Add nova user to sudoers group, using rootwrap to control it

Nova user needs to run commands as a root, in order to filter this commands openstack uses rootwrap. Nova needs root permissions to run this commands, so this patch adds it to sudoers for the rootwrap application and configuration.
author: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk> 2014-11-17 11:59:47 +0000
committer: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk> 2015-02-11 18:30:28 +0000
commit: d1e41deede8f14ac4ce3673f513c79519405df63 (patch)
tree: a478fd06a6f9cf252d06f7f2686db937c8668d67 /openstack-nova.configure
parent: c0b73fede3f9b9874008478857d3f12f84312598 (diff)
download: definitions-d1e41deede8f14ac4ce3673f513c79519405df63.tar.gz
1 files changed, 6 insertions, 0 deletions
diff --git a/openstack-nova.configure b/openstack-nova.configure
index c04dd82c..ee937007 100644
--- a/openstack-nova.configure
+++ b/openstack-nova.configure
@@ -61,3 +61,9 @@ ln -sf ../libvirt-guests.service "$wants_dir/libvirt-guests.service"
 
 sed -i "s/192\.168\.122\./192\.168\.1\./g" \
        "$ROOT"/etc/libvirt/qemu/networks/default.xml
+
+##########################################################################
+# Add nova to sudoers controlling which commands is running as a root
+# using the openstack rootwrap.
+##########################################################################
+echo 'nova ALL=(ALL) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *' >> "$ROOT/etc/sudoers"
author	Francisco Redondo Marchena <francisco.marchena@codethink.co.uk>	2014-11-17 11:59:47 +0000
committer	Francisco Redondo Marchena <francisco.marchena@codethink.co.uk>	2015-02-11 18:30:28 +0000
commit	d1e41deede8f14ac4ce3673f513c79519405df63 (patch)
tree	a478fd06a6f9cf252d06f7f2686db937c8668d67 /openstack-nova.configure
parent	c0b73fede3f9b9874008478857d3f12f84312598 (diff)
download	definitions-d1e41deede8f14ac4ce3673f513c79519405df63.tar.gz