set root_helper defaults

Starting is essex 2, a new utility has been created that simplifies the management of sudoers config for nova since nova runs as a non-root user but often needs escalated privelages. http://wiki.openstack.org/Packager/Rootwrap The default setting for root_helper is sudo which relies on a complex set of sudoers rules. These rules can be greatly simplified by setting root_helper to sudo nova-rootwrap. This may be problematic b/c it depends on rather or not this file has been packaged.. This config default has been added to the params class b/c it depends on what OS packages are used for installation. Perhaps I can revisit this once the openstack packaging matures.
2012-03-19 15:06:47 -07:00 · 2012-03-19 15:06:47 -07:00 · 37347d16fa
parent a999b52634
commit 37347d16fa
2 changed files with 8 additions and 5 deletions
--- a/manifests/init.pp
+++ b/manifests/init.pp
@ -23,11 +23,9 @@ class nova(
  $verbose = false,
  $nodaemon = false,
  $periodic_interval = '60',
-  $report_interval = '10'
-
-) {
-
-  include nova::params
+  $report_interval = '10',
+  $root_helper = $::nova::params::root_helper
+) inherits nova::params {

  Nova_config<| |> {
    require +> Package[$::nova::params::package_names],
@ -120,6 +118,7 @@ class nova(
    # as well as controller.
    'network_manager': value => $network_manager;
    'use_deprecated_auth': value => true;
+    'root_helper': value => $root_helper;
  }

  exec { 'post-nova_config':
--- a/manifests/params.pp
+++ b/manifests/params.pp
@ -14,6 +14,8 @@ class nova::params {
      $libvirt_package_name     = 'libvirt'
      $libvirt_service_name     = 'libvirtd'
      $special_service_provider = 'init'
+      # redhat specific config defaults
+      $root_helper              = 'sudo nova-rootwrap'
    }
    'Debian': {
      $package_names = ['nova-common',
@ -33,6 +35,8 @@ class nova::params {
      $libvirt_service_name     = 'libvirt-bin'
      # some of the services need to be started form the special upstart provider
      $special_service_provider = 'upstart'
+      # debian specific nova config
+      $root_helper              = 'sudo'
    }
    default: {
      fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, module ${module_name} only support osfamily RedHat and Debian")