Add quantum-rootwrapper for /etc/sudoers.d
This is needed to run quantum in CI env
Change-Id: Ib59351c106f0a45bb45476edf032c97744873923
... | ... |
@@ -15,10 +15,44 @@ if is_service_enabled quantum; then |
15 | 15 |
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then |
16 | 16 |
Q_RR_COMMAND="sudo" |
17 | 17 |
else |
18 |
- Q_RR_COMMAND="sudo $QUANTUM_DIR/bin/quantum-rootwrap $Q_RR_CONF_FILE" |
|
18 |
+ QUANTUM_ROOTWRAP=$(get_rootwrap_location quantum) |
|
19 |
+ Q_RR_COMMAND="sudo $QUANTUM_ROOTWRAP $Q_RR_CONF_FILE" |
|
19 | 20 |
fi |
20 | 21 |
fi |
21 | 22 |
|
23 |
+# configure_quantum_rootwrap() - configure Quantum's rootwrap |
|
24 |
+function configure_quantum_rootwrap() { |
|
25 |
+ if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then |
|
26 |
+ return |
|
27 |
+ fi |
|
28 |
+ # Deploy new rootwrap filters files (owned by root). |
|
29 |
+ # Wipe any existing rootwrap.d files first |
|
30 |
+ Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d |
|
31 |
+ if [[ -d $Q_CONF_ROOTWRAP_D ]]; then |
|
32 |
+ sudo rm -rf $Q_CONF_ROOTWRAP_D |
|
33 |
+ fi |
|
34 |
+ # Deploy filters to /etc/quantum/rootwrap.d |
|
35 |
+ mkdir -p -m 755 $Q_CONF_ROOTWRAP_D |
|
36 |
+ cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/ |
|
37 |
+ sudo chown -R root:root $Q_CONF_ROOTWRAP_D |
|
38 |
+ sudo chmod 644 $Q_CONF_ROOTWRAP_D/* |
|
39 |
+ # Set up rootwrap.conf, pointing to /etc/quantum/rootwrap.d |
|
40 |
+ sudo cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE |
|
41 |
+ sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE |
|
42 |
+ sudo chown root:root $Q_RR_CONF_FILE |
|
43 |
+ sudo chmod 0644 $Q_RR_CONF_FILE |
|
44 |
+ # Specify rootwrap.conf as first parameter to quantum-rootwrap |
|
45 |
+ ROOTWRAP_SUDOER_CMD="$QUANTUM_ROOTWRAP $Q_RR_CONF_FILE *" |
|
46 |
+ |
|
47 |
+ # Set up the rootwrap sudoers for quantum |
|
48 |
+ TEMPFILE=`mktemp` |
|
49 |
+ echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE |
|
50 |
+ chmod 0440 $TEMPFILE |
|
51 |
+ sudo chown root:root $TEMPFILE |
|
52 |
+ sudo mv $TEMPFILE /etc/sudoers.d/quantum-rootwrap |
|
53 |
+} |
|
54 |
+ |
|
55 |
+ |
|
22 | 56 |
# Configures keystone integration for quantum service and agents |
23 | 57 |
function quantum_setup_keystone() { |
24 | 58 |
local conf_file=$1 |
... | ... |
@@ -1149,12 +1149,7 @@ if is_service_enabled quantum; then |
1149 | 1149 |
unset dburl |
1150 | 1150 |
|
1151 | 1151 |
cp $QUANTUM_DIR/etc/quantum.conf $Q_CONF_FILE |
1152 |
- cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE |
|
1153 |
- |
|
1154 |
- # Copy over the config and filter bits |
|
1155 |
- Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d |
|
1156 |
- mkdir -p $Q_CONF_ROOTWRAP_D |
|
1157 |
- cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/ |
|
1152 |
+ configure_quantum_rootwrap |
|
1158 | 1153 |
fi |
1159 | 1154 |
|
1160 | 1155 |
# Quantum service (for controller node) |