Fix Swift deployment issue

Swift deployment is broken since CVE-2022-38060 fixed sudoers file in the I66476a2b396e2cbe41e68ac51f57aae1806b2ed8. The kolla-toolbox container have their own virtualenv path differs from all other containers. This change adds the correct sudoers secure_path configuration needed only for kolla-toolbox conainer. Related-Bug: #1985784 Change-Id: I3651576ee354364d639c187ff750491667ecab56 Signed-off-by: Maksim Malchuk <maksim.malchuk@gmail.com> (cherry picked from commit b8a352647d)
2022-10-08 01:29:02 +03:00 · 2022-10-08 01:29:02 +03:00 · 75a21a45d3
parent 42700cf5a6
commit 75a21a45d3
2 changed files with 9 additions and 0 deletions
--- a/docker/kolla-toolbox/ansible_sudoers
+++ b/docker/kolla-toolbox/ansible_sudoers
@ -1 +1,3 @@
+Defaults secure_path="/opt/ansible/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
 ansible ALL=(root) NOPASSWD: /opt/ansible/bin/ansible localhost -m find_disks -a *, /usr/local/bin/ansible localhost -m find_disks -a *
--- a/releasenotes/notes/swift-sudo-issue-84d37919c980a373.yaml
+++ b/releasenotes/notes/swift-sudo-issue-84d37919c980a373.yaml
@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes an issue with Swift deployment via Kolla Ansible caused by
+    the fix to CVE-2022-38060.
+    The kolla-toolbox container now have its own sudoers secure_path
+    configuration which allows the necessary binaries to execute.