Remove sudo operations that are no longer necessary
set_configs.py has logic to handle chown of directories. Simplify the codebase by removing these unnessary chowns. Further the chowns cause some forms of NFS backed storage to not work properly. Change-Id: I8df95d06b1010778deb3e2a3065aaab26ed2eb6a Closes-Bug: #1693973
This commit is contained in:
parent
7a9160f3f3
commit
4607ab5e53
@ -26,7 +26,6 @@ ENV JAVA_HOME /usr/lib/jvm/java-8-openjdk-amd64/
|
||||
{% endif %}
|
||||
|
||||
{{ macros.install_packages(elasticsearch_packages | customizable("packages")) }}
|
||||
COPY elasticsearch_sudoers /etc/sudoers.d/kolla_elasticsearch_sudoers
|
||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
|
||||
# NOTE: By default the shell of the elasticsearch user is /bin/false. We have to
|
||||
@ -34,9 +33,7 @@ COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
#
|
||||
# https://discuss.elastic.co/t/running-as-non-root-user-service-wrapper-has-changed/7863
|
||||
|
||||
RUN chmod 755 /usr/local/bin/kolla_extend_start \
|
||||
&& chmod 750 /etc/sudoers.d \
|
||||
&& chmod 440 /etc/sudoers.d/kolla_elasticsearch_sudoers
|
||||
RUN chmod 755 /usr/local/bin/kolla_extend_start
|
||||
|
||||
{% block elasticsearch_footer %}{% endblock %}
|
||||
{% block footer %}{% endblock %}
|
||||
|
@ -1 +0,0 @@
|
||||
%kolla ALL=(root) NOPASSWD: /bin/chown elasticsearch\: /var/lib/elasticsearch/data, /usr/bin/chown elasticsearch\: /var/lib/elasticsearch/data
|
@ -6,8 +6,3 @@ fi
|
||||
if [[ $(stat -c %a /var/log/kolla/elasticsearch) != "755" ]]; then
|
||||
chmod 755 /var/log/kolla/elasticsearch
|
||||
fi
|
||||
|
||||
# Only update permissions if permissions need to be updated
|
||||
if [[ $(stat -c %U:%G /var/lib/elasticsearch/data) != "elasticsearch:elasticsearch" ]]; then
|
||||
sudo chown elasticsearch: /var/lib/elasticsearch/data
|
||||
fi
|
||||
|
@ -5,6 +5,5 @@
|
||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||
glance-manage db_sync
|
||||
glance-manage db_load_metadefs
|
||||
sudo chown -R glance: /var/lib/glance/
|
||||
exit 0
|
||||
fi
|
||||
|
@ -49,12 +49,9 @@ RUN ln -s glance-base-source/* glance \
|
||||
|
||||
{% endif %}
|
||||
|
||||
COPY glance_sudoers /etc/sudoers.d/kolla_glance_sudoers
|
||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
|
||||
RUN chmod 750 /etc/sudoers.d \
|
||||
&& chmod 440 /etc/sudoers.d/kolla_glance_sudoers \
|
||||
&& touch /usr/local/bin/kolla_glance_extend_start \
|
||||
RUN touch /usr/local/bin/kolla_glance_extend_start \
|
||||
&& chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_glance_extend_start
|
||||
|
||||
{% block glance_base_footer %}{% endblock %}
|
||||
|
@ -1 +0,0 @@
|
||||
%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R glance\: /var/lib/glance/, /bin/chown -R glance\: /var/lib/glance/
|
@ -37,11 +37,6 @@ function bootstrap_db {
|
||||
mysqladmin -uroot -p"${DB_ROOT_PASSWORD}" shutdown
|
||||
}
|
||||
|
||||
# Only update permissions if permissions need to be updated
|
||||
if [[ $(stat -c %U:%G /var/lib/mysql) != "mysql:mysql" ]]; then
|
||||
sudo chown mysql: /var/lib/mysql
|
||||
fi
|
||||
|
||||
# Create log directory, with appropriate permissions
|
||||
if [[ ! -d "/var/log/kolla/mariadb" ]]; then
|
||||
mkdir -p /var/log/kolla/mariadb
|
||||
|
@ -1 +1 @@
|
||||
%kolla ALL=(root) NOPASSWD: /bin/chown mysql\: /var/lib/mysql, /usr/bin/chown mysql\: /var/lib/mysql, /usr/local/bin/kolla_security_reset
|
||||
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset
|
||||
|
@ -45,11 +45,8 @@ RUN rm -rf /var/lib/rabbitmq/* \
|
||||
{% endblock %}
|
||||
|
||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
COPY rabbitmq_sudoers /etc/sudoers.d/kolla_rabbitmq_sudoers
|
||||
COPY rabbitmq_get_gospel_node.py /usr/local/bin/rabbitmq_get_gospel_node
|
||||
RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/rabbitmq_get_gospel_node \
|
||||
&& chmod 750 /etc/sudoers.d \
|
||||
&& chmod 440 /etc/sudoers.d/kolla_rabbitmq_sudoers
|
||||
RUN chmod 755 /usr/local/bin/kolla_extend_start /usr/local/bin/rabbitmq_get_gospel_node
|
||||
|
||||
{% block rabbitmq_footer %}{% endblock %}
|
||||
{% block footer %}{% endblock %}
|
||||
|
@ -3,7 +3,6 @@
|
||||
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
|
||||
# of the KOLLA_BOOTSTRAP variable being set, including empty.
|
||||
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
|
||||
sudo chown -R rabbitmq: /var/lib/rabbitmq
|
||||
|
||||
# NOTE(sbezverk): In kubernetes environment, if this file exists from previous
|
||||
# bootstrap, the system does not allow to overwrite it (it bootstrap files with
|
||||
|
@ -1 +0,0 @@
|
||||
%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R rabbitmq\: /var/lib/rabbitmq, /bin/chown -R rabbitmq\: /var/lib/rabbitmq
|
Loading…
Reference in New Issue
Block a user