Browse code
Always setup rootwrap sudoers entry
Setup /etc/sudoers.d/nova-rootwrap in all cases, and not just
when devstack is not run as root. Fixes bug 1011652.
Change-Id: Ib4cdeaa282f01cf2ce98119618f232c91b6e8db4
Thierry Carrez authored on 2012/06/11 23:45:29Showing 2 changed files
| ... | ... |
@@ -26,6 +26,7 @@ Ken Pepple <ken.pepple@rabbityard.com> |
| 26 | 26 |
Kiall Mac Innes <kiall@managedit.ie> |
| 27 | 27 |
Russell Bryant <rbryant@redhat.com> |
| 28 | 28 |
Scott Moser <smoser@ubuntu.com> |
| 29 |
+Thierry Carrez <thierry@openstack.org> |
|
| 29 | 30 |
Todd Willey <xtoddx@gmail.com> |
| 30 | 31 |
Tres Henry <tres@treshenry.net> |
| 31 | 32 |
Vishvananda Ishaya <vishvananda@gmail.com> |
| ... | ... |
@@ -187,13 +187,6 @@ else |
| 187 | 187 |
sudo chown root:root $TEMPFILE |
| 188 | 188 |
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh |
| 189 | 189 |
|
| 190 |
- # Set up the rootwrap sudoers |
|
| 191 |
- TEMPFILE=`mktemp` |
|
| 192 |
- echo "$USER ALL=(root) NOPASSWD: $NOVA_ROOTWRAP" >$TEMPFILE |
|
| 193 |
- chmod 0440 $TEMPFILE |
|
| 194 |
- sudo chown root:root $TEMPFILE |
|
| 195 |
- sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap |
|
| 196 |
- |
|
| 197 | 190 |
# Remove old file |
| 198 | 191 |
sudo rm -f /etc/sudoers.d/stack_sh_nova |
| 199 | 192 |
fi |
| ... | ... |
@@ -1184,6 +1177,13 @@ sudo chown `whoami` $NOVA_CONF_DIR |
| 1184 | 1184 |
|
| 1185 | 1185 |
cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR |
| 1186 | 1186 |
|
| 1187 |
+# Set up the rootwrap sudoers |
|
| 1188 |
+TEMPFILE=`mktemp` |
|
| 1189 |
+echo "$USER ALL=(root) NOPASSWD: $NOVA_ROOTWRAP" >$TEMPFILE |
|
| 1190 |
+chmod 0440 $TEMPFILE |
|
| 1191 |
+sudo chown root:root $TEMPFILE |
|
| 1192 |
+sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap |
|
| 1193 |
+ |
|
| 1187 | 1194 |
if is_service_enabled n-api; then |
| 1188 | 1195 |
# Use the sample http middleware configuration supplied in the |
| 1189 | 1196 |
# Nova sources. This paste config adds the configuration required |