Merge "Install Cinder into its own venv"
This commit is contained in:
commit
e57a1e04d5
31
lib/cinder
31
lib/cinder
@ -39,8 +39,16 @@ fi
|
|||||||
|
|
||||||
# set up default directories
|
# set up default directories
|
||||||
GITDIR["python-cinderclient"]=$DEST/python-cinderclient
|
GITDIR["python-cinderclient"]=$DEST/python-cinderclient
|
||||||
|
|
||||||
CINDER_DIR=$DEST/cinder
|
CINDER_DIR=$DEST/cinder
|
||||||
|
|
||||||
|
# Cinder virtual environment
|
||||||
|
if [[ ${USE_VENV} = True ]]; then
|
||||||
|
PROJECT_VENV["cinder"]=${CINDER_DIR}.venv
|
||||||
|
CINDER_BIN_DIR=${PROJECT_VENV["cinder"]}/bin
|
||||||
|
else
|
||||||
|
CINDER_BIN_DIR=$(get_python_exec_prefix)
|
||||||
|
fi
|
||||||
|
|
||||||
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
|
CINDER_STATE_PATH=${CINDER_STATE_PATH:=$DATA_DIR/cinder}
|
||||||
CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
|
CINDER_AUTH_CACHE_DIR=${CINDER_AUTH_CACHE_DIR:-/var/cache/cinder}
|
||||||
|
|
||||||
@ -57,13 +65,6 @@ CINDER_SERVICE_PORT=${CINDER_SERVICE_PORT:-8776}
|
|||||||
CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
|
CINDER_SERVICE_PORT_INT=${CINDER_SERVICE_PORT_INT:-18776}
|
||||||
CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
CINDER_SERVICE_PROTOCOL=${CINDER_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
|
||||||
|
|
||||||
# Support entry points installation of console scripts
|
|
||||||
if [[ -d $CINDER_DIR/bin ]]; then
|
|
||||||
CINDER_BIN_DIR=$CINDER_DIR/bin
|
|
||||||
else
|
|
||||||
CINDER_BIN_DIR=$(get_python_exec_prefix)
|
|
||||||
fi
|
|
||||||
|
|
||||||
|
|
||||||
# Default backends
|
# Default backends
|
||||||
# The backend format is type:name where type is one of the supported backend
|
# The backend format is type:name where type is one of the supported backend
|
||||||
@ -164,12 +165,11 @@ function cleanup_cinder {
|
|||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
|
||||||
|
# Deploy new rootwrap filters files and configure sudo
|
||||||
# configure_cinder_rootwrap() - configure Cinder's rootwrap
|
# configure_cinder_rootwrap() - configure Cinder's rootwrap
|
||||||
function configure_cinder_rootwrap {
|
function configure_cinder_rootwrap {
|
||||||
# Set the paths of certain binaries
|
local cinder_rootwrap=$CINDER_BIN_DIR/cinder-rootwrap
|
||||||
local cinder_rootwrap=$(get_rootwrap_location cinder)
|
|
||||||
|
|
||||||
# Deploy new rootwrap filters files (owned by root).
|
|
||||||
# Wipe any existing rootwrap.d files first
|
# Wipe any existing rootwrap.d files first
|
||||||
if [[ -d $CINDER_CONF_DIR/rootwrap.d ]]; then
|
if [[ -d $CINDER_CONF_DIR/rootwrap.d ]]; then
|
||||||
sudo rm -rf $CINDER_CONF_DIR/rootwrap.d
|
sudo rm -rf $CINDER_CONF_DIR/rootwrap.d
|
||||||
@ -188,10 +188,17 @@ function configure_cinder_rootwrap {
|
|||||||
|
|
||||||
# Set up the rootwrap sudoers for cinder
|
# Set up the rootwrap sudoers for cinder
|
||||||
local tempfile=`mktemp`
|
local tempfile=`mktemp`
|
||||||
echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_CSUDOER_CMD" >$tempfile
|
echo "Defaults:$STACK_USER secure_path=$CINDER_BIN_DIR:/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >$tempfile
|
||||||
|
echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_CSUDOER_CMD" >>$tempfile
|
||||||
chmod 0440 $tempfile
|
chmod 0440 $tempfile
|
||||||
sudo chown root:root $tempfile
|
sudo chown root:root $tempfile
|
||||||
sudo mv $tempfile /etc/sudoers.d/cinder-rootwrap
|
sudo mv $tempfile /etc/sudoers.d/cinder-rootwrap
|
||||||
|
|
||||||
|
# So rootwrap and PATH are broken beyond belief. WTF relies on a SECURE operation
|
||||||
|
# to blindly follow PATH??? We learned that was a bad idea in the 80's!
|
||||||
|
# So to fix this in a venv, we must exploit the very hole we want to close by dropping
|
||||||
|
# a copy of the venv rootwrap binary into /usr/local/bin.
|
||||||
|
#sudo cp -p $cinder_rootwrap /usr/local/bin
|
||||||
}
|
}
|
||||||
|
|
||||||
# configure_cinder() - Set config files, create data dirs, etc
|
# configure_cinder() - Set config files, create data dirs, etc
|
||||||
|
Loading…
Reference in New Issue
Block a user