openstack/kolla
Code Issues Proposed changes

Fix openstack CADF audit maps and installation

Browse Source 
This patch fixes missing pycadf's audit maps
for services and change the way how pycadf
is installed.

Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/905858

Closes-Bug: #2047941
Change-Id: I9b43d1a9990ad8aa7381ea81b0f2d692967be949
This commit is contained in:
Michal Arbet 2024-01-03 15:30:27 +01:00 committed by Bartosz Bezak
parent 0eddd35da5
commit 7f5a904e98
14 changed files with 29 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
docker/ceilometer/ceilometer-base/Dockerfile.j2
View File

@ -29,6 +29,7 @@ RUN ln -s ceilometer-base-source/* ceilometer \
&& {{ macros.install_pip(ceilometer_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/ceilometer \
&& cp -r /ceilometer/etc/ceilometer/* /etc/ceilometer/ \
&& cp /etc/pycadf/ceilometer_api_audit_map.conf /etc/ceilometer/ \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ceilometer/rootwrap.conf \
&& if [ "$(ls /plugins)" ]; then \
{{ macros.install_pip(ceilometer_base_plugins_pip_packages) }}; \

1
docker/cinder/cinder-base/Dockerfile.j2
View File

@ -44,6 +44,7 @@ RUN ln -s cinder-base-source/* cinder \
&& {{ macros.install_pip(cinder_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/cinder \
&& cp -r /cinder/etc/cinder/* /etc/cinder/ \
&& cp /etc/pycadf/cinder_api_audit_map.conf /etc/cinder/ \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/cinder/rootwrap.conf \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/kolla_cinder_sudoers \

1
docker/glance/glance-base/Dockerfile.j2
View File

@ -41,6 +41,7 @@ RUN ln -s glance-base-source/* glance \
&& {{ macros.install_pip(glance_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/glance \
&& cp -r /glance/etc/* /etc/glance/ \
&& cp /etc/pycadf/glance_api_audit_map.conf /etc/glance/ \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/glance/rootwrap.conf \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/kolla_glance_sudoers \

1
docker/gnocchi/gnocchi-base/Dockerfile.j2
View File

@ -44,6 +44,7 @@ COPY gnocchi_sudoers /etc/sudoers.d/kolla_gnocchi_sudoers
RUN ln -s gnocchi-base-source/* gnocchi \
&& {{ macros.install_pip(gnocchi_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/gnocchi \
&& cp /etc/pycadf/gnocchi_api_audit_map.conf /etc/gnocchi/ \
&& chmod 750 /etc/sudoers.d \
&& chmod 640 /etc/sudoers.d/kolla_gnocchi_sudoers \
&& touch /usr/local/bin/kolla_gnocchi_extend_start \

1
docker/heat/heat-base/Dockerfile.j2
View File

@ -27,6 +27,7 @@ RUN ln -s heat-base-source/* heat \
&& {{ macros.install_pip(heat_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/heat \
&& cp -r /heat/etc/heat/* /etc/heat/ \
&& cp /etc/pycadf/heat_api_audit_map.conf /etc/heat/ \
&& touch /usr/local/bin/kolla_heat_extend_start \
&& chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_heat_extend_start

1
docker/ironic/ironic-base/Dockerfile.j2
View File

@ -22,6 +22,7 @@ RUN ln -s ironic-base-source/* ironic \
&& {{ macros.install_pip(ironic_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/ironic \
&& cp -r /var/lib/kolla/venv/etc/ironic/* /etc/ironic/ \
&& cp /etc/pycadf/ironic_api_audit_map.conf /etc/ironic/ \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/ironic/rootwrap.conf \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/kolla_ironic_sudoers \

1
docker/neutron/neutron-base/Dockerfile.j2
View File

@ -74,6 +74,7 @@ RUN ln -s neutron-base-source/* neutron \
&& mkdir -p /etc/neutron \
&& cp -r /neutron/etc/* /etc/neutron/ \
&& cp -r /neutron/etc/neutron/* /etc/neutron/ \
&& cp /etc/pycadf/neutron_api_audit_map.conf /etc/neutron/ \
&& mv /etc/neutron/neutron/ /etc/neutron/plugins/ \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/neutron/rootwrap.conf \
&& if [ "$(ls /plugins)" ]; then \

1
docker/nova/nova-base/Dockerfile.j2
View File

@ -70,6 +70,7 @@ RUN ln -s nova-base-source/* nova \
&& {{ macros.install_pip(nova_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/nova/ \
&& cp -r /nova/etc/nova/* /etc/nova/ \
&& cp /etc/pycadf/nova_api_audit_map.conf /etc/nova/ \
&& sed -i 's|^exec_dirs.*|exec_dirs=/var/lib/kolla/venv/bin,/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin|g' /etc/nova/rootwrap.conf \
&& if [ "$(ls /plugins)" ]; then \
{{ macros.install_pip(nova_base_plugins_pip_packages) }}; \

1
docker/octavia/octavia-base/Dockerfile.j2
View File

@ -28,6 +28,7 @@ RUN ln -s /octavia-base-source/* octavia \
&& {{ macros.install_pip(octavia_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/octavia \
&& cp -r /octavia/etc/* /etc/octavia/ \
&& cp /octavia/etc/audit/octavia_api_audit_map.conf.sample /etc/octavia/octavia_api_audit_map.conf \
&& touch /usr/local/bin/kolla_octavia_extend_start \
&& chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_octavia_extend_start

11
docker/openstack-base/Dockerfile.j2
View File

@ -135,7 +135,7 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
'pika',
'prettytable',
'psutil',
'pycadf',
'/pycadf',
'pyinotify',
'pymysql',
'pyngus',
@ -185,7 +185,14 @@ LABEL maintainer="{{ maintainer }}" name="{{ image_name }}" build-date="{{ build
%}
ADD openstack-base-archive /openstack-base-source
RUN ln -s openstack-base-source/* /requirements \
ADD plugins-archive /openstack-base-source
RUN ln -s openstack-base-source/plugins/* /pycadf \
&& mkdir -p /etc/pycadf \
&& cp /pycadf/etc/pycadf/* /etc/pycadf/
RUN ln -s openstack-base-source/*requirements* /requirements \
{# NOTE(mnasiadka): Remove ovs from upper-constraints.txt because python3-openvswitch
is usually newer than UC entry and older version would get installed
in venv (see https://launchpad.net/bugs/1961874).

1
docker/swift/swift-base/Dockerfile.j2
View File

@ -36,6 +36,7 @@ RUN ln -s swift-base-source/* swift \
&& {{ macros.install_pip(swift_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/swift /var/cache/swift /var/lock/swift \
&& cp -r /swift/etc/* /etc/swift/ \
&& cp /etc/pycadf/swift_api_audit_map.conf /etc/swift/ \
&& chown -R swift: /var/cache/swift /var/lock/swift \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/kolla_swift_sudoers \

1
docker/trove/trove-base/Dockerfile.j2
View File

@ -21,6 +21,7 @@ RUN ln -s trove-base-source/* trove \
&& {{ macros.install_pip(trove_base_pip_packages | customizable("pip_packages")) }} \
&& mkdir -p /etc/trove \
&& cp -r /trove/etc/trove/* /etc/trove/ \
&& cp /etc/pycadf/trove_api_audit_map.conf /etc/trove/ \
&& touch /usr/local/bin/kolla_trove_extend_start \
&& chmod 644 /usr/local/bin/kolla_extend_start /usr/local/bin/kolla_trove_extend_start

4
kolla/common/sources.py
View File

@ -15,6 +15,10 @@ SOURCES = {
'type': 'url',
'location': ('$tarballs_base/openstack/requirements/'
'requirements-${openstack_branch}.tar.gz')},
'openstack-base-plugin-pycadf': {
'type': 'url',
'location': ('$tarballs_base/openstack/pycadf/'
'pycadf-3.1.1.tar.gz')},
'aodh-base': {
'type': 'url',
'location': ('$tarballs_base/openstack/aodh/'

5
releasenotes/notes/bug-2047941-895a319fd706d2b4.yaml Normal file
View File

@ -0,0 +1,5 @@
---
fixes:
- |
Fixes missing pycadf's audit map config
files `LP#2047941 <https://launchpad.net/bugs/2047941>`__.