Remove sudo operations that are no longer necessary
set_configs.py has logic to handle chown of directories. Simplify the codebase by removing these unnessary chowns. Further the chowns cause some forms of NFS backed storage to not work properly. Change-Id: I8df95d06b1010778deb3e2a3065aaab26ed2eb6a Closes-Bug: #1693973
This commit is contained in:
parent
7a9160f3f3
commit
4607ab5e53
@ -26,7 +26,6 @@ ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
|
|||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
{{ macros.install_packages(elasticsearch_packages | customizable("packages")) }}
|
{{ macros.install_packages(elasticsearch_packages | customizable("packages")) }}
|
||||||
COPY elasticsearch_sudoers /etc/sudoers.d/kolla_elasticsearch_sudoers
|
|
||||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
|
|
||||||
# NOTE: By default the shell of the elasticsearch user is /bin/false. We have to
|
# NOTE: By default the shell of the elasticsearch user is /bin/false. We have to
|
||||||
@ -34,9 +33,7 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
|||||||
#
|
#
|
||||||
# https://discuss.elastic.co/t/running-as-non-root-user-service-wrapper-has-changed/7863
|
# https://discuss.elastic.co/t/running-as-non-root-user-service-wrapper-has-changed/7863
|
||||||
|
|
||||||
RUN chmod 755 /usr/local/bin/kolla_extend_start \
|
RUN chmod 755 /usr/local/bin/kolla_extend_start
|
||||||
&& chmod 750 /etc/sudoers.d \
|
|
||||||
&& chmod 440 /etc/sudoers.d/kolla_elasticsearch_sudoers
|
|
||||||
|
|
||||||
{% block elasticsearch_footer %}{% endblock %}
|
{% block elasticsearch_footer %}{% endblock %}
|
||||||
{% block footer %}{% endblock %}
|
{% block footer %}{% endblock %}
|
||||||
|
@ -1 +0,0 @@
|
|||||||
%kolla ALL=(root) NOPASSWD: /bin/chown elasticsearch\: /var/lib/elasticsearch/data, /usr/bin/chown elasticsearch\: /var/lib/elasticsearch/data
|
|
@ -6,8 +6,3 @@ fi
|
|||||||
if [[ $(stat -c %a /var/log/kolla/elasticsearch) != "755" ]]; then
|
if [[ $(stat -c %a /var/log/kolla/elasticsearch) != "755" ]]; then
|
||||||
chmod 755 /var/log/kolla/elasticsearch
|
chmod 755 /var/log/kolla/elasticsearch
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Only update permissions if permissions need to be updated
|
|
||||||
if [[ $(stat -c %U:%G /var/lib/elasticsearch/data) != "elasticsearch:elasticsearch" ]]; then
|
|
||||||
sudo chown elasticsearch: /var/lib/elasticsearch/data
|
|
||||||
fi
|
|
||||||
|
@ -5,6 +5,5 @@
|
|||||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||||
glance-manage db_sync
|
glance-manage db_sync
|
||||||
glance-manage db_load_metadefs
|
glance-manage db_load_metadefs
|
||||||
sudo chown -R glance: /var/lib/glance/
|
|
||||||
exit 0
|
exit 0
|
||||||
fi
|
fi
|
||||||
|
@ -49,12 +49,9 @@ RUN ln -s glance-base-source/* glance \
|
|||||||
|
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
COPY glance_sudoers /etc/sudoers.d/kolla_glance_sudoers
|
|
||||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
|
|
||||||
RUN chmod 750 /etc/sudoers.d \
|
RUN touch /usr/local/bin/kolla_glance_extend_start \
|
||||||
&& chmod 440 /etc/sudoers.d/kolla_glance_sudoers \
|
|
||||||
&& touch /usr/local/bin/kolla_glance_extend_start \
|
|
||||||
&& chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_glance_extend_start
|
&& chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_glance_extend_start
|
||||||
|
|
||||||
{% block glance_base_footer %}{% endblock %}
|
{% block glance_base_footer %}{% endblock %}
|
||||||
|
@ -1 +0,0 @@
|
|||||||
%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R glance\: /var/lib/glance/, /bin/chown -R glance\: /var/lib/glance/
|
|
@ -37,11 +37,6 @@ function bootstrap_db {
|
|||||||
mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
|
mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
|
||||||
}
|
}
|
||||||
|
|
||||||
# Only update permissions if permissions need to be updated
|
|
||||||
if [[ $(stat -c %U:%G /var/lib/mysql) != "mysql:mysql" ]]; then
|
|
||||||
sudo chown mysql: /var/lib/mysql
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Create log directory, with appropriate permissions
|
# Create log directory, with appropriate permissions
|
||||||
if [[ ! -d "/var/log/kolla/mariadb" ]]; then
|
if [[ ! -d "/var/log/kolla/mariadb" ]]; then
|
||||||
mkdir -p /var/log/kolla/mariadb
|
mkdir -p /var/log/kolla/mariadb
|
||||||
|
@ -1 +1 @@
|
|||||||
%kolla ALL=(root) NOPASSWD: /bin/chown mysql\: /var/lib/mysql, /usr/bin/chown mysql\: /var/lib/mysql, /usr/local/bin/kolla_security_reset
|
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset
|
||||||
|
@ -45,11 +45,8 @@ RUN rm -rf /var/lib/rabbitmq/* \
|
|||||||
{% endblock %}
|
{% endblock %}
|
||||||
|
|
||||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||||
COPY rabbitmq_sudoers /etc/sudoers.d/kolla_rabbitmq_sudoers
|
|
||||||
COPY rabbitmq_get_gospel_node.py /usr/local/bin/rabbitmq_get_gospel_node
|
COPY rabbitmq_get_gospel_node.py /usr/local/bin/rabbitmq_get_gospel_node
|
||||||
RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/rabbitmq_get_gospel_node \
|
RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/rabbitmq_get_gospel_node
|
||||||
&& chmod 750 /etc/sudoers.d \
|
|
||||||
&& chmod 440 /etc/sudoers.d/kolla_rabbitmq_sudoers
|
|
||||||
|
|
||||||
{% block rabbitmq_footer %}{% endblock %}
|
{% block rabbitmq_footer %}{% endblock %}
|
||||||
{% block footer %}{% endblock %}
|
{% block footer %}{% endblock %}
|
||||||
|
@ -3,7 +3,6 @@
|
|||||||
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
|
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
|
||||||
# of the KOLLA_BOOTSTRAP variable being set, including empty.
|
# of the KOLLA_BOOTSTRAP variable being set, including empty.
|
||||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||||
sudo chown -R rabbitmq: /var/lib/rabbitmq
|
|
||||||
|
|
||||||
# NOTE(sbezverk): In kubernetes environment, if this file exists from previous
|
# NOTE(sbezverk): In kubernetes environment, if this file exists from previous
|
||||||
# bootstrap, the system does not allow to overwrite it (it bootstrap files with
|
# bootstrap, the system does not allow to overwrite it (it bootstrap files with
|
||||||
|
@ -1 +0,0 @@
|
|||||||
%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R rabbitmq\: /var/lib/rabbitmq, /bin/chown -R rabbitmq\: /var/lib/rabbitmq
|
|
Loading…
Reference in New Issue
Block a user