Merge "First pass at script cleanup" into stable/ussuri
This commit is contained in:
commit
1bcedda414
|
@ -0,0 +1 @@
|
|||
%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican /var/lib/barbican/, /bin/chown -R barbican /var/lib/barbican/
|
|
@ -14,7 +14,7 @@ if [[ "$(whoami)" == 'root' ]]; then
|
|||
# on startup:
|
||||
# SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty
|
||||
# Work around this by generating certificates manually.
|
||||
if [[ ${KOLLA_BASE_DISTRO} = centos ]] && [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then
|
||||
if [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then
|
||||
/usr/libexec/httpd-ssl-gencerts
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -13,6 +13,6 @@ root ALL=(ALL) ALL
|
|||
|
||||
# anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the
|
||||
# root user via sudo without password confirmation
|
||||
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs
|
||||
%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla*
|
||||
|
||||
#includedir /etc/sudoers.d
|
||||
|
|
|
@ -4,7 +4,7 @@ set -o errexit
|
|||
|
||||
FORCE_GENERATE="${FORCE_GENERATE}"
|
||||
HASH_PATH=/var/lib/kolla/.settings.md5sum.txt
|
||||
MANAGE_PY="/usr/bin/python${KOLLA_DISTRO_PYTHON_VERSION} /usr/bin/manage.py"
|
||||
MANAGE_PY="/usr/bin/python3 /usr/bin/manage.py"
|
||||
|
||||
if [[ -f /etc/openstack-dashboard/custom_local_settings ]]; then
|
||||
CUSTOM_SETTINGS_FILE="${SITE_PACKAGES}/openstack_dashboard/local/custom_local_settings.py"
|
||||
|
|
|
@ -1,5 +1,3 @@
|
|||
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf *
|
||||
neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf
|
||||
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy
|
||||
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy
|
||||
neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto iptables
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
tcib_actions:
|
||||
- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset" > /etc/sudoers.d/security_reset && chmod 640 /etc/sudoers.d/security_reset'
|
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
|
|
|
@ -1,7 +1,9 @@
|
|||
tcib_actions:
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican /var/lib/barbican/, /bin/chown -R barbican /var/lib/barbican/" > /etc/sudoers.d/barbican_sudoers && chmod 640 /etc/sudoers.d/barbican_sudoers'
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/barbican-base/sudoers /etc/sudoers.d/barbican_sudoers
|
||||
- run: chmod 640 /etc/sudoers.d/barbican_sudoers
|
||||
- run: usermod -a -G kolla barbican
|
||||
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/barbican-base/*'', wantlist=True) }}'
|
||||
tcib_packages:
|
||||
common:
|
||||
- openstack-barbican-common
|
||||
|
|
Loading…
Reference in New Issue