Correct issue with virtualenv rootwrap

Because we use rootwrap in a venv we need to update the exec_dirs.
Without doing this *some* commands will break for various reasons that
I won't get into in this review in detail. But this is required for
neutron-l3-agent in a container + drop-root.

Change-Id: I1a09f7188fdd501b7ce251d9f2fb0e5b10222142
Partially-Implements: blueprint drop-root

docker/ceilometer/ceilometer-base/Dockerfile.j2

@@ -17,8 +17,9 @@ RUN ln -s ceilometer-base-source/* ceilometer \
     && useradd --user-group ceilometer \
     && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /ceilometer \
     && mkdir -p /etc/ceilometer /var/log/ceilometer /home/ceilometer \
-    && cp -r /ceilometer/etc/* /etc/ceilometer/ \
-    && chown -R ceilometer: /etc/ceilometer /var/log/ceilometer /home/ceilometer
+    && cp -r /ceilometer/etc/ceilometer/* /etc/ceilometer/ \
+    && chown -R ceilometer: /etc/ceilometer /var/log/ceilometer /home/ceilometer \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ceilometer/rootwrap.conf
 
 {% endif %}
 

docker/cinder/cinder-base/Dockerfile.j2

@@ -48,7 +48,8 @@ RUN ln -s cinder-base-source/* cinder \
     && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /cinder \
     && mkdir -p /etc/cinder /var/log/cinder /var/lib/cinder /home/cinder \
     && cp -r /cinder/etc/cinder/* /etc/cinder/ \
-    && chown -R cinder: /etc/cinder /var/log/cinder /var/lib/cinder /home/cinder
+    && chown -R cinder: /etc/cinder /var/log/cinder /var/lib/cinder /home/cinder \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf
 
 COPY cinder_sudoers /etc/sudoers.d/cinder_sudoers
 RUN chmod 750 /etc/sudoers.d \

docker/designate/designate-base/Dockerfile.j2

@@ -26,7 +26,9 @@ RUN ln -s designate-base-source/* designate \
     && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /designate \
     && mkdir -p /etc/designate /var/log/designate /home/designate \
     && cp -r /designate/etc/designate/* /etc/designate/ \
-    && chown -R designate: /etc/designate /var/log/designate /home/designate
+    && mv /etc/designate/rootwrap.conf.sample /etc/designate/rootwrap.conf \
+    && chown -R designate: /etc/designate /var/log/designate /home/designate \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf
 
 {% endif %}
 

docker/ironic/ironic-base/Dockerfile.j2

@@ -23,7 +23,8 @@ RUN ln -s ironic-base-source/* ironic \
     && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /ironic \
     && mkdir -p /etc/ironic /var/log/ironic /home/ironic \
     && cp -r /ironic/etc/ironic/* /etc/ironic/ \
-    && chown -R ironic: /etc/ironic /var/log/ironic /home/ironic
+    && chown -R ironic: /etc/ironic /var/log/ironic /home/ironic \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf
 
 {% endif %}
 

docker/manila/manila-base/Dockerfile.j2

@@ -16,7 +16,8 @@ RUN ln -s manila-base-source/* manila \
     && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /manila \
     && mkdir -p /etc/manila /var/lib/manila /var/log/manila /home/manila \
     && cp -r /manila/etc/manila/* /etc/manila/ \
-    && chown -R manila: /etc/manila /var/lib/manila /var/log/manila /home/manila
+    && chown -R manila: /etc/manila /var/lib/manila /var/log/manila /home/manila \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/manila/rootwrap.conf
 
 {% endif %}
 

docker/neutron/neutron-base/Dockerfile.j2

@@ -54,7 +54,8 @@ RUN ln -s neutron-base-source/* neutron \
     && cp -r /neutron/etc/neutron/* /etc/neutron/ \
     && cp /neutron/etc/api-paste.ini /usr/share/neutron \
     && mv /etc/neutron/neutron/ /etc/neutron/plugins/ \
-    && chown -R neutron: /etc/neutron /usr/share/neutron /var/log/neutron /home/neutron
+    && chown -R neutron: /etc/neutron /usr/share/neutron /var/log/neutron /home/neutron \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/neutron/rootwrap.conf
 
 {% endif %}
 

docker/nova/nova-base/Dockerfile.j2

@@ -50,7 +50,8 @@ RUN ln -s nova-base-source/* nova \
     && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /nova \
     && mkdir -p /etc/nova /var/log/nova /home/nova /var/lib/nova \
     && cp -r /nova/etc/nova/* /etc/nova/ \
-    && chown -R nova: /etc/nova /var/log/nova /home/nova /var/lib/nova
+    && chown -R nova: /etc/nova /var/log/nova /home/nova /var/lib/nova \
+    && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/nova/rootwrap.conf
 
 COPY nova_sudoers /etc/sudoers.d/nova_sudoers
 RUN chmod 750 /etc/sudoers.d \