Add user 'zun' to group 'docker'
Zun compute needs to access the docker socket for API call. The socket is owned by 'docker' group and the zun-compute process is owned by 'zun' user. In order to allow the access, this commit add zun user to docker group. Change-Id: Ifa7d399242dddf8d07f8b495b344752131a0f110
This commit is contained in:
parent
570a6120be
commit
0c8d3f0586
|
@ -10,6 +10,13 @@ RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \
|
|||
|
||||
{% endif %}
|
||||
|
||||
COPY zun_sudoers /etc/sudoers.d/kolla_zun_sudoers
|
||||
COPY extend_start.sh /usr/local/bin/kolla_zun_extend_start
|
||||
|
||||
RUN chmod 755 /usr/local/bin/kolla_zun_extend_start \
|
||||
&& chmod 750 /etc/sudoers.d \
|
||||
&& chmod 640 /etc/sudoers.d/kolla_zun_sudoers
|
||||
|
||||
{% block zun_compute_footer %}{% endblock %}
|
||||
{% block footer %}{% endblock %}
|
||||
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
#!/bin/bash
|
||||
|
||||
gid=$(stat -c "%g" /var/run/docker.sock)
|
||||
sudo groupadd --force --gid $gid docker
|
||||
sudo usermod -aG docker zun
|
|
@ -0,0 +1,3 @@
|
|||
zun ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/zun-rootwrap /etc/zun/rootwrap.conf *
|
||||
zun ALL=(root) NOPASSWD: /usr/sbin/groupadd --force --gid *
|
||||
zun ALL=(root) NOPASSWD: /usr/sbin/usermod -aG docker zun
|
Loading…
Reference in New Issue