From 2514bcf0c3ce0f6637da26567ddb82588af58938 Mon Sep 17 00:00:00 2001 From: SamYaple Date: Wed, 3 Feb 2016 05:12:13 +0000 Subject: [PATCH] Correct issue with virtualenv rootwrap Because we use rootwrap in a venv we need to update the exec_dirs. Without doing this *some* commands will break for various reasons that I won't get into in this review in detail. But this is required for neutron-l3-agent in a container + drop-root. Change-Id: I1a09f7188fdd501b7ce251d9f2fb0e5b10222142 Partially-Implements: blueprint drop-root --- docker/ceilometer/ceilometer-base/Dockerfile.j2 | 5 +++-- docker/cinder/cinder-base/Dockerfile.j2 | 3 ++- docker/designate/designate-base/Dockerfile.j2 | 4 +++- docker/ironic/ironic-base/Dockerfile.j2 | 3 ++- docker/manila/manila-base/Dockerfile.j2 | 3 ++- docker/neutron/neutron-base/Dockerfile.j2 | 3 ++- docker/nova/nova-base/Dockerfile.j2 | 3 ++- 7 files changed, 16 insertions(+), 8 deletions(-) diff --git a/docker/ceilometer/ceilometer-base/Dockerfile.j2 b/docker/ceilometer/ceilometer-base/Dockerfile.j2 index 3d34b370ed..1d1965d9ef 100644 --- a/docker/ceilometer/ceilometer-base/Dockerfile.j2 +++ b/docker/ceilometer/ceilometer-base/Dockerfile.j2 @@ -17,8 +17,9 @@ RUN ln -s ceilometer-base-source/* ceilometer \ && useradd --user-group ceilometer \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /ceilometer \ && mkdir -p /etc/ceilometer /var/log/ceilometer /home/ceilometer \ - && cp -r /ceilometer/etc/* /etc/ceilometer/ \ - && chown -R ceilometer: /etc/ceilometer /var/log/ceilometer /home/ceilometer + && cp -r /ceilometer/etc/ceilometer/* /etc/ceilometer/ \ + && chown -R ceilometer: /etc/ceilometer /var/log/ceilometer /home/ceilometer \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ceilometer/rootwrap.conf {% endif %} diff --git a/docker/cinder/cinder-base/Dockerfile.j2 b/docker/cinder/cinder-base/Dockerfile.j2 index 269f89f6ba..2a995f8052 100644 --- a/docker/cinder/cinder-base/Dockerfile.j2 +++ b/docker/cinder/cinder-base/Dockerfile.j2 @@ -48,7 +48,8 @@ RUN ln -s cinder-base-source/* cinder \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /cinder \ && mkdir -p /etc/cinder /var/log/cinder /var/lib/cinder /home/cinder \ && cp -r /cinder/etc/cinder/* /etc/cinder/ \ - && chown -R cinder: /etc/cinder /var/log/cinder /var/lib/cinder /home/cinder + && chown -R cinder: /etc/cinder /var/log/cinder /var/lib/cinder /home/cinder \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf COPY cinder_sudoers /etc/sudoers.d/cinder_sudoers RUN chmod 750 /etc/sudoers.d \ diff --git a/docker/designate/designate-base/Dockerfile.j2 b/docker/designate/designate-base/Dockerfile.j2 index 989cb9e37d..d641da39a2 100644 --- a/docker/designate/designate-base/Dockerfile.j2 +++ b/docker/designate/designate-base/Dockerfile.j2 @@ -26,7 +26,9 @@ RUN ln -s designate-base-source/* designate \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /designate \ && mkdir -p /etc/designate /var/log/designate /home/designate \ && cp -r /designate/etc/designate/* /etc/designate/ \ - && chown -R designate: /etc/designate /var/log/designate /home/designate + && mv /etc/designate/rootwrap.conf.sample /etc/designate/rootwrap.conf \ + && chown -R designate: /etc/designate /var/log/designate /home/designate \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/designate/rootwrap.conf {% endif %} diff --git a/docker/ironic/ironic-base/Dockerfile.j2 b/docker/ironic/ironic-base/Dockerfile.j2 index 499f346231..4dc6e7fc33 100644 --- a/docker/ironic/ironic-base/Dockerfile.j2 +++ b/docker/ironic/ironic-base/Dockerfile.j2 @@ -23,7 +23,8 @@ RUN ln -s ironic-base-source/* ironic \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /ironic \ && mkdir -p /etc/ironic /var/log/ironic /home/ironic \ && cp -r /ironic/etc/ironic/* /etc/ironic/ \ - && chown -R ironic: /etc/ironic /var/log/ironic /home/ironic + && chown -R ironic: /etc/ironic /var/log/ironic /home/ironic \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf {% endif %} diff --git a/docker/manila/manila-base/Dockerfile.j2 b/docker/manila/manila-base/Dockerfile.j2 index bdd654c7cd..48dae07dbf 100644 --- a/docker/manila/manila-base/Dockerfile.j2 +++ b/docker/manila/manila-base/Dockerfile.j2 @@ -16,7 +16,8 @@ RUN ln -s manila-base-source/* manila \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /manila \ && mkdir -p /etc/manila /var/lib/manila /var/log/manila /home/manila \ && cp -r /manila/etc/manila/* /etc/manila/ \ - && chown -R manila: /etc/manila /var/lib/manila /var/log/manila /home/manila + && chown -R manila: /etc/manila /var/lib/manila /var/log/manila /home/manila \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/manila/rootwrap.conf {% endif %} diff --git a/docker/neutron/neutron-base/Dockerfile.j2 b/docker/neutron/neutron-base/Dockerfile.j2 index a305d198f6..82b70aaa42 100644 --- a/docker/neutron/neutron-base/Dockerfile.j2 +++ b/docker/neutron/neutron-base/Dockerfile.j2 @@ -54,7 +54,8 @@ RUN ln -s neutron-base-source/* neutron \ && cp -r /neutron/etc/neutron/* /etc/neutron/ \ && cp /neutron/etc/api-paste.ini /usr/share/neutron \ && mv /etc/neutron/neutron/ /etc/neutron/plugins/ \ - && chown -R neutron: /etc/neutron /usr/share/neutron /var/log/neutron /home/neutron + && chown -R neutron: /etc/neutron /usr/share/neutron /var/log/neutron /home/neutron \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/neutron/rootwrap.conf {% endif %} diff --git a/docker/nova/nova-base/Dockerfile.j2 b/docker/nova/nova-base/Dockerfile.j2 index 0f9aedd945..8259bb2810 100644 --- a/docker/nova/nova-base/Dockerfile.j2 +++ b/docker/nova/nova-base/Dockerfile.j2 @@ -50,7 +50,8 @@ RUN ln -s nova-base-source/* nova \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /nova \ && mkdir -p /etc/nova /var/log/nova /home/nova /var/lib/nova \ && cp -r /nova/etc/nova/* /etc/nova/ \ - && chown -R nova: /etc/nova /var/log/nova /home/nova /var/lib/nova + && chown -R nova: /etc/nova /var/log/nova /home/nova /var/lib/nova \ + && sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/nova/rootwrap.conf COPY nova_sudoers /etc/sudoers.d/nova_sudoers RUN chmod 750 /etc/sudoers.d \