Deprecate root_helper in favor of rootwrap_config

Align with recent changes in nova-rootwrap by marking the root_helper option deprecated and introduce usage of the rootwrap_config option instead. The root_helper option will still fully be supported in Folsom, but will be removed in Grizzly. Transition notes: you should replace: root_helper=sudo cinder-rootwrap /etc/cinder/rootwrap.conf by: rootwrap_config=/etc/cinder/rootwrap.conf Change-Id: I22a6d2bdee6ad2c5ad587ceec574cec4b2887f22
2012-08-03 15:35:03 +02:00 · 2012-08-03 15:35:03 +02:00 · 2b2c97eb5c
commit 2b2c97eb5c
parent 0be1725cdc
3 changed files with 18 additions and 4 deletions
--- a/bin/cinder-rootwrap
+++ b/bin/cinder-rootwrap
@ -21,7 +21,7 @@
   Filters which commands cinder is allowed to run as another user.

   To use this, you should set the following in cinder.conf:
-   root_helper=sudo cinder-rootwrap /etc/cinder/rootwrap.conf
+   rootwrap_config=/etc/cinder/rootwrap.conf

   You also need to let the cinder user run cinder-rootwrap as root in sudoers:
   cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap
--- a/cinder/flags.py
+++ b/cinder/flags.py
@ -247,7 +247,11 @@ global_opts = [
                    'formatted with on creation.'),
    cfg.StrOpt('root_helper',
               default='sudo',
-               help='Command prefix to use for running commands as root'),
+               help='Deprecated: command to use for running commands as root'),
+    cfg.StrOpt('rootwrap_config',
+               default=None,
+               help='Path to the rootwrap configuration file to use for '
+                    'running commands as root'),
    cfg.BoolOpt('use_ipv6',
                default=False,
                help='use ipv6'),
--- a/cinder/utils.py
+++ b/cinder/utils.py
@ -62,6 +62,12 @@ ISO_TIME_FORMAT = "%Y-%m-%dT%H:%M:%S"
 PERFECT_TIME_FORMAT = "%Y-%m-%dT%H:%M:%S.%f"
 FLAGS = flags.FLAGS

+if FLAGS.rootwrap_config is None or FLAGS.root_helper != 'sudo':
+    LOG.warn(_('The root_helper option (which lets you specify a root '
+               'wrapper different from cinder-rootwrap, and defaults to '
+               'using sudo) is now deprecated. You should use the '
+               'rootwrap_config option instead.'))
+

 def find_config(config_path):
    """Find a configuration file using the given hint.
@ -143,7 +149,7 @@ def execute(*cmd, **kwargs):
    """Helper method to execute command with optional retry.

    If you add a run_as_root=True command, don't forget to add the
-    corresponding filter to cinder.rootwrap !
+    corresponding filter to etc/cinder/rootwrap.d !

    :param cmd:                Passed to subprocess.Popen.
    :param process_input:      Send to opened process.
@ -184,7 +190,11 @@ def execute(*cmd, **kwargs):
                                'to utils.execute: %r') % kwargs)

    if run_as_root:
-        cmd = shlex.split(FLAGS.root_helper) + list(cmd)
+        if (FLAGS.rootwrap_config is not None):
+            cmd = ['sudo', 'cinder-rootwrap',
+                   FLAGS.rootwrap_config] + list(cmd)
+        else:
+            cmd = shlex.split(FLAGS.root_helper) + list(cmd)
    cmd = map(str, cmd)

    while attempts > 0: