Add nova user to sudoers group, using rootwrap to control it

Nova user needs to run commands as a root, in order to filter this commands openstack uses rootwrap. Nova needs root permissions to run this commands, so this patch adds it to sudoers for the rootwrap application and configuration.
author: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk> 2014-11-17 11:59:47 +0000
committer: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk> 2015-01-22 12:46:23 +0000
commit: b8317806e01538ea099831f1222ca2e6a89520a1 (patch)
tree: 22f0169289c1216f2ac1d0eb039936bcd80c90cb
parent: 83aadfc62eed373d40f72b20c8b8421f4cba589c (diff)
download: definitions-b8317806e01538ea099831f1222ca2e6a89520a1.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/openstack-nova.configure b/openstack-nova.configure
index c04dd82c..ee937007 100644
--- a/openstack-nova.configure
+++ b/openstack-nova.configure
@@ -61,3 +61,9 @@ ln -sf ../libvirt-guests.service "$wants_dir/libvirt-guests.service"
 
 sed -i "s/192\.168\.122\./192\.168\.1\./g" \
        "$ROOT"/etc/libvirt/qemu/networks/default.xml
+
+##########################################################################
+# Add nova to sudoers controlling which commands is running as a root
+# using the openstack rootwrap.
+##########################################################################
+echo 'nova ALL=(ALL) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *' >> "$ROOT/etc/sudoers"
author	Francisco Redondo Marchena <francisco.marchena@codethink.co.uk>	2014-11-17 11:59:47 +0000
committer	Francisco Redondo Marchena <francisco.marchena@codethink.co.uk>	2015-01-22 12:46:23 +0000
commit	b8317806e01538ea099831f1222ca2e6a89520a1 (patch)
tree	22f0169289c1216f2ac1d0eb039936bcd80c90cb
parent	83aadfc62eed373d40f72b20c8b8421f4cba589c (diff)
download	definitions-b8317806e01538ea099831f1222ca2e6a89520a1.tar.gz