From b4a7bcae624e554e7ae982699dbf3ee5acb25457 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?C=C3=A9dric=20Jeanneret?= <cjeanner@redhat.com>
Date: Wed, 26 Sep 2018 17:06:50 +0200
Subject: [PATCH] Do not load iscsi_tcp from within a container.

The module must be loaded from the host directly in order
to avoid any SELinux issues.

There are examples in kolla-ansible and tripleo-heat-templates:
- https://review.openstack.org/#/c/605624/
- https://review.openstack.org/#/c/605450/

Change-Id: Ica68a109c3ed577e6a339ef315b576061cd557e5
Related-Bug: 1794550
---
 docker/ironic/ironic-conductor/Dockerfile.j2     | 5 -----
 docker/ironic/ironic-conductor/extend_start.sh   | 3 ---
 docker/ironic/ironic-conductor/iscsi_tcp_sudoers | 1 -
 3 files changed, 9 deletions(-)
 delete mode 100644 docker/ironic/ironic-conductor/extend_start.sh
 delete mode 100644 docker/ironic/ironic-conductor/iscsi_tcp_sudoers

diff --git a/docker/ironic/ironic-conductor/Dockerfile.j2 b/docker/ironic/ironic-conductor/Dockerfile.j2
index c094835a20..d81204e7be 100644
--- a/docker/ironic/ironic-conductor/Dockerfile.j2
+++ b/docker/ironic/ironic-conductor/Dockerfile.j2
@@ -103,11 +103,6 @@ RUN {{ macros.install_pip(ironic_conductor_pip_packages | customizable("pip_pack
 
 {{ macros.install_packages(ironic_conductor_packages | customizable("packages")) }}
 
-COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start
-COPY iscsi_tcp_sudoers /etc/sudoers.d/kolla_iscsi_tcp_sudoers
-RUN chmod 755 /usr/local/bin/kolla_ironic_extend_start \
-    && chmod 440 /etc/sudoers.d/kolla_iscsi_tcp_sudoers
-
 {% block ironic_conductor_footer %}{% endblock %}
 {% block footer %}{% endblock %}
 
diff --git a/docker/ironic/ironic-conductor/extend_start.sh b/docker/ironic/ironic-conductor/extend_start.sh
deleted file mode 100644
index e058fad549..0000000000
--- a/docker/ironic/ironic-conductor/extend_start.sh
+++ /dev/null
@@ -1,3 +0,0 @@
-#!/bin/bash
-
-sudo modprobe iscsi_tcp
diff --git a/docker/ironic/ironic-conductor/iscsi_tcp_sudoers b/docker/ironic/ironic-conductor/iscsi_tcp_sudoers
deleted file mode 100644
index 5d38ac6915..0000000000
--- a/docker/ironic/ironic-conductor/iscsi_tcp_sudoers
+++ /dev/null
@@ -1 +0,0 @@
-ironic ALL=(root) NOPASSWD: /usr/sbin/modprobe iscsi_tcp, /sbin/modprobe iscsi_tcp