Add user 'zun' to group 'docker'

Zun compute needs to access the docker socket for API call. The socket is owned by 'docker' group and the zun-compute process is owned by 'zun' user. In order to allow the access, this commit add zun user to docker group. Change-Id: Ifa7d399242dddf8d07f8b495b344752131a0f110
2018-09-30 16:51:38 +00:00 · 2018-09-30 16:51:38 +00:00 · 0c8d3f0586
parent 570a6120be
commit 0c8d3f0586
3 changed files with 15 additions and 0 deletions
--- a/docker/zun/zun-compute/Dockerfile.j2
+++ b/docker/zun/zun-compute/Dockerfile.j2
@ -10,6 +10,13 @@ RUN echo '{{ install_type }} not yet available for {{ base_distro }}' \

 {% endif %}

+COPY zun_sudoers /etc/sudoers.d/kolla_zun_sudoers
+COPY extend_start.sh /usr/local/bin/kolla_zun_extend_start
+
+RUN chmod 755 /usr/local/bin/kolla_zun_extend_start \
+    && chmod 750 /etc/sudoers.d \
+    && chmod 640 /etc/sudoers.d/kolla_zun_sudoers
+
 {% block zun_compute_footer %}{% endblock %}
 {% block footer %}{% endblock %}

--- a/docker/zun/zun-compute/extend_start.sh
+++ b/docker/zun/zun-compute/extend_start.sh
@ -0,0 +1,5 @@
+#!/bin/bash
+
+gid=$(stat -c "%g" /var/run/docker.sock)
+sudo groupadd --force --gid $gid docker
+sudo usermod -aG docker zun
--- a/docker/zun/zun-compute/zun_sudoers
+++ b/docker/zun/zun-compute/zun_sudoers
@ -0,0 +1,3 @@
+zun ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/zun-rootwrap /etc/zun/rootwrap.conf *
+zun ALL=(root) NOPASSWD: /usr/sbin/groupadd --force --gid *
+zun ALL=(root) NOPASSWD: /usr/sbin/usermod -aG docker zun