Remove baremetal rootwrap filters

The baremetal rootwrap filters were removed from nova over a year ago in change I952e484cf0b7b6526dced74769ed00a1b7541711. Remove them from this repository as well. Also update the 'Copy nova rootwrap filter config' task to handle looking up rootwrap filter files using 'with_fileglob' to avoid having to maintain the task with each addition or removal of these files. Change-Id: I9c7df5d29f9557fbc467402166cec7546a3e79c7
2016-09-18 16:02:51 -07:00 · 2016-09-18 16:02:51 -07:00 · ce6a6ebe1f
commit ce6a6ebe1f
parent 9e998b52ee
3 changed files with 4 additions and 28 deletions
--- a/files/rootwrap.d/baremetal-compute-ipmi.filters
+++ b/files/rootwrap.d/baremetal-compute-ipmi.filters
@ -1,9 +0,0 @@
-# nova-rootwrap command filters for compute nodes
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova/virt/baremetal/ipmi.py: 'ipmitool', ..
-ipmitool: CommandFilter, ipmitool, root
-
-# nova/virt/baremetal/ipmi.py: 'kill', '-TERM', str(console_pid)
-kill_shellinaboxd: KillFilter, root, /usr/local/bin/shellinaboxd, -15, -TERM
--- a/files/rootwrap.d/baremetal-deploy-helper.filters
+++ b/files/rootwrap.d/baremetal-deploy-helper.filters
@ -1,11 +0,0 @@
-# nova-rootwrap command filters for nova-baremetal-deploy-helper
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova-baremetal-deploy-helper
-iscsiadm: CommandFilter, iscsiadm, root
-sfdisk: CommandFilter, sfdisk, root
-dd: CommandFilter, dd, root
-mkswap: CommandFilter, mkswap, root
-blkid: CommandFilter, blkid, root
-mkfs: CommandFilter, mkfs, root
--- a/tasks/nova_post_install.yml
+++ b/tasks/nova_post_install.yml
@ -60,16 +60,12 @@

 - name: Copy nova rootwrap filter config
  copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
+    src: "{{ item }}"
+    dest: "/etc/nova/rootwrap.d/"
    owner: "root"
    group: "root"
-  with_items:
-    - { src: "rootwrap.d/api-metadata.filters", dest: "/etc/nova/rootwrap.d/api-metadata.filters" }
-    - { src: "rootwrap.d/baremetal-compute-ipmi.filters", dest: "/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters" }
-    - { src: "rootwrap.d/baremetal-deploy-helper.filters", dest: "/etc/nova/rootwrap.d/baremetal-deploy-helper.filters" }
-    - { src: "rootwrap.d/compute.filters", dest: "/etc/nova/rootwrap.d/compute.filters" }
-    - { src: "rootwrap.d/network.filters", dest: "/etc/nova/rootwrap.d/network.filters" }
+  with_fileglob:
+    - rootwrap.d/*
  notify: Restart nova services
  tags:
    - nova-config