kolla/docker/base/sudoers
Viktor Michalek 79d857f9e7 Custom CA certificates installation mechanism
Change-Id: I0fd596d93a0e575a391250d4bed261ad370a3664
2019-10-12 15:36:27 +00:00

22 lines
906 B
Plaintext

# The idea here is a container service adds their UID to the kolla group
# via usermod -a -G kolla <uid>. Then the kolla_start may run
# kolla_set_configs via sudo as the root user which is necessary to protect
# the immutability of the container
# anyone in the kolla group may sudo -E (set the environment)
Defaults: %kolla setenv
# root may run any commands via sudo as the network seervice user. This is
# neededfor database migrations of existing services which have not been
# converted to run as a non-root user, but instead do that via sudo -E glance
root ALL=(ALL) ALL
# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the
# root user via sudo without password confirmation
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs
# Copy custom CA certificates to containers
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_copy_cacerts
#includedir /etc/sudoers.d