commit 3f2a7b75bb440e5658a61cb06097de280d9f572e
author Adam Gandelman <adamg@ubuntu.com> Mon Apr 14 16:14:33 2014 -0700
committer Adam Gandelman <adamg@ubuntu.com> Mon Apr 14 17:16:23 2014 -0700
tree 81bf65ed9ac450d58db25922ed246d64864e6c5a
parent 404fbfefe24a667ec4c13ca3e043edb4a551fe90

Add sudoers.d entry for Ironic conductor

Ironic conductor requires sudo access for ironic-rootwrap.

Change-Id: Ic6f24a864ca0255e2a8e69969f347bcaf8493e1f

lib/ironic

diff --git a/lib/ironic b/lib/ironic
index 50c0fb6..ec9447d 100644
--- a/lib/ironic
+++ b/lib/ironic
@@ -170,6 +170,15 @@
 function configure_ironic_conductor {
     cp $IRONIC_DIR/etc/ironic/rootwrap.conf $IRONIC_ROOTWRAP_CONF
     cp -r $IRONIC_DIR/etc/ironic/rootwrap.d $IRONIC_CONF_DIR
+    IRONIC_ROOTWRAP=$(get_rootwrap_location ironic)
+    ROOTWRAP_ISUDOER_CMD="$IRONIC_ROOTWRAP $IRONIC_CONF_DIR/rootwrap.conf *"
+
+    # Set up the rootwrap sudoers for ironic
+    TEMPFILE=`mktemp`
+    echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_ISUDOER_CMD" >$TEMPFILE
+    chmod 0440 $TEMPFILE
+    sudo chown root:root $TEMPFILE
+    sudo mv $TEMPFILE /etc/sudoers.d/ironic-rootwrap
 
     iniset $IRONIC_CONF_FILE DEFAULT rootwrap_config $IRONIC_ROOTWRAP_CONF
     iniset $IRONIC_CONF_FILE DEFAULT drivers_whitelist $IRONIC_DRIVERS_WHITELIST