Browse code
Support upcoming rootwrap.d config files
Add support in devstack for upcoming /etc/nova/rootwrap.d
configuration files. Note that we don't change anything if Nova
doesn't ship them, so devstack supports both cases.
This is the first step for blueprint folsom-nova-rootwrap. It needs
to go in first so that tests pass when rootwrap.d changes will be
proposed in Nova.
Change-Id: I0189575ed9adb1be61c8563ce8f3199c52fc08ff
Thierry Carrez authored on 2012/06/14 19:27:58Showing 1 changed files
| ... | ... |
@@ -1178,9 +1178,25 @@ sudo chown `whoami` $NOVA_CONF_DIR |
| 1178 | 1178 |
|
| 1179 | 1179 |
cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR |
| 1180 | 1180 |
|
| 1181 |
+# If Nova ships the new rootwrap.d config files, deploy them |
|
| 1182 |
+# (owned by root) and add a parameter to $NOVA_ROOTWRAP |
|
| 1183 |
+ROOTWRAP_SUDOER_CMD="$NOVA_ROOTWRAP" |
|
| 1184 |
+if [[ -d $NOVA_DIR/etc/nova/rootwrap.d ]]; then |
|
| 1185 |
+ # Wipe any existing rootwrap.d files first |
|
| 1186 |
+ if [[ -d $NOVA_CONF_DIR/rootwrap.d ]]; then |
|
| 1187 |
+ sudo rm -rf $NOVA_CONF_DIR/rootwrap.d |
|
| 1188 |
+ fi |
|
| 1189 |
+ sudo mkdir -m 755 $NOVA_CONF_DIR/rootwrap.d |
|
| 1190 |
+ sudo cp $NOVA_DIR/etc/nova/rootwrap.d/* $NOVA_CONF_DIR/rootwrap.d |
|
| 1191 |
+ sudo chown -R root:root $NOVA_CONF_DIR/rootwrap.d |
|
| 1192 |
+ sudo chmod 644 $NOVA_CONF_DIR/rootwrap.d/* |
|
| 1193 |
+ NOVA_ROOTWRAP="$NOVA_ROOTWRAP $NOVA_CONF_DIR/rootwrap.d" |
|
| 1194 |
+ ROOTWRAP_SUDOER_CMD="$NOVA_ROOTWRAP *" |
|
| 1195 |
+fi |
|
| 1196 |
+ |
|
| 1181 | 1197 |
# Set up the rootwrap sudoers |
| 1182 | 1198 |
TEMPFILE=`mktemp` |
| 1183 |
-echo "$USER ALL=(root) NOPASSWD: $NOVA_ROOTWRAP" >$TEMPFILE |
|
| 1199 |
+echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE |
|
| 1184 | 1200 |
chmod 0440 $TEMPFILE |
| 1185 | 1201 |
sudo chown root:root $TEMPFILE |
| 1186 | 1202 |
sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap |