diff --git a/container-images/kolla/barbican-base/sudoers b/container-images/kolla/barbican-base/sudoers new file mode 100644 index 000000000..8252327e4 --- /dev/null +++ b/container-images/kolla/barbican-base/sudoers @@ -0,0 +1 @@ +%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican /var/lib/barbican/, /bin/chown -R barbican /var/lib/barbican/ diff --git a/container-images/kolla/base/httpd_setup.sh b/container-images/kolla/base/httpd_setup.sh index c5effa785..f8921063d 100644 --- a/container-images/kolla/base/httpd_setup.sh +++ b/container-images/kolla/base/httpd_setup.sh @@ -14,7 +14,7 @@ if [[ "$(whoami)" == 'root' ]]; then # on startup: # SSLCertificateFile: file '/etc/pki/tls/certs/localhost.crt' does not exist or is empty # Work around this by generating certificates manually. - if [[ ${KOLLA_BASE_DISTRO} = centos ]] && [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then + if [[ ! -e /etc/pki/tls/certs/localhost.crt ]]; then /usr/libexec/httpd-ssl-gencerts fi fi diff --git a/container-images/kolla/base/sudoers b/container-images/kolla/base/sudoers index 76baefcb0..61e2d7c0f 100644 --- a/container-images/kolla/base/sudoers +++ b/container-images/kolla/base/sudoers @@ -13,6 +13,6 @@ root ALL=(ALL) ALL # anyone in the kolla group may run /usr/local/bin/kolla_set_configs as the # root user via sudo without password confirmation -%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_set_configs +%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla* #includedir /etc/sudoers.d diff --git a/container-images/kolla/horizon/extend_start.sh b/container-images/kolla/horizon/extend_start.sh index f4db52a33..5c34f56b2 100644 --- a/container-images/kolla/horizon/extend_start.sh +++ b/container-images/kolla/horizon/extend_start.sh @@ -4,7 +4,7 @@ set -o errexit FORCE_GENERATE="${FORCE_GENERATE}" HASH_PATH=/var/lib/kolla/.settings.md5sum.txt -MANAGE_PY="/usr/bin/python${KOLLA_DISTRO_PYTHON_VERSION} /usr/bin/manage.py" +MANAGE_PY="/usr/bin/python3 /usr/bin/manage.py" if [[ -f /etc/openstack-dashboard/custom_local_settings ]]; then CUSTOM_SETTINGS_FILE="${SITE_PACKAGES}/openstack_dashboard/local/custom_local_settings.py" diff --git a/container-images/kolla/neutron-base/neutron_sudoers b/container-images/kolla/neutron-base/neutron_sudoers index 7a7252e50..b859003e9 100644 --- a/container-images/kolla/neutron-base/neutron_sudoers +++ b/container-images/kolla/neutron-base/neutron_sudoers @@ -1,5 +1,3 @@ -neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap /etc/neutron/rootwrap.conf * -neutron ALL = (root) NOPASSWD: /var/lib/kolla/venv/bin/neutron-rootwrap-daemon /etc/neutron/rootwrap.conf neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set iptables /usr/sbin/iptables-legacy neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --set ip6tables /usr/sbin/ip6tables-legacy neutron ALL = (root) NOPASSWD: /usr/bin/update-alternatives --auto iptables diff --git a/container-images/tcib/base/mariadb/mariadb.yaml b/container-images/tcib/base/mariadb/mariadb.yaml index 38c54d5ec..f3890b778 100644 --- a/container-images/tcib/base/mariadb/mariadb.yaml +++ b/container-images/tcib/base/mariadb/mariadb.yaml @@ -1,5 +1,4 @@ tcib_actions: -- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset" > /etc/sudoers.d/security_reset && chmod 640 /etc/sudoers.d/security_reset' - run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi - run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf - copy: /usr/share/tripleo-common/container-images/kolla/mariadb/extend_start.sh /usr/local/bin/kolla_extend_start diff --git a/container-images/tcib/base/os/barbican-base/barbican-base.yaml b/container-images/tcib/base/os/barbican-base/barbican-base.yaml index c56a9ce3f..711c7c72b 100644 --- a/container-images/tcib/base/os/barbican-base/barbican-base.yaml +++ b/container-images/tcib/base/os/barbican-base/barbican-base.yaml @@ -1,7 +1,9 @@ tcib_actions: - run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf -- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican /var/lib/barbican/, /bin/chown -R barbican /var/lib/barbican/" > /etc/sudoers.d/barbican_sudoers && chmod 640 /etc/sudoers.d/barbican_sudoers' +- copy: /usr/share/tripleo-common/container-images/kolla/barbican-base/sudoers /etc/sudoers.d/barbican_sudoers +- run: chmod 640 /etc/sudoers.d/barbican_sudoers - run: usermod -a -G kolla barbican +tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/barbican-base/*'', wantlist=True) }}' tcib_packages: common: - openstack-barbican-common