Remove sudo operations that are no longer necessary

set_configs.py has logic to handle chown of directories.  Simplify
the codebase by removing these unnessary chowns.  Further the chowns
cause some forms of NFS backed storage to not work properly.

Change-Id: I8df95d06b1010778deb3e2a3065aaab26ed2eb6a
Closes-Bug: #1693973
This commit is contained in:
Steven Dake 2017-05-26 21:33:17 -07:00
parent 7a9160f3f3
commit 4607ab5e53
11 changed files with 4 additions and 28 deletions

View File

@ -26,7 +26,6 @@ ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
{% endif %}
{{ macros.install_packages(elasticsearch_packages | customizable("packages")) }}
COPY elasticsearch_sudoers /etc/sudoers.d/kolla_elasticsearch_sudoers
COPY extend_start.sh /usr/local/bin/kolla_extend_start
# NOTE: By default the shell of the elasticsearch user is /bin/false. We have to
@ -34,9 +33,7 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
#
# https://discuss.elastic.co/t/running-as-non-root-user-service-wrapper-has-changed/7863
RUN chmod 755 /usr/local/bin/kolla_extend_start \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/kolla_elasticsearch_sudoers
RUN chmod 755 /usr/local/bin/kolla_extend_start
{% block elasticsearch_footer %}{% endblock %}
{% block footer %}{% endblock %}

View File

@ -1 +0,0 @@
%kolla ALL=(root) NOPASSWD: /bin/chown elasticsearch\: /var/lib/elasticsearch/data, /usr/bin/chown elasticsearch\: /var/lib/elasticsearch/data

View File

@ -6,8 +6,3 @@ fi
if [[ $(stat -c %a /var/log/kolla/elasticsearch) != "755" ]]; then
chmod 755 /var/log/kolla/elasticsearch
fi
# Only update permissions if permissions need to be updated
if [[ $(stat -c %U:%G /var/lib/elasticsearch/data) != "elasticsearch:elasticsearch" ]]; then
sudo chown elasticsearch: /var/lib/elasticsearch/data
fi

View File

@ -5,6 +5,5 @@
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
glance-manage db_sync
glance-manage db_load_metadefs
sudo chown -R glance: /var/lib/glance/
exit 0
fi

View File

@ -49,12 +49,9 @@ RUN ln -s glance-base-source/* glance \
{% endif %}
COPY glance_sudoers /etc/sudoers.d/kolla_glance_sudoers
COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/kolla_glance_sudoers \
&& touch /usr/local/bin/kolla_glance_extend_start \
RUN touch /usr/local/bin/kolla_glance_extend_start \
&& chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_glance_extend_start
{% block glance_base_footer %}{% endblock %}

View File

@ -1 +0,0 @@
%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R glance\: /var/lib/glance/, /bin/chown -R glance\: /var/lib/glance/

View File

@ -37,11 +37,6 @@ function bootstrap_db {
mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
}
# Only update permissions if permissions need to be updated
if [[ $(stat -c %U:%G /var/lib/mysql) != "mysql:mysql" ]]; then
sudo chown mysql: /var/lib/mysql
fi
# Create log directory, with appropriate permissions
if [[ ! -d "/var/log/kolla/mariadb" ]]; then
mkdir -p /var/log/kolla/mariadb

View File

@ -1 +1 @@
%kolla ALL=(root) NOPASSWD: /bin/chown mysql\: /var/lib/mysql, /usr/bin/chown mysql\: /var/lib/mysql, /usr/local/bin/kolla_security_reset
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset

View File

@ -45,11 +45,8 @@ RUN rm -rf /var/lib/rabbitmq/* \
{% endblock %}
COPY extend_start.sh /usr/local/bin/kolla_extend_start
COPY rabbitmq_sudoers /etc/sudoers.d/kolla_rabbitmq_sudoers
COPY rabbitmq_get_gospel_node.py /usr/local/bin/rabbitmq_get_gospel_node
RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/rabbitmq_get_gospel_node \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/kolla_rabbitmq_sudoers
RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/rabbitmq_get_gospel_node
{% block rabbitmq_footer %}{% endblock %}
{% block footer %}{% endblock %}

View File

@ -3,7 +3,6 @@
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
# of the KOLLA_BOOTSTRAP variable being set, including empty.
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
sudo chown -R rabbitmq: /var/lib/rabbitmq
# NOTE(sbezverk): In kubernetes environment, if this file exists from previous
# bootstrap, the system does not allow to overwrite it (it bootstrap files with

View File

@ -1 +0,0 @@
%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R rabbitmq\: /var/lib/rabbitmq, /bin/chown -R rabbitmq\: /var/lib/rabbitmq