From ad4d61bb4d543bf824660727accc1f240f53c461 Mon Sep 17 00:00:00 2001
From: Olivier Bourdon <obourdon@opennext.io>
Date: Tue, 7 Aug 2018 13:20:12 +0200
Subject: [PATCH] Add missing ironic-inspector bits

- rootwrap configuration bits from source repository
- sudoers rule for ironic-inspector-rootwrap

Change-Id: Ic3f7e4a6cc9e9d9dbe1b0910707e3652b97ef257
Depends-On: I405add3ded3035c732a8227acda2437bf692cc95
---
 .../tasks/inspector_bootstrap.yml                 | 15 +++++++++++++++
 .../tasks/ironic_config.yml                       |  8 ++++++--
 2 files changed, 21 insertions(+), 2 deletions(-)

diff --git a/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml b/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml
index 141354b38..0334bc4ae 100644
--- a/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/inspector_bootstrap.yml
@@ -39,6 +39,21 @@
     group=ironic
     mode=0755
     state=directory
+# Note(TheJulia): The rootwrap copies will need to be re-tooled
+# to possibly directly retreive current files if a source install
+# is not utilized.
+- name: "Copy rootwrap.conf from ironic-inspector source folder"
+  copy:
+    src: "{{ ironicinspector_git_folder }}/rootwrap.conf"
+    dest: "/etc/ironic-inspector/rootwrap.conf"
+    remote_src: yes
+    mode: 0644
+    owner: root
+    group: root
+# Note(ashestakov): "copy" module in ansible doesn't support recursive
+# copying on remote host. "cp" command used instead.
+- name: "Copy rootwrap.d contents from ironic-inspector source folder"
+  command: cp -r "{{ ironicinspector_git_folder }}/rootwrap.d/" "/etc/ironic-inspector/rootwrap.d"
 
 - name: "Populate keystone for ironic-inspector "
   include: keystone_setup_inspector.yml
diff --git a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml
index 5dc49caea..7ffadc7aa 100644
--- a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml
+++ b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml
@@ -45,8 +45,12 @@
   when: enable_venv | bool == true
   with_items:
     - "{{ bifrost_venv_dir }}/bin/ironic-rootwrap"
+    - "{{ bifrost_venv_dir }}/bin/ironic-inspector-rootwrap"
 - name: "Set sudoers for rootwrap"
   lineinfile:
     dest: /etc/sudoers
-    regexp: '^ironic(.*)/etc/ironic/rootwrap.conf(.*)'
-    line: "ironic ALL = (root) NOPASSWD: {{ ironic_rootwrap_dir }}/ironic-rootwrap /etc/ironic/rootwrap.conf *"
+    regexp: "{{ item.regexp }}"
+    line: "{{ item.line }}"
+  with_items:
+    - { regexp: '^ironic(.*)/ironic-rootwrap /etc/ironic/rootwrap.conf(.*)', line: "ironic ALL = (root) NOPASSWD: {{ ironic_rootwrap_dir }}/ironic-rootwrap /etc/ironic/rootwrap.conf *" }
+    - { regexp: '^ironic(.*)/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf(.*)', line: "ironic ALL = (root) NOPASSWD: {{ ironic_rootwrap_dir }}/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf *" }