0644a5df86
Since packages are installed using root during image build - we need to use sudo when updating those packages when using dev-mode. Change-Id: Idf14e334d50abeb1719563b1733af0b8425b3b55
27 lines
1.1 KiB
Plaintext
27 lines
1.1 KiB
Plaintext
# The idea here is a container service adds their UID to the kolla group
|
|
# via usermod -a -G kolla <uid>. Then the kolla_start may run
|
|
# kolla_set_configs via sudo as the root user which is necessary to protect
|
|
# the immutability of the container
|
|
|
|
# anyone in the kolla group may sudo -E (set the environment)
|
|
Defaults: %kolla setenv
|
|
|
|
Defaults secure_path="/var/lib/kolla/venv/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
|
|
|
|
# root may run any commands via sudo as the network seervice user. This is
|
|
# neededfor database migrations of existing services which have not been
|
|
# converted to run as a non-root user, but instead do that via sudo -E glance
|
|
root ALL=(ALL) ALL
|
|
|
|
# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the
|
|
# root user via sudo without password confirmation
|
|
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs
|
|
|
|
# Copy custom CA certificates to containers
|
|
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_copy_cacerts
|
|
|
|
# Install projects in dev-mode
|
|
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_install_projects
|
|
|
|
#includedir /etc/sudoers.d
|