Adjust support for upcoming rootwrap changes

ttx · ttx · commit be5d3f23beb2 · 2012-06-20T18:17:03.000+02:00
Adjust the recently-added support for upcoming nova-rootwrap changes to match the latest proposed implementation. We now have a rootwrap.conf configuration files that must point to the directory where the filters are actually defined. See https://review.openstack.org/#/c/8747/1 for the Nova change that justifies this. Change-Id: I20f2bff0f9e87cb11d58f083a326656c4a124bf1
diff --git a/stack.sh b/stack.sh
@@ -1194,19 +1194,26 @@ sudo chown `whoami` $NOVA_CONF_DIR
 
 cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
 
-# If Nova ships the new rootwrap.d config files, deploy them
+# If Nova ships the new rootwrap filters files, deploy them
 # (owned by root) and add a parameter to $NOVA_ROOTWRAP
 ROOTWRAP_SUDOER_CMD="$NOVA_ROOTWRAP"
-if [[ -d $NOVA_DIR/etc/nova/rootwrap.d ]]; then
+if [[ -d $NOVA_DIR/etc/nova/rootwrap ]]; then
     # Wipe any existing rootwrap.d files first
     if [[ -d $NOVA_CONF_DIR/rootwrap.d ]]; then
         sudo rm -rf $NOVA_CONF_DIR/rootwrap.d
     fi
+    # Deploy filters to /etc/nova/rootwrap.d
     sudo mkdir -m 755 $NOVA_CONF_DIR/rootwrap.d
-    sudo cp $NOVA_DIR/etc/nova/rootwrap.d/* $NOVA_CONF_DIR/rootwrap.d
+    sudo cp $NOVA_DIR/etc/nova/rootwrap/*.filters $NOVA_CONF_DIR/rootwrap.d
     sudo chown -R root:root $NOVA_CONF_DIR/rootwrap.d
     sudo chmod 644 $NOVA_CONF_DIR/rootwrap.d/*
-    NOVA_ROOTWRAP="$NOVA_ROOTWRAP $NOVA_CONF_DIR/rootwrap.d"
+    # Set up rootwrap.conf, pointing to /etc/nova/rootwrap.d
+    sudo cp $NOVA_DIR/etc/nova/rootwrap.conf $NOVA_CONF_DIR/
+    sudo sed -e "s:^path=.*$:path=$NOVA_CONF_DIR/rootwrap.d:" -i $NOVA_CONF_DIR/rootwrap.conf
+    sudo chown root:root $NOVA_CONF_DIR/rootwrap.conf
+    sudo chmod 0644 $NOVA_CONF_DIR/rootwrap.conf
+    # Specify rootwrap.conf as first parameter to nova-rootwrap
+    NOVA_ROOTWRAP="$NOVA_ROOTWRAP $NOVA_CONF_DIR/rootwrap.conf"
     ROOTWRAP_SUDOER_CMD="$NOVA_ROOTWRAP *"
 fi
 
