Browse code
setup quantum-rootrwapper
Add quantum-rootwrapper for /etc/sudoers.d
This is needed to run quantum in CI env
Change-Id: Ib59351c106f0a45bb45476edf032c97744873923
Nachi Ueno authored on 2012/12/07 04:55:29Showing 2 changed files
| ... | ... |
@@ -15,10 +15,44 @@ if is_service_enabled quantum; then |
| 15 | 15 |
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then |
| 16 | 16 |
Q_RR_COMMAND="sudo" |
| 17 | 17 |
else |
| 18 |
- Q_RR_COMMAND="sudo $QUANTUM_DIR/bin/quantum-rootwrap $Q_RR_CONF_FILE" |
|
| 18 |
+ QUANTUM_ROOTWRAP=$(get_rootwrap_location quantum) |
|
| 19 |
+ Q_RR_COMMAND="sudo $QUANTUM_ROOTWRAP $Q_RR_CONF_FILE" |
|
| 19 | 20 |
fi |
| 20 | 21 |
fi |
| 21 | 22 |
|
| 23 |
+# configure_quantum_rootwrap() - configure Quantum's rootwrap |
|
| 24 |
+function configure_quantum_rootwrap() {
|
|
| 25 |
+ if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then |
|
| 26 |
+ return |
|
| 27 |
+ fi |
|
| 28 |
+ # Deploy new rootwrap filters files (owned by root). |
|
| 29 |
+ # Wipe any existing rootwrap.d files first |
|
| 30 |
+ Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d |
|
| 31 |
+ if [[ -d $Q_CONF_ROOTWRAP_D ]]; then |
|
| 32 |
+ sudo rm -rf $Q_CONF_ROOTWRAP_D |
|
| 33 |
+ fi |
|
| 34 |
+ # Deploy filters to /etc/quantum/rootwrap.d |
|
| 35 |
+ mkdir -p -m 755 $Q_CONF_ROOTWRAP_D |
|
| 36 |
+ cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/ |
|
| 37 |
+ sudo chown -R root:root $Q_CONF_ROOTWRAP_D |
|
| 38 |
+ sudo chmod 644 $Q_CONF_ROOTWRAP_D/* |
|
| 39 |
+ # Set up rootwrap.conf, pointing to /etc/quantum/rootwrap.d |
|
| 40 |
+ sudo cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE |
|
| 41 |
+ sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE |
|
| 42 |
+ sudo chown root:root $Q_RR_CONF_FILE |
|
| 43 |
+ sudo chmod 0644 $Q_RR_CONF_FILE |
|
| 44 |
+ # Specify rootwrap.conf as first parameter to quantum-rootwrap |
|
| 45 |
+ ROOTWRAP_SUDOER_CMD="$QUANTUM_ROOTWRAP $Q_RR_CONF_FILE *" |
|
| 46 |
+ |
|
| 47 |
+ # Set up the rootwrap sudoers for quantum |
|
| 48 |
+ TEMPFILE=`mktemp` |
|
| 49 |
+ echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE |
|
| 50 |
+ chmod 0440 $TEMPFILE |
|
| 51 |
+ sudo chown root:root $TEMPFILE |
|
| 52 |
+ sudo mv $TEMPFILE /etc/sudoers.d/quantum-rootwrap |
|
| 53 |
+} |
|
| 54 |
+ |
|
| 55 |
+ |
|
| 22 | 56 |
# Configures keystone integration for quantum service and agents |
| 23 | 57 |
function quantum_setup_keystone() {
|
| 24 | 58 |
local conf_file=$1 |
| ... | ... |
@@ -1149,12 +1149,7 @@ if is_service_enabled quantum; then |
| 1149 | 1149 |
unset dburl |
| 1150 | 1150 |
|
| 1151 | 1151 |
cp $QUANTUM_DIR/etc/quantum.conf $Q_CONF_FILE |
| 1152 |
- cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE |
|
| 1153 |
- |
|
| 1154 |
- # Copy over the config and filter bits |
|
| 1155 |
- Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d |
|
| 1156 |
- mkdir -p $Q_CONF_ROOTWRAP_D |
|
| 1157 |
- cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/ |
|
| 1152 |
+ configure_quantum_rootwrap |
|
| 1158 | 1153 |
fi |
| 1159 | 1154 |
|
| 1160 | 1155 |
# Quantum service (for controller node) |