Skip to content

Commit d2f8fa3

Browse files
ttxttx
committed
Always setup rootwrap sudoers entry
Setup /etc/sudoers.d/nova-rootwrap in all cases, and not just when devstack is not run as root. Fixes bug 1011652. Change-Id: Ib4cdeaa282f01cf2ce98119618f232c91b6e8db4
1 parent a1683aa commit d2f8fa3

File tree

2 files changed

+8
-7
lines changed

2 files changed

+8
-7
lines changed

AUTHORS

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -26,6 +26,7 @@ Ken Pepple <ken.pepple@rabbityard.com>
2626
Kiall Mac Innes <kiall@managedit.ie>
2727
Russell Bryant <rbryant@redhat.com>
2828
Scott Moser <smoser@ubuntu.com>
29+
Thierry Carrez <thierry@openstack.org>
2930
Todd Willey <xtoddx@gmail.com>
3031
Tres Henry <tres@treshenry.net>
3132
Vishvananda Ishaya <vishvananda@gmail.com>

stack.sh

Lines changed: 7 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -187,13 +187,6 @@ else
187187
sudo chown root:root $TEMPFILE
188188
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
189189

190-
# Set up the rootwrap sudoers
191-
TEMPFILE=`mktemp`
192-
echo "$USER ALL=(root) NOPASSWD: $NOVA_ROOTWRAP" >$TEMPFILE
193-
chmod 0440 $TEMPFILE
194-
sudo chown root:root $TEMPFILE
195-
sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap
196-
197190
# Remove old file
198191
sudo rm -f /etc/sudoers.d/stack_sh_nova
199192
fi
@@ -1184,6 +1177,13 @@ sudo chown `whoami` $NOVA_CONF_DIR
11841177

11851178
cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
11861179

1180+
# Set up the rootwrap sudoers
1181+
TEMPFILE=`mktemp`
1182+
echo "$USER ALL=(root) NOPASSWD: $NOVA_ROOTWRAP" >$TEMPFILE
1183+
chmod 0440 $TEMPFILE
1184+
sudo chown root:root $TEMPFILE
1185+
sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap
1186+
11871187
if is_service_enabled n-api; then
11881188
# Use the sample http middleware configuration supplied in the
11891189
# Nova sources. This paste config adds the configuration required

0 commit comments

Comments
 (0)