commit ce5b8ed38b32f13a00411dfc980bf02e89932d7b
author Thierry Carrez <thierry@openstack.org> Thu Jun 14 12:27:58 2012 +0200
committer Thierry Carrez <thierry@openstack.org> Mon Jun 18 17:17:43 2012 +0200
tree eb623b35700e275cae6b581cee17327add19862c
parent c634ccd707e7ebca4a1826a9ddf6e0132caba57f

Support upcoming rootwrap.d config files

Add support in devstack for upcoming /etc/nova/rootwrap.d
configuration files. Note that we don't change anything if Nova
doesn't ship them, so devstack supports both cases.

This is the first step for blueprint folsom-nova-rootwrap. It needs
to go in first so that tests pass when rootwrap.d changes will be
proposed in Nova.

Change-Id: I0189575ed9adb1be61c8563ce8f3199c52fc08ff

stack.sh

diff --git a/stack.sh b/stack.sh
index 71c2f9e..cc5f594 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1178,9 +1178,25 @@
 
 cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
 
+# If Nova ships the new rootwrap.d config files, deploy them
+# (owned by root) and add a parameter to $NOVA_ROOTWRAP
+ROOTWRAP_SUDOER_CMD="$NOVA_ROOTWRAP"
+if [[ -d $NOVA_DIR/etc/nova/rootwrap.d ]]; then
+    # Wipe any existing rootwrap.d files first
+    if [[ -d $NOVA_CONF_DIR/rootwrap.d ]]; then
+        sudo rm -rf $NOVA_CONF_DIR/rootwrap.d
+    fi
+    sudo mkdir -m 755 $NOVA_CONF_DIR/rootwrap.d
+    sudo cp $NOVA_DIR/etc/nova/rootwrap.d/* $NOVA_CONF_DIR/rootwrap.d
+    sudo chown -R root:root $NOVA_CONF_DIR/rootwrap.d
+    sudo chmod 644 $NOVA_CONF_DIR/rootwrap.d/*
+    NOVA_ROOTWRAP="$NOVA_ROOTWRAP $NOVA_CONF_DIR/rootwrap.d"
+    ROOTWRAP_SUDOER_CMD="$NOVA_ROOTWRAP *"
+fi
+
 # Set up the rootwrap sudoers
 TEMPFILE=`mktemp`
-echo "$USER ALL=(root) NOPASSWD: $NOVA_ROOTWRAP" >$TEMPFILE
+echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
 chmod 0440 $TEMPFILE
 sudo chown root:root $TEMPFILE
 sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap