16 @@ function configure_rootwrap {
|
| 59 | 59 |
sudo install -o root -g root -m 644 $rootwrap_conf_src_dir/rootwrap.conf /etc/${project}/rootwrap.conf
|
| 60 | 60 |
sudo sed -e "s:^filters_path=.*$:filters_path=/etc/${project}/rootwrap.d:" -i /etc/${project}/rootwrap.conf
|
| 61 | 61 |
|
| 62 |
- # Specify rootwrap.conf as first parameter to rootwrap |
|
| 63 |
- rootwrap_sudo_cmd="$rootwrap_bin /etc/${project}/rootwrap.conf *"
|
|
| 64 |
- |
|
| 65 | 62 |
# Set up the rootwrap sudoers |
| 66 | 63 |
local tempfile=$(mktemp) |
| 64 |
+ # Specify rootwrap.conf as first parameter to rootwrap |
|
| 65 |
+ rootwrap_sudo_cmd="${rootwrap_bin} /etc/${project}/rootwrap.conf *"
|
|
| 67 | 66 |
echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudo_cmd" >$tempfile |
| 67 |
+ if [ -f ${bin_dir}/${project}-rootwrap-daemon ]; then
|
|
| 68 |
+ # rootwrap daemon does not need any parameters |
|
| 69 |
+ rootwrap_sudo_cmd="${rootwrap_bin}-daemon /etc/${project}/rootwrap.conf"
|
|
| 70 |
+ echo "$STACK_USER ALL=(root) NOPASSWD: $rootwrap_sudo_cmd" >>$tempfile |
|
| 71 |
+ fi |
|
| 68 | 72 |
chmod 0440 $tempfile |
| 69 | 73 |
sudo chown root:root $tempfile |
| 70 | 74 |
sudo mv $tempfile /etc/sudoers.d/${project}-rootwrap
|