From 3a2f641e4e70e76ffa77629c6208970c1a7af667 Mon Sep 17 00:00:00 2001
From: Paul Sherwood <paul.sherwood@codethink.co.uk>
Date: Fri, 25 Sep 2015 08:47:49 +0000
Subject: Proposed re-org of definitions repo

---
 baserock/strata/openstack-services/ironic.morph | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 baserock/strata/openstack-services/ironic.morph

(limited to 'baserock/strata/openstack-services/ironic.morph')

diff --git a/baserock/strata/openstack-services/ironic.morph b/baserock/strata/openstack-services/ironic.morph
new file mode 100644
index 00000000..8003dd17
--- /dev/null
+++ b/baserock/strata/openstack-services/ironic.morph
@@ -0,0 +1,18 @@
+name: ironic
+kind: chunk
+build-system: python-distutils
+post-install-commands:
+- |
+  mkdir -p "$DESTDIR"/etc/ironic
+  install -m 644 etc/ironic/policy.json "$DESTDIR"/etc/ironic
+  install -m 644 etc/ironic/rootwrap.conf "$DESTDIR"/etc/ironic
+  mkdir -p "$DESTDIR"/etc/ironic/rootwrap.d
+  install -m 644 etc/ironic/rootwrap.d/* "$DESTDIR"/etc/ironic/rootwrap.d/
+
+  # Add ironic to sudoers controlling which commands will run as a root
+  # using the openstack rootwrap.
+  install -D -m 0440 /proc/self/fd/0 <<'EOF' "$DESTDIR"/etc/sudoers.d/ironic-rootwrap
+  Defaults:ironic !requiretty
+
+  ironic ALL=(root) NOPASSWD: /usr/bin/ironic-rootwrap /etc/ironic/rootwrap.conf *
+  EOF
-- 
cgit v1.2.1