From ce5b8ed38b32f13a00411dfc980bf02e89932d7b Mon Sep 17 00:00:00 2001
From: Thierry Carrez <thierry@openstack.org>
Date: Thu, 14 Jun 2012 12:27:58 +0200
Subject: [PATCH] Support upcoming rootwrap.d config files

Add support in devstack for upcoming /etc/nova/rootwrap.d
configuration files. Note that we don't change anything if Nova
doesn't ship them, so devstack supports both cases.

This is the first step for blueprint folsom-nova-rootwrap. It needs
to go in first so that tests pass when rootwrap.d changes will be
proposed in Nova.

Change-Id: I0189575ed9adb1be61c8563ce8f3199c52fc08ff
---
 stack.sh | 18 +++++++++++++++++-
 1 file changed, 17 insertions(+), 1 deletion(-)

diff --git a/stack.sh b/stack.sh
index 71c2f9eafd..cc5f5941d4 100755
--- a/stack.sh
+++ b/stack.sh
@@ -1178,9 +1178,25 @@ sudo chown `whoami` $NOVA_CONF_DIR
 
 cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
 
+# If Nova ships the new rootwrap.d config files, deploy them
+# (owned by root) and add a parameter to $NOVA_ROOTWRAP
+ROOTWRAP_SUDOER_CMD="$NOVA_ROOTWRAP"
+if [[ -d $NOVA_DIR/etc/nova/rootwrap.d ]]; then
+    # Wipe any existing rootwrap.d files first
+    if [[ -d $NOVA_CONF_DIR/rootwrap.d ]]; then
+        sudo rm -rf $NOVA_CONF_DIR/rootwrap.d
+    fi
+    sudo mkdir -m 755 $NOVA_CONF_DIR/rootwrap.d
+    sudo cp $NOVA_DIR/etc/nova/rootwrap.d/* $NOVA_CONF_DIR/rootwrap.d
+    sudo chown -R root:root $NOVA_CONF_DIR/rootwrap.d
+    sudo chmod 644 $NOVA_CONF_DIR/rootwrap.d/*
+    NOVA_ROOTWRAP="$NOVA_ROOTWRAP $NOVA_CONF_DIR/rootwrap.d"
+    ROOTWRAP_SUDOER_CMD="$NOVA_ROOTWRAP *"
+fi
+
 # Set up the rootwrap sudoers
 TEMPFILE=`mktemp`
-echo "$USER ALL=(root) NOPASSWD: $NOVA_ROOTWRAP" >$TEMPFILE
+echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
 chmod 0440 $TEMPFILE
 sudo chown root:root $TEMPFILE
 sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap