From 5d9519b396e89501b8a4204a0fef4a5533434506 Mon Sep 17 00:00:00 2001 From: Pete Birley Date: Mon, 30 Jul 2018 18:24:43 -0500 Subject: [PATCH] Nova: Move nova sudoers file to be drive fully by values.yaml This PS brings novas sudoers file config to be in line with neutron and other osh charts. Change-Id: I609455b1a58e576644b8a6cfb8b273d5aeb94c58 Signed-off-by: Pete Birley --- nova/templates/configmap-etc.yaml | 2 +- nova/templates/etc/_nova_sudoers.tpl | 20 -------------------- nova/values.yaml | 8 +++++--- 3 files changed, 6 insertions(+), 24 deletions(-) delete mode 100644 nova/templates/etc/_nova_sudoers.tpl diff --git a/nova/templates/configmap-etc.yaml b/nova/templates/configmap-etc.yaml index f1c2ebb4b3..625eda396f 100644 --- a/nova/templates/configmap-etc.yaml +++ b/nova/templates/configmap-etc.yaml @@ -225,7 +225,7 @@ data: policy.yaml: | {{ toYaml .Values.conf.policy | indent 4 }} nova_sudoers: | -{{- tuple .Values.conf.nova_sudoers "etc/_nova_sudoers.tpl" . | include "helm-toolkit.utils.configmap_templater" }} +{{ $envAll.Values.conf.nova_sudoers | indent 4 }} rootwrap.conf: | {{- tuple .Values.conf.rootwrap "etc/_rootwrap.conf.tpl" . | include "helm-toolkit.utils.configmap_templater" }} api-metadata.filters: | diff --git a/nova/templates/etc/_nova_sudoers.tpl b/nova/templates/etc/_nova_sudoers.tpl deleted file mode 100644 index e4a16efd93..0000000000 --- a/nova/templates/etc/_nova_sudoers.tpl +++ /dev/null @@ -1,20 +0,0 @@ -{{/* -Copyright 2017 The Openstack-Helm Authors. - -Licensed under the Apache License, Version 2.0 (the "License"); -you may not use this file except in compliance with the License. -You may obtain a copy of the License at - - http://www.apache.org/licenses/LICENSE-2.0 - -Unless required by applicable law or agreed to in writing, software -distributed under the License is distributed on an "AS IS" BASIS, -WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -See the License for the specific language governing permissions and -limitations under the License. -*/}} - -# This sudoers file supports rootwrap for both Kolla and LOCI Images. -Defaults !requiretty -Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin" -nova ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/nova-rootwrap /etc/nova/rootwrap.conf *, /var/lib/openstack/bin/nova-rootwrap /etc/nova/rootwrap.conf * diff --git a/nova/values.yaml b/nova/values.yaml index 87aa009053..2f39184509 100644 --- a/nova/values.yaml +++ b/nova/values.yaml @@ -1017,9 +1017,11 @@ conf: os_compute_api:os-volumes-attachments:discoverable: "@" os_compute_api:os-volumes-attachments:update: rule:admin_api os_compute_api:os-volumes-attachments:delete: rule:admin_or_owner - nova_sudoers: - override: - append: + nova_sudoers: | + # This sudoers file supports rootwrap for both Kolla and LOCI Images. + Defaults !requiretty + Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin:/var/lib/kolla/venv/bin" + nova ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/nova-rootwrap /etc/nova/rootwrap.conf *, /var/lib/openstack/bin/nova-rootwrap /etc/nova/rootwrap.conf * rootwrap: override: append: