openstack/openstack-ansible-os_nova
Code Issues Proposed changes

Merge "Rootwrap configuration should be owned by root"

Browse Source
This commit is contained in:
Jenkins 2016-03-09 16:28:41 +00:00 committed by Gerrit Code Review
commit 3cac45ee6c
2 changed files with 10 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
tasks/nova_post_install.yml
View File

@ -13,12 +13,12 @@
# See the License for the specific language governing permissions and # See the License for the specific language governing permissions and
# limitations under the License. # limitations under the License.
- name: Copy nova config - name: Generate nova config
config_template: config_template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: "{{ nova_system_user_name }}" owner: "{{ item.owner|default(nova_system_user_name) }}"
group: "{{ nova_system_group_name }}" group: "{{ item.group|default(nova_system_group_name) }}"
mode: "0644" mode: "0644"
config_overrides: "{{ item.config_overrides }}" config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}" config_type: "{{ item.config_type }}"
@ -29,6 +29,8 @@
config_type: "ini" config_type: "ini"
- src: "rootwrap.conf.j2" - src: "rootwrap.conf.j2"
dest: "/etc/nova/rootwrap.conf" dest: "/etc/nova/rootwrap.conf"
owner: "root"
group: "root"
config_overrides: "{{ nova_rootwrap_conf_overrides }}" config_overrides: "{{ nova_rootwrap_conf_overrides }}"
config_type: "ini" config_type: "ini"
- src: "api-paste.ini.j2" - src: "api-paste.ini.j2"
@ -44,12 +46,12 @@
- nova-config - nova-config
- nova-post-install - nova-post-install
- name: Generate nova config - name: Copy nova rootwrap filter config
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: "{{ nova_system_user_name }}" owner: "root"
group: "{{ nova_system_group_name }}" group: "root"
with_items: with_items:
- { src: "rootwrap.d/api-metadata.filters", dest: "/etc/nova/rootwrap.d/api-metadata.filters" } - { src: "rootwrap.d/api-metadata.filters", dest: "/etc/nova/rootwrap.d/api-metadata.filters" }
- { src: "rootwrap.d/baremetal-compute-ipmi.filters", dest: "/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters" } - { src: "rootwrap.d/baremetal-compute-ipmi.filters", dest: "/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters" }

4
tasks/nova_pre_install.yml
View File

@ -59,9 +59,9 @@
group: "{{ item.group|default(nova_system_group_name) }}" group: "{{ item.group|default(nova_system_group_name) }}"
mode: "{{ item.mode|default('0755') }}" mode: "{{ item.mode|default('0755') }}"
with_items: with_items:
- { path: "/openstack", mode: "0755", owner: "root", group: "root" } - { path: "/openstack", owner: "root", group: "root" }
- { path: "/etc/nova" } - { path: "/etc/nova" }
- { path: "/etc/nova/rootwrap.d" } - { path: "/etc/nova/rootwrap.d", owner: "root", group: "root" }
- { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
- { path: "/var/cache/nova" } - { path: "/var/cache/nova" }
- { path: "{{ nova_system_home_folder }}" } - { path: "{{ nova_system_home_folder }}" }