Merge "Use ironic-inspector user for ironic-inspector"
This commit is contained in:
commit
1cad4813b6
@ -1,10 +1,12 @@
|
|||||||
FROM {{ namespace }}/{{ image_prefix }}ironic-base:{{ tag }}
|
FROM {{ namespace }}/{{ image_prefix }}openstack-base:{{ tag }}
|
||||||
MAINTAINER {{ maintainer }}
|
MAINTAINER {{ maintainer }}
|
||||||
|
|
||||||
{% block ironic_inspector_header %}{% endblock %}
|
{% block ironic_inspector_header %}{% endblock %}
|
||||||
|
|
||||||
{% import "macros.j2" as macros with context %}
|
{% import "macros.j2" as macros with context %}
|
||||||
|
|
||||||
|
{{ macros.configure_user(name='ironic-inspector') }}
|
||||||
|
|
||||||
{% if install_type == 'binary' %}
|
{% if install_type == 'binary' %}
|
||||||
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
|
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
|
||||||
{% set ironic_inspector_packages = ['openstack-ironic-inspector'] %}
|
{% set ironic_inspector_packages = ['openstack-ironic-inspector'] %}
|
||||||
@ -17,8 +19,6 @@ MAINTAINER {{ maintainer }}
|
|||||||
|
|
||||||
{{ macros.install_packages(ironic_inspector_packages | customizable("packages")) }}
|
{{ macros.install_packages(ironic_inspector_packages | customizable("packages")) }}
|
||||||
|
|
||||||
COPY ironic_sudoers_binary /etc/sudoers.d/kolla_ironic_inspector_sudoers
|
|
||||||
|
|
||||||
{% elif install_type == 'source' %}
|
{% elif install_type == 'source' %}
|
||||||
{% if base_distro in ['debian', 'ubuntu'] %}
|
{% if base_distro in ['debian', 'ubuntu'] %}
|
||||||
{% set ironic_inspector_packages = ['iptables'] %}
|
{% set ironic_inspector_packages = ['iptables'] %}
|
||||||
@ -33,23 +33,24 @@ ADD ironic-inspector-archive /ironic-inspector-source
|
|||||||
] %}
|
] %}
|
||||||
|
|
||||||
RUN ln -s ironic-inspector-source/* ironic-inspector \
|
RUN ln -s ironic-inspector-source/* ironic-inspector \
|
||||||
&& mv /etc/ironic /etc/ironic-inspector \
|
|
||||||
&& {{ macros.install_pip(ironic_inspector_pip_packages | customizable("pip_packages")) }} \
|
&& {{ macros.install_pip(ironic_inspector_pip_packages | customizable("pip_packages")) }} \
|
||||||
|
&& mkdir -p /etc/ironic-inspector \
|
||||||
&& cp /ironic-inspector/rootwrap.conf /etc/ironic-inspector/ \
|
&& cp /ironic-inspector/rootwrap.conf /etc/ironic-inspector/ \
|
||||||
&& cp -r /ironic-inspector/rootwrap.d/ /etc/ironic-inspector/ \
|
&& cp -r /ironic-inspector/rootwrap.d/ /etc/ironic-inspector/ \
|
||||||
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic-inspector/rootwrap.conf
|
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic-inspector/rootwrap.conf
|
||||||
|
|
||||||
COPY ironic_sudoers_source /etc/sudoers.d/kolla_ironic_inspector_sudoers
|
ADD ironic_inspector_sudoers /etc/sudoers.d/kolla_ironic_inspector_sudoers
|
||||||
|
RUN chmod 750 /etc/sudoers.d \
|
||||||
|
&& chmod 440 /etc/sudoers.d/kolla_ironic_inspector_sudoers
|
||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
COPY extend_start.sh /usr/local/bin/kolla_ironic_extend_start
|
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
|
|
||||||
RUN chmod 750 /etc/sudoers.d \
|
RUN chmod 755 /usr/local/bin/kolla_extend_start \
|
||||||
&& chmod 440 /etc/sudoers.d/kolla_ironic_inspector_sudoers \
|
&& chown -R ironic-inspector: /etc/ironic-inspector
|
||||||
&& chmod 755 /usr/local/bin/kolla_ironic_extend_start
|
|
||||||
|
|
||||||
{% block ironic_inspector_footer %}{% endblock %}
|
{% block ironic_inspector_footer %}{% endblock %}
|
||||||
{% block footer %}{% endblock %}
|
{% block footer %}{% endblock %}
|
||||||
|
|
||||||
USER ironic
|
USER ironic-inspector
|
@ -1,5 +1,14 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
LOG_PATH=/var/log/kolla/ironic-inspector
|
||||||
|
|
||||||
|
if [[ ! -d "${LOG_PATH}" ]]; then
|
||||||
|
mkdir -p "${LOG_PATH}"
|
||||||
|
fi
|
||||||
|
if [[ $(stat -c %a "${LOG_PATH}") != "755" ]]; then
|
||||||
|
chmod 755 "${LOG_PATH}"
|
||||||
|
fi
|
||||||
|
|
||||||
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
|
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
|
||||||
# of the KOLLA_BOOTSTRAP variable being set, including empty.
|
# of the KOLLA_BOOTSTRAP variable being set, including empty.
|
||||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
1
docker/ironic-inspector/ironic_inspector_sudoers
Normal file
1
docker/ironic-inspector/ironic_inspector_sudoers
Normal file
@ -0,0 +1 @@
|
|||||||
|
ironic-inspector ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf *
|
@ -1 +0,0 @@
|
|||||||
ironic ALL=(root) NOPASSWD: /usr/bin/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf *
|
|
@ -1 +0,0 @@
|
|||||||
ironic ALL=(root) NOPASSWD: /var/lib/kolla/venv/bin/ironic-inspector-rootwrap /etc/ironic-inspector/rootwrap.conf *
|
|
@ -794,6 +794,10 @@ USERS = {
|
|||||||
'uid': 42460,
|
'uid': 42460,
|
||||||
'gid': 42460,
|
'gid': 42460,
|
||||||
},
|
},
|
||||||
|
'ironic-inspector-user': {
|
||||||
|
'uid': 42461,
|
||||||
|
'gid': 42461,
|
||||||
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
Loading…
x
Reference in New Issue
Block a user