summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-03-27 12:10:29 +0000
committerPedro Alvarez <pedro.alvarez@codethink.co.uk>2015-04-08 18:29:29 +0100
commite8ec4f308e9ab560b6c5cfd27707fce4bd2fb07c (patch)
tree4be62e11d9d47426cca0c022aec1809f30e7d3e3
parent0d390862eb45bb93e79e5d56143ff8b3f9d79995 (diff)
downloaddefinitions-e8ec4f308e9ab560b6c5cfd27707fce4bd2fb07c.tar.gz
nova: remove rootwrap files not needed
These files are being installed with nova
-rw-r--r--openstack/etc/nova/rootwrap.conf27
-rw-r--r--openstack/etc/nova/rootwrap.d/api-metadata.filters13
-rw-r--r--openstack/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters9
-rw-r--r--openstack/etc/nova/rootwrap.d/baremetal-deploy-helper.filters11
-rw-r--r--openstack/etc/nova/rootwrap.d/compute.filters228
-rw-r--r--openstack/etc/nova/rootwrap.d/network.filters94
6 files changed, 0 insertions, 382 deletions
diff --git a/openstack/etc/nova/rootwrap.conf b/openstack/etc/nova/rootwrap.conf
deleted file mode 100644
index aa466c5d..00000000
--- a/openstack/etc/nova/rootwrap.conf
+++ /dev/null
@@ -1,27 +0,0 @@
-# Configuration for nova-rootwrap
-# This file should be owned by (and only-writeable by) the root user
-
-[DEFAULT]
-# List of directories to load filter definitions from (separated by ',').
-# These directories MUST all be only writeable by root !
-filters_path=/etc/nova/rootwrap.d,/usr/share/nova/rootwrap
-
-# List of directories to search executables in, in case filters do not
-# explicitely specify a full path (separated by ',')
-# If not specified, defaults to system PATH environment variable.
-# These directories MUST all be only writeable by root !
-exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin
-
-# Enable logging to syslog
-# Default value is False
-use_syslog=False
-
-# Which syslog facility to use.
-# Valid values include auth, authpriv, syslog, local0, local1...
-# Default value is 'syslog'
-syslog_log_facility=syslog
-
-# Which messages to log.
-# INFO means log all usage
-# ERROR means only log unsuccessful attempts
-syslog_log_level=ERROR
diff --git a/openstack/etc/nova/rootwrap.d/api-metadata.filters b/openstack/etc/nova/rootwrap.d/api-metadata.filters
deleted file mode 100644
index 1aa6f83e..00000000
--- a/openstack/etc/nova/rootwrap.d/api-metadata.filters
+++ /dev/null
@@ -1,13 +0,0 @@
-# nova-rootwrap command filters for api-metadata nodes
-# This is needed on nova-api hosts running with "metadata" in enabled_apis
-# or when running nova-api-metadata
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
-iptables-save: CommandFilter, iptables-save, root
-ip6tables-save: CommandFilter, ip6tables-save, root
-
-# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
-iptables-restore: CommandFilter, iptables-restore, root
-ip6tables-restore: CommandFilter, ip6tables-restore, root
diff --git a/openstack/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters b/openstack/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters
deleted file mode 100644
index 4132a999..00000000
--- a/openstack/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters
+++ /dev/null
@@ -1,9 +0,0 @@
-# nova-rootwrap command filters for compute nodes
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova/virt/baremetal/ipmi.py: 'ipmitool', ..
-ipmitool: CommandFilter, ipmitool, root
-
-# nova/virt/baremetal/ipmi.py: 'kill', '-TERM', str(console_pid)
-kill_shellinaboxd: KillFilter, root, /usr/local/bin/shellinaboxd, -15, -TERM
diff --git a/openstack/etc/nova/rootwrap.d/baremetal-deploy-helper.filters b/openstack/etc/nova/rootwrap.d/baremetal-deploy-helper.filters
deleted file mode 100644
index 6d14b5d9..00000000
--- a/openstack/etc/nova/rootwrap.d/baremetal-deploy-helper.filters
+++ /dev/null
@@ -1,11 +0,0 @@
-# nova-rootwrap command filters for nova-baremetal-deploy-helper
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova-baremetal-deploy-helper
-iscsiadm: CommandFilter, iscsiadm, root
-sfdisk: CommandFilter, sfdisk, root
-dd: CommandFilter, dd, root
-mkswap: CommandFilter, mkswap, root
-blkid: CommandFilter, blkid, root
-mkfs: CommandFilter, mkfs, root
diff --git a/openstack/etc/nova/rootwrap.d/compute.filters b/openstack/etc/nova/rootwrap.d/compute.filters
deleted file mode 100644
index b79851b4..00000000
--- a/openstack/etc/nova/rootwrap.d/compute.filters
+++ /dev/null
@@ -1,228 +0,0 @@
-# nova-rootwrap command filters for compute nodes
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova/virt/disk/mount/api.py: 'kpartx', '-a', device
-# nova/virt/disk/mount/api.py: 'kpartx', '-d', device
-kpartx: CommandFilter, kpartx, root
-
-# nova/virt/xenapi/vm_utils.py: tune2fs, -O ^has_journal, part_path
-# nova/virt/xenapi/vm_utils.py: tune2fs, -j, partition_path
-tune2fs: CommandFilter, tune2fs, root
-
-# nova/virt/disk/mount/api.py: 'mount', mapped_device
-# nova/virt/disk/api.py: 'mount', '-o', 'bind', src, target
-# nova/virt/xenapi/vm_utils.py: 'mount', '-t', 'ext2,ext3,ext4,reiserfs'..
-# nova/virt/configdrive.py: 'mount', device, mountdir
-# nova/virt/libvirt/volume.py: 'mount', '-t', 'sofs' ...
-mount: CommandFilter, mount, root
-
-# nova/virt/disk/mount/api.py: 'umount', mapped_device
-# nova/virt/disk/api.py: 'umount' target
-# nova/virt/xenapi/vm_utils.py: 'umount', dev_path
-# nova/virt/configdrive.py: 'umount', mountdir
-umount: CommandFilter, umount, root
-
-# nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-c', device, image
-# nova/virt/disk/mount/nbd.py: 'qemu-nbd', '-d', device
-qemu-nbd: CommandFilter, qemu-nbd, root
-
-# nova/virt/disk/mount/loop.py: 'losetup', '--find', '--show', image
-# nova/virt/disk/mount/loop.py: 'losetup', '--detach', device
-losetup: CommandFilter, losetup, root
-
-# nova/virt/libvirt/utils.py: 'blockdev', '--getsize64', path
-# nova/virt/disk/mount/nbd.py: 'blockdev', '--flushbufs', device
-blockdev: RegExpFilter, blockdev, root, blockdev, (--getsize64|--flushbufs), /dev/.*
-
-# nova/virt/disk/vfs/localfs.py: 'tee', canonpath
-tee: CommandFilter, tee, root
-
-# nova/virt/disk/vfs/localfs.py: 'mkdir', canonpath
-mkdir: CommandFilter, mkdir, root
-
-# nova/virt/disk/vfs/localfs.py: 'chown'
-# nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log
-# nova/virt/libvirt/connection.py: 'chown', os.getuid( console_log
-# nova/virt/libvirt/connection.py: 'chown', 'root', basepath('disk')
-chown: CommandFilter, chown, root
-
-# nova/virt/disk/vfs/localfs.py: 'chmod'
-chmod: CommandFilter, chmod, root
-
-# nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap'
-# nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up'
-# nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev
-# nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i..
-# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'..
-# nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',..
-# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',..
-# nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev)
-# nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1]
-# nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge
-# nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',..
-# nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ...
-# nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,..
-# nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up'
-# nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up'
-# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up'
-# nova/network/linux_net.py: 'ip', 'route', 'add', ..
-# nova/network/linux_net.py: 'ip', 'route', 'del', .
-# nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev
-ip: CommandFilter, ip, root
-
-# nova/virt/libvirt/vif.py: 'tunctl', '-b', '-t', dev
-# nova/network/linux_net.py: 'tunctl', '-b', '-t', dev
-tunctl: CommandFilter, tunctl, root
-
-# nova/virt/libvirt/vif.py: 'ovs-vsctl', ...
-# nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ...
-# nova/network/linux_net.py: 'ovs-vsctl', ....
-ovs-vsctl: CommandFilter, ovs-vsctl, root
-
-# nova/network/linux_net.py: 'ovs-ofctl', ....
-ovs-ofctl: CommandFilter, ovs-ofctl, root
-
-# nova/virt/libvirt/connection.py: 'dd', if=%s % virsh_output, ...
-dd: CommandFilter, dd, root
-
-# nova/virt/xenapi/volume_utils.py: 'iscsiadm', '-m', ...
-iscsiadm: CommandFilter, iscsiadm, root
-
-# nova/virt/libvirt/volume.py: 'aoe-revalidate', aoedev
-# nova/virt/libvirt/volume.py: 'aoe-discover'
-aoe-revalidate: CommandFilter, aoe-revalidate, root
-aoe-discover: CommandFilter, aoe-discover, root
-
-# nova/virt/xenapi/vm_utils.py: parted, --script, ...
-# nova/virt/xenapi/vm_utils.py: 'parted', '--script', dev_path, ..*.
-parted: CommandFilter, parted, root
-
-# nova/virt/xenapi/vm_utils.py: 'pygrub', '-qn', dev_path
-pygrub: CommandFilter, pygrub, root
-
-# nova/virt/xenapi/vm_utils.py: fdisk %(dev_path)s
-fdisk: CommandFilter, fdisk, root
-
-# nova/virt/xenapi/vm_utils.py: e2fsck, -f, -p, partition_path
-# nova/virt/disk/api.py: e2fsck, -f, -p, image
-e2fsck: CommandFilter, e2fsck, root
-
-# nova/virt/xenapi/vm_utils.py: resize2fs, partition_path
-# nova/virt/disk/api.py: resize2fs, image
-resize2fs: CommandFilter, resize2fs, root
-
-# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
-iptables-save: CommandFilter, iptables-save, root
-ip6tables-save: CommandFilter, ip6tables-save, root
-
-# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
-iptables-restore: CommandFilter, iptables-restore, root
-ip6tables-restore: CommandFilter, ip6tables-restore, root
-
-# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ...
-# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],..
-arping: CommandFilter, arping, root
-
-# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address
-dhcp_release: CommandFilter, dhcp_release, root
-
-# nova/network/linux_net.py: 'kill', '-9', pid
-# nova/network/linux_net.py: 'kill', '-HUP', pid
-kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
-
-# nova/network/linux_net.py: 'kill', pid
-kill_radvd: KillFilter, root, /usr/sbin/radvd
-
-# nova/network/linux_net.py: dnsmasq call
-dnsmasq: EnvFilter, env, root, CONFIG_FILE=, NETWORK_ID=, dnsmasq
-
-# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'..
-radvd: CommandFilter, radvd, root
-
-# nova/network/linux_net.py: 'brctl', 'addbr', bridge
-# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0
-# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off'
-# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface
-brctl: CommandFilter, brctl, root
-
-# nova/virt/libvirt/utils.py: 'mkswap'
-# nova/virt/xenapi/vm_utils.py: 'mkswap'
-mkswap: CommandFilter, mkswap, root
-
-# nova/virt/xenapi/vm_utils.py: 'mkfs'
-# nova/utils.py: 'mkfs', fs, path, label
-mkfs: CommandFilter, mkfs, root
-
-# nova/virt/libvirt/utils.py: 'qemu-img'
-qemu-img: CommandFilter, qemu-img, root
-
-# nova/virt/disk/vfs/localfs.py: 'readlink', '-e'
-readlink: CommandFilter, readlink, root
-
-# nova/virt/disk/api.py: 'touch', target
-touch: CommandFilter, touch, root
-
-# nova/virt/disk/api.py:
-mkfs.ext3: CommandFilter, mkfs.ext3, root
-mkfs.ntfs: CommandFilter, mkfs.ntfs, root
-
-# nova/virt/libvirt/connection.py:
-read_initiator: ReadFileFilter, /etc/iscsi/initiatorname.iscsi
-
-# nova/virt/libvirt/connection.py:
-lvremove: CommandFilter, lvremove, root
-
-# nova/virt/libvirt/utils.py:
-lvcreate: CommandFilter, lvcreate, root
-
-# nova/virt/libvirt/utils.py:
-lvs: CommandFilter, lvs, root
-
-# nova/virt/libvirt/utils.py:
-vgs: CommandFilter, vgs, root
-
-# nova/virt/baremetal/volume_driver.py: 'tgtadm', '--lld', 'iscsi', ...
-tgtadm: CommandFilter, tgtadm, root
-
-# nova/utils.py:read_file_as_root: 'cat', file_path
-# (called from nova/virt/disk/vfs/localfs.py:VFSLocalFS.read_file)
-read_passwd: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/passwd
-read_shadow: RegExpFilter, cat, root, cat, (/var|/usr)?/tmp/openstack-vfs-localfs[^/]+/etc/shadow
-
-# nova/virt/libvirt/volume.py: 'multipath' '-R'
-multipath: CommandFilter, multipath, root
-
-# nova/virt/libvirt/utils.py:
-systool: CommandFilter, systool, root
-
-# nova/virt/libvirt/volume.py:
-sginfo: CommandFilter, sginfo, root
-sg_scan: CommandFilter, sg_scan, root
-ln: RegExpFilter, ln, root, ln, --symbolic, --force, /dev/mapper/ip-.*-iscsi-iqn.2010-10.org.openstack:volume-.*, /dev/disk/by-path/ip-.*-iscsi-iqn.2010-10.org.openstack:volume-.*
-
-# nova/volume/encryptors.py:
-# nova/virt/libvirt/dmcrypt.py:
-cryptsetup: CommandFilter, cryptsetup, root
-
-# nova/virt/xenapi/vm_utils.py:
-xenstore-read: CommandFilter, xenstore-read, root
-
-# nova/virt/baremetal/tilera.py: 'rpc.mountd'
-rpc.mountd: CommandFilter, rpc.mountd, root
-
-# nova/virt/libvirt/utils.py:
-rbd: CommandFilter, rbd, root
-
-# nova/virt/libvirt/utils.py: 'shred', '-n3', '-s%d' % volume_size, path
-shred: CommandFilter, shred, root
-
-# nova/virt/libvirt/volume.py: 'cp', '/dev/stdin', delete_control..
-cp: CommandFilter, cp, root
-
-# nova/virt/xenapi/vm_utils.py:
-sync: CommandFilter, sync, root
-
diff --git a/openstack/etc/nova/rootwrap.d/network.filters b/openstack/etc/nova/rootwrap.d/network.filters
deleted file mode 100644
index 568e8d49..00000000
--- a/openstack/etc/nova/rootwrap.d/network.filters
+++ /dev/null
@@ -1,94 +0,0 @@
-# nova-rootwrap command filters for network nodes
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova/virt/libvirt/vif.py: 'ip', 'tuntap', 'add', dev, 'mode', 'tap'
-# nova/virt/libvirt/vif.py: 'ip', 'link', 'set', dev, 'up'
-# nova/virt/libvirt/vif.py: 'ip', 'link', 'delete', dev
-# nova/network/linux_net.py: 'ip', 'addr', 'add', str(floating_ip)+'/32'i..
-# nova/network/linux_net.py: 'ip', 'addr', 'del', str(floating_ip)+'/32'..
-# nova/network/linux_net.py: 'ip', 'addr', 'add', '169.254.169.254/32',..
-# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', dev, 'scope',..
-# nova/network/linux_net.py: 'ip', 'addr', 'del/add', ip_params, dev)
-# nova/network/linux_net.py: 'ip', 'addr', 'del', params, fields[-1]
-# nova/network/linux_net.py: 'ip', 'addr', 'add', params, bridge
-# nova/network/linux_net.py: 'ip', '-f', 'inet6', 'addr', 'change', ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', 'dev', dev, 'promisc',..
-# nova/network/linux_net.py: 'ip', 'link', 'add', 'link', bridge_if ...
-# nova/network/linux_net.py: 'ip', 'link', 'set', interface, address,..
-# nova/network/linux_net.py: 'ip', 'link', 'set', interface, 'up'
-# nova/network/linux_net.py: 'ip', 'link', 'set', bridge, 'up'
-# nova/network/linux_net.py: 'ip', 'addr', 'show', 'dev', interface, ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', dev, address, ..
-# nova/network/linux_net.py: 'ip', 'link', 'set', dev, 'up'
-# nova/network/linux_net.py: 'ip', 'route', 'add', ..
-# nova/network/linux_net.py: 'ip', 'route', 'del', .
-# nova/network/linux_net.py: 'ip', 'route', 'show', 'dev', dev
-ip: CommandFilter, ip, root
-
-# nova/virt/libvirt/vif.py: 'ovs-vsctl', ...
-# nova/virt/libvirt/vif.py: 'ovs-vsctl', 'del-port', ...
-# nova/network/linux_net.py: 'ovs-vsctl', ....
-ovs-vsctl: CommandFilter, ovs-vsctl, root
-
-# nova/network/linux_net.py: 'ovs-ofctl', ....
-ovs-ofctl: CommandFilter, ovs-ofctl, root
-
-# nova/virt/libvirt/vif.py: 'ivs-ctl', ...
-# nova/virt/libvirt/vif.py: 'ivs-ctl', 'del-port', ...
-# nova/network/linux_net.py: 'ivs-ctl', ....
-ivs-ctl: CommandFilter, ivs-ctl, root
-
-# nova/virt/libvirt/vif.py: 'ifc_ctl', ...
-ifc_ctl: CommandFilter, /opt/pg/bin/ifc_ctl, root
-
-# nova/virt/libvirt/vif.py: 'ebrctl', ...
-ebrctl: CommandFilter, ebrctl, root
-
-# nova/virt/libvirt/vif.py: 'mm-ctl', ...
-mm-ctl: CommandFilter, mm-ctl, root
-
-# nova/network/linux_net.py: 'ebtables', '-D' ...
-# nova/network/linux_net.py: 'ebtables', '-I' ...
-ebtables: CommandFilter, ebtables, root
-ebtables_usr: CommandFilter, ebtables, root
-
-# nova/network/linux_net.py: 'ip[6]tables-save' % (cmd, '-t', ...
-iptables-save: CommandFilter, iptables-save, root
-ip6tables-save: CommandFilter, ip6tables-save, root
-
-# nova/network/linux_net.py: 'ip[6]tables-restore' % (cmd,)
-iptables-restore: CommandFilter, iptables-restore, root
-ip6tables-restore: CommandFilter, ip6tables-restore, root
-
-# nova/network/linux_net.py: 'arping', '-U', floating_ip, '-A', '-I', ...
-# nova/network/linux_net.py: 'arping', '-U', network_ref['dhcp_server'],..
-arping: CommandFilter, arping, root
-
-# nova/network/linux_net.py: 'dhcp_release', dev, address, mac_address
-dhcp_release: CommandFilter, dhcp_release, root
-
-# nova/network/linux_net.py: 'kill', '-9', pid
-# nova/network/linux_net.py: 'kill', '-HUP', pid
-kill_dnsmasq: KillFilter, root, /usr/sbin/dnsmasq, -9, -HUP
-
-# nova/network/linux_net.py: 'kill', pid
-kill_radvd: KillFilter, root, /usr/sbin/radvd
-
-# nova/network/linux_net.py: dnsmasq call
-dnsmasq: EnvFilter, env, root, CONFIG_FILE=, NETWORK_ID=, dnsmasq
-
-# nova/network/linux_net.py: 'radvd', '-C', '%s' % _ra_file(dev, 'conf'..
-radvd: CommandFilter, radvd, root
-
-# nova/network/linux_net.py: 'brctl', 'addbr', bridge
-# nova/network/linux_net.py: 'brctl', 'setfd', bridge, 0
-# nova/network/linux_net.py: 'brctl', 'stp', bridge, 'off'
-# nova/network/linux_net.py: 'brctl', 'addif', bridge, interface
-brctl: CommandFilter, brctl, root
-
-# nova/network/linux_net.py: 'sysctl', ....
-sysctl: CommandFilter, sysctl, root
-
-# nova/network/linux_net.py: 'conntrack'
-conntrack: CommandFilter, conntrack, root