From b8317806e01538ea099831f1222ca2e6a89520a1 Mon Sep 17 00:00:00 2001
From: Francisco Redondo Marchena <francisco.marchena@codethink.co.uk>
Date: Mon, 17 Nov 2014 11:59:47 +0000
Subject: Add nova user to sudoers group, using rootwrap to control it

Nova user needs to run commands as a root, in order to filter
this commands openstack uses rootwrap. Nova needs root permissions
to run this commands, so this patch adds it to sudoers for the rootwrap
application and configuration.
---
 openstack-nova.configure | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'openstack-nova.configure')

diff --git a/openstack-nova.configure b/openstack-nova.configure
index c04dd82c..ee937007 100644
--- a/openstack-nova.configure
+++ b/openstack-nova.configure
@@ -61,3 +61,9 @@ ln -sf ../libvirt-guests.service "$wants_dir/libvirt-guests.service"
 
 sed -i "s/192\.168\.122\./192\.168\.1\./g" \
        "$ROOT"/etc/libvirt/qemu/networks/default.xml
+
+##########################################################################
+# Add nova to sudoers controlling which commands is running as a root
+# using the openstack rootwrap.
+##########################################################################
+echo 'nova ALL=(ALL) NOPASSWD: /usr/bin/nova-rootwrap /etc/nova/rootwrap.conf *' >> "$ROOT/etc/sudoers"
-- 
cgit v1.2.1