From 326327acbaeb30ddfab34148ffcb9c3f64485deb Mon Sep 17 00:00:00 2001 From: Waldemar Znoinski Date: Sun, 18 Sep 2016 09:15:22 +0000 Subject: [PATCH] fix ironic-inspector setup * add ironic-inspector(-archive) source to docker image * pip install from above source code * move in-container config files to /etc/ironic-inspector * add sudoers file to allow ironic-rootwrap * copy rootwrap conf and filters from source repo Change-Id: Ie3cce19810b9940d06bb636b28015160fea6ddfb Closes-bug: #1624457 Closes-bug: #1624833 Closes-bug: #1624845 --- .../ironic/templates/ironic-inspector.json.j2 | 4 ++-- docker/ironic/ironic-inspector/Dockerfile.j2 | 14 ++++++++++++-- docker/ironic/ironic-inspector/ironic_sudoers | 1 + kolla/common/config.py | 4 ++++ 4 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 docker/ironic/ironic-inspector/ironic_sudoers diff --git a/ansible/roles/ironic/templates/ironic-inspector.json.j2 b/ansible/roles/ironic/templates/ironic-inspector.json.j2 index c04e7c6b1a..fee13e3e45 100644 --- a/ansible/roles/ironic/templates/ironic-inspector.json.j2 +++ b/ansible/roles/ironic/templates/ironic-inspector.json.j2 @@ -1,9 +1,9 @@ { - "command": "ironic-inspector --config-file /etc/ironic/ironic.conf", + "command": "ironic-inspector --config-file /etc/ironic-inspector/ironic.conf", "config_files": [ { "source": "{{ container_config_directory }}/ironic.conf", - "dest": "/etc/ironic/ironic.conf", + "dest": "/etc/ironic-inspector/ironic.conf", "owner": "ironic", "perm": "0600" } diff --git a/docker/ironic/ironic-inspector/Dockerfile.j2 b/docker/ironic/ironic-inspector/Dockerfile.j2 index 862b946d80..2f51273f75 100644 --- a/docker/ironic/ironic-inspector/Dockerfile.j2 +++ b/docker/ironic/ironic-inspector/Dockerfile.j2 @@ -15,10 +15,20 @@ MAINTAINER {{ maintainer }} {{ macros.install_packages(ironic_inspector_packages | customizable("packages")) }} {% elif install_type == 'source' %} -RUN /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt \ - ironic-inspector +ADD ironic-inspector-archive /ironic-inspector-source +RUN ln -s ironic-inspector-source/* ironic-inspector \ + && mv /etc/ironic /etc/ironic-inspector \ + && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /ironic-inspector \ + && cp /ironic-inspector/rootwrap.conf /etc/ironic-inspector/ \ + && cp -r /ironic-inspector/rootwrap.d/ /etc/ironic-inspector/ \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic-inspector/rootwrap.conf + {% endif %} +COPY ironic_sudoers /etc/sudoers.d/kolla_ironic_inspector_sudoers +RUN chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/kolla_ironic_inspector_sudoers + {% block ironic_inspector_footer %}{% endblock %} {% block footer %}{% endblock %} {{ include_footer }} diff --git a/docker/ironic/ironic-inspector/ironic_sudoers b/docker/ironic/ironic-inspector/ironic_sudoers new file mode 100644 index 0000000000..612f8dc3a4 --- /dev/null +++ b/docker/ironic/ironic-inspector/ironic_sudoers @@ -0,0 +1 @@ +ironic ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf * diff --git a/kolla/common/config.py b/kolla/common/config.py index 525c45dea9..94b4cc1c87 100644 --- a/kolla/common/config.py +++ b/kolla/common/config.py @@ -213,6 +213,10 @@ SOURCES = { 'type': 'url', 'location': ('http://tarballs.openstack.org/ironic/' 'ironic-master.tar.gz')}, + 'ironic-inspector': { + 'type': 'url', + 'location': ('http://tarballs.openstack.org/ironic-inspector/' + 'ironic-inspector-master.tar.gz')}, 'keystone-base': { 'type': 'url', 'location': ('http://tarballs.openstack.org/keystone/'