Browse Source

Merge "Add rootwrap filter for systemctl control of dnsmasq"

Zuul 8 months ago
parent
commit
56138d8f06

+ 11
- 0
releasenotes/notes/dnsmask-pxe-filter-rootwrap-systemctl-099964ad39d38b4c.yaml View File

@@ -0,0 +1,11 @@
1
+---
2
+fixes:
3
+  - |
4
+    A new rootwrap filter is now included to allow control of the systemd
5
+    dnsmasq service used by ironic-inspector. This fixes a permission issue
6
+    when systemctl commands are used as ``dnsmasq_start_command`` and
7
+    ``dnsmasq_stop_command`` in the configuration for the dnsmasq pxe filter.
8
+    See bug `2002818 <https://storyboard.openstack.org/#!/story/2002818>`_.
9
+
10
+    .. Note:: The filter uses the systemd service name used by the RDO
11
+              distrubution (``openstack-ironic-inspector-dnsmasq.service``).

+ 0
- 6
rootwrap.d/ironic-inspector-firewall.filters View File

@@ -1,6 +0,0 @@
1
-# ironic-inspector-rootwrap command filters for firewall manipulation
2
-# This file should be owned by (and only-writeable by) the root user
3
-
4
-[Filters]
5
-# ironic_inspector/firewall.py
6
-iptables: CommandFilter, iptables, root

+ 10
- 0
rootwrap.d/ironic-inspector.filters View File

@@ -0,0 +1,10 @@
1
+# This file should be owned by (and only-writeable by) the root user
2
+
3
+[Filters]
4
+# ironic-inspector-rootwrap command filters for firewall manipulation
5
+# ironic_inspector/firewall.py
6
+iptables: CommandFilter, iptables, root
7
+
8
+# ironic-inspector-rootwrap command filters for systemctl manipulation of the dnsmasq service
9
+# ironic_inspector/pxe_filter/dnsmasq.py
10
+systemctl: RegExpFilter, /bin/systemctl, root, systemctl, .*, openstack-ironic-inspector-dnsmasq.service

Loading…
Cancel
Save