setup quantum-rootrwapper
Add quantum-rootwrapper for /etc/sudoers.d This is needed to run quantum in CI env Change-Id: Ib59351c106f0a45bb45476edf032c97744873923
This commit is contained in:
parent
b9520212f5
commit
eb1aa3d5ed
36
lib/quantum
36
lib/quantum
@ -15,10 +15,44 @@ if is_service_enabled quantum; then
|
|||||||
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
|
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
|
||||||
Q_RR_COMMAND="sudo"
|
Q_RR_COMMAND="sudo"
|
||||||
else
|
else
|
||||||
Q_RR_COMMAND="sudo $QUANTUM_DIR/bin/quantum-rootwrap $Q_RR_CONF_FILE"
|
QUANTUM_ROOTWRAP=$(get_rootwrap_location quantum)
|
||||||
|
Q_RR_COMMAND="sudo $QUANTUM_ROOTWRAP $Q_RR_CONF_FILE"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# configure_quantum_rootwrap() - configure Quantum's rootwrap
|
||||||
|
function configure_quantum_rootwrap() {
|
||||||
|
if [[ "$Q_USE_ROOTWRAP" == "False" ]]; then
|
||||||
|
return
|
||||||
|
fi
|
||||||
|
# Deploy new rootwrap filters files (owned by root).
|
||||||
|
# Wipe any existing rootwrap.d files first
|
||||||
|
Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d
|
||||||
|
if [[ -d $Q_CONF_ROOTWRAP_D ]]; then
|
||||||
|
sudo rm -rf $Q_CONF_ROOTWRAP_D
|
||||||
|
fi
|
||||||
|
# Deploy filters to /etc/quantum/rootwrap.d
|
||||||
|
mkdir -p -m 755 $Q_CONF_ROOTWRAP_D
|
||||||
|
cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
|
||||||
|
sudo chown -R root:root $Q_CONF_ROOTWRAP_D
|
||||||
|
sudo chmod 644 $Q_CONF_ROOTWRAP_D/*
|
||||||
|
# Set up rootwrap.conf, pointing to /etc/quantum/rootwrap.d
|
||||||
|
sudo cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
|
||||||
|
sudo sed -e "s:^filters_path=.*$:filters_path=$Q_CONF_ROOTWRAP_D:" -i $Q_RR_CONF_FILE
|
||||||
|
sudo chown root:root $Q_RR_CONF_FILE
|
||||||
|
sudo chmod 0644 $Q_RR_CONF_FILE
|
||||||
|
# Specify rootwrap.conf as first parameter to quantum-rootwrap
|
||||||
|
ROOTWRAP_SUDOER_CMD="$QUANTUM_ROOTWRAP $Q_RR_CONF_FILE *"
|
||||||
|
|
||||||
|
# Set up the rootwrap sudoers for quantum
|
||||||
|
TEMPFILE=`mktemp`
|
||||||
|
echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
|
||||||
|
chmod 0440 $TEMPFILE
|
||||||
|
sudo chown root:root $TEMPFILE
|
||||||
|
sudo mv $TEMPFILE /etc/sudoers.d/quantum-rootwrap
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
# Configures keystone integration for quantum service and agents
|
# Configures keystone integration for quantum service and agents
|
||||||
function quantum_setup_keystone() {
|
function quantum_setup_keystone() {
|
||||||
local conf_file=$1
|
local conf_file=$1
|
||||||
|
7
stack.sh
7
stack.sh
@ -1149,12 +1149,7 @@ if is_service_enabled quantum; then
|
|||||||
unset dburl
|
unset dburl
|
||||||
|
|
||||||
cp $QUANTUM_DIR/etc/quantum.conf $Q_CONF_FILE
|
cp $QUANTUM_DIR/etc/quantum.conf $Q_CONF_FILE
|
||||||
cp -p $QUANTUM_DIR/etc/rootwrap.conf $Q_RR_CONF_FILE
|
configure_quantum_rootwrap
|
||||||
|
|
||||||
# Copy over the config and filter bits
|
|
||||||
Q_CONF_ROOTWRAP_D=/etc/quantum/rootwrap.d
|
|
||||||
mkdir -p $Q_CONF_ROOTWRAP_D
|
|
||||||
cp -pr $QUANTUM_DIR/etc/quantum/rootwrap.d/* $Q_CONF_ROOTWRAP_D/
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Quantum service (for controller node)
|
# Quantum service (for controller node)
|
||||||
|
Loading…
Reference in New Issue
Block a user