openstack/openstack-ansible-os_neutron
Code Issues Proposed changes

Add privsep-helper to neutron sudoers file

Browse Source 
With the new oslo-privsep library, there is now a
privsep-helper command that is used to escalate
privledges.

This command needs to be runnable by the neutron user
via sudo without a password. The old rootwrap command
is still used as well, so for now we need to have
both.

Change-Id: I8e9743da3e51e71a113d958c22007cf54aa17fc4
This commit is contained in:
Mohammed Naser
2019-03-31 21:28:39 -04:00
parent 01857d45c9
commit 668fb5a054
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
templates/sudoers.j2
View File

@@ -5,3 +5,4 @@ Defaults:{{ neutron_system_user_name }} secure_path="{{ neutron_bin }}:/usr/loca
{{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/{{ neutron_service_name }}-rootwrap {{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/{{ neutron_service_name }}-rootwrap
{{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/{{ neutron_service_name }}-rootwrap-daemon {{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/{{ neutron_service_name }}-rootwrap-daemon
{{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/privsep-helper