From 173edbafab6f1f4a25f31771d49affc411e6ee49 Mon Sep 17 00:00:00 2001 From: Oliver Walsh Date: Fri, 3 Dec 2021 22:11:46 +0000 Subject: [PATCH] Add tempest to sudoers for tempest container image Required to configure TLS in the tempest pod init when used by osp-director-operator. Workaround cirular dependency: tempest_sudoers will not exist until this patch is included in the openstack-tripleo-common-containers rpm. Fallback to using an existing sudoers file with sed, then followup with a patch to remove this logic once the package is updated. Depends-On: I039c49e6f5872b02c1fdc1690594e0d9bef303f5 Change-Id: I2d06904cc89e398f82ffc8b4f2d862427507d0dc (cherry picked from commit b80b98ffe96c4a182efb264f8d476717220f8dca) (cherry picked from commit 1b211e64868eda1d9191923ba9c7496bcbffb1ff) (cherry picked from commit 7c93f76136e9337c290b1703897cdb91b859b49b) (cherry picked from commit ad0438d6f3a7d21ad7e72dfb328ac5d3899f2f2e) --- container-images/tcib/base/os/tempest/tempest.yaml | 8 ++++++++ container-images/tcib/base/os/tempest/tempest_sudoers | 1 + 2 files changed, 9 insertions(+) create mode 100644 container-images/tcib/base/os/tempest/tempest_sudoers diff --git a/container-images/tcib/base/os/tempest/tempest.yaml b/container-images/tcib/base/os/tempest/tempest.yaml index 15d21ddbd..64ef6d936 100644 --- a/container-images/tcib/base/os/tempest/tempest.yaml +++ b/container-images/tcib/base/os/tempest/tempest.yaml @@ -1,6 +1,14 @@ tcib_actions: - run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }} - run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf +- run: >- + if [ -e /usr/share/openstack-tripleo-common-containers/container-images/tcib/base/os/tempest/tempest_sudoers ]; then + cp /usr/share/openstack-tripleo-common-containers/container-images/tcib/base/os/tempest/tempest_sudoers /etc/sudoers.d/tempest_sudoers; + else + sed -e 's/cloud-admin/tempest/' /usr/share/openstack-tripleo-common-containers/container-images/kolla/tripleoclient/tripleoclient_sudoers > /etc/sudoers.d/tempest_sudoers; + fi +- run: chmod 440 /etc/sudoers.d/tempest_sudoers + tcib_packages: common: - iputils diff --git a/container-images/tcib/base/os/tempest/tempest_sudoers b/container-images/tcib/base/os/tempest/tempest_sudoers new file mode 100644 index 000000000..0b7b4a873 --- /dev/null +++ b/container-images/tcib/base/os/tempest/tempest_sudoers @@ -0,0 +1 @@ +tempest ALL=(ALL) NOPASSWD: ALL