summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFrancisco Redondo Marchena <francisco.marchena@codethink.co.uk>2015-02-16 17:34:52 +0000
committerFrancisco Redondo Marchena <francisco.marchena@codethink.co.uk>2015-02-20 09:00:38 +0000
commit8ef4e992f101668e86a3ab5d29bdbe4f7da3cd1d (patch)
treea9a1c51029b032842fdff04cb337b72086da8358
parent68d093b727c865662beea9859153636ba5cfcc9f (diff)
downloaddefinitions-8ef4e992f101668e86a3ab5d29bdbe4f7da3cd1d.tar.gz
Add sudoers files for cinder, nova and neutron on post-install time
-rw-r--r--openstack-cinder.configure8
-rw-r--r--openstack-neutron.configure8
-rw-r--r--openstack-nova.configure8
-rw-r--r--strata/openstack-services/cinder.morph7
-rw-r--r--strata/openstack-services/neutron.morph7
-rw-r--r--strata/openstack-services/nova.morph7
6 files changed, 21 insertions, 24 deletions
diff --git a/openstack-cinder.configure b/openstack-cinder.configure
index 335ff512..a32ee3be 100644
--- a/openstack-cinder.configure
+++ b/openstack-cinder.configure
@@ -45,11 +45,3 @@ sed -f "$ROOT"/etc/openstack-cinder-setup.sed -i \
ln -sf "/etc/systemd/system/openstack-cinder-setup.service" \
"$ROOT/etc/systemd/system/multi-user.target.wants/openstack-cinder-setup.service"
-
-##########################################################################
-# Add cinder to sudoers controlling which commands is running as a root
-# using the openstack rootwrap.
-##########################################################################
-install -D -m 0440 /proc/self/fd/0 <<'EOF' "$ROOT"/etc/sudoers.d/cinder-rootwrap
-cinder ALL=(root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *
-EOF
diff --git a/openstack-neutron.configure b/openstack-neutron.configure
index 5f5754a9..71b29713 100644
--- a/openstack-neutron.configure
+++ b/openstack-neutron.configure
@@ -57,11 +57,3 @@ for service in ${services[@]}; do
ln -sf "/etc/systemd/system/$service" \
"$ROOT/etc/systemd/system/multi-user.target.wants/$service"
done
-
-##########################################################################
-# Add neutron to sudoers controlling which commands is running as a root #
-# using the openstack rootwrap. #
-##########################################################################
-install -D -m 0440 /proc/self/fd/0 <<'EOF' "$ROOT"/etc/sudoers.d/neutron-rootwrap
-neutron ALL=(root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
-EOF
diff --git a/openstack-nova.configure b/openstack-nova.configure
index efa6eb11..4655342c 100644
--- a/openstack-nova.configure
+++ b/openstack-nova.configure
@@ -64,11 +64,3 @@ ln -sf ../libvirt-guests.service "$wants_dir/libvirt-guests.service"
sed -i "s/192\.168\.122\./192\.168\.1\./g" \
"$ROOT"/etc/libvirt/qemu/networks/default.xml
-
-##########################################################################
-# Add nova to sudoers controlling which commands is running as a root
-# using the openstack rootwrap.
-##########################################################################
-install -D -m 0440 /proc/self/fd/0 <<'EOF' "$ROOT"/etc/sudoers.d/nova-rootwrap
-nova ALL=(root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *
-EOF
diff --git a/strata/openstack-services/cinder.morph b/strata/openstack-services/cinder.morph
index bfc31026..eafc7cea 100644
--- a/strata/openstack-services/cinder.morph
+++ b/strata/openstack-services/cinder.morph
@@ -7,3 +7,10 @@ post-install-commands:
# Move rootwrap files to a proper location
- mkdir -p "$DESTDIR"/etc/cinder/rootwrap.d
- install -D -m 644 etc/cinder/rootwrap.d/* "$DESTDIR"/etc/cinder/rootwrap.d/
+# Add cinder to sudoers controlling which commands will run as a root
+# using the openstack rootwrap.
+- mkdir -p "$DESTDIR"/etc/sudoers.d
+- |
+ install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/cinder-rootwrap
+ cinder ALL=(root) NOPASSWD: /usr/bin/cinder-rootwrap /etc/cinder/rootwrap.conf *
+ EOF
diff --git a/strata/openstack-services/neutron.morph b/strata/openstack-services/neutron.morph
index 1de5678b..d6d08997 100644
--- a/strata/openstack-services/neutron.morph
+++ b/strata/openstack-services/neutron.morph
@@ -6,3 +6,10 @@ post-install-commands:
- mkdir -p "$DESTDIR"/etc/neutron
- mv "$DESTDIR$PREFIX"/etc/neutron/rootwrap.d "$DESTDIR"/etc/neutron/
- mv "$DESTDIR$PREFIX"/etc/neutron/rootwrap.conf "$DESTDIR"/etc/neutron/
+# Add neutron to sudoers controlling which commands is running as a root
+# using the openstack rootwrap.
+- mkdir -p "$DESTDIR"/etc/sudoers.d
+- |
+ install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/neutron-rootwrap
+ neutron ALL=(root) NOPASSWD: /usr/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
+ EOF
diff --git a/strata/openstack-services/nova.morph b/strata/openstack-services/nova.morph
index 4bf15bc7..98ac9854 100644
--- a/strata/openstack-services/nova.morph
+++ b/strata/openstack-services/nova.morph
@@ -7,3 +7,10 @@ post-install-commands:
# Move rootwrap files to a proper location
- mkdir -p "$DESTDIR"/etc/nova/rootwrap.d
- install -D -m 644 etc/nova/rootwrap.d/* "$DESTDIR"/etc/nova/rootwrap.d/
+# Add nova to sudoers controlling which commands will run as a root
+# using the openstack rootwrap.
+- mkdir -p "$DESTDIR"/etc/sudoers.d
+- |
+ install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/nova-rootwrap
+ nova ALL=(root) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *
+ EOF