From 8a6d7678b58c3dc834fec343332020d624e4006a Mon Sep 17 00:00:00 2001 From: Angus Lees Date: Mon, 15 Feb 2016 10:53:20 +1100 Subject: [PATCH] cinder.conf: Set privsep_osbrick.helper_command When os-brick starts using privsep, it will need to know how to invoke its privileged half. Amazingly the name of the rootwrap executable isn't anywhere else in the config, so the privsep default uses just "sudo" (no rootwrap). We need to either: 1. set the privsep command line to use cinder-rootwrap in cinder.conf (and similar in other configs), or 2. add the privsep-helper line to sudoers and bypass rootwrap entirely. This change implements (1) for devstack/cinder and is similar to the corresponding nova change in I90dc41bc77993bd83b80c92286e015e14f290b45 Change-Id: I8a0b1728cc66c4861f69623b1b16b1f759b57b25 --- lib/cinder | 2 ++ 1 file changed, 2 insertions(+) diff --git a/lib/cinder b/lib/cinder index 3aea05023f..081e2f7860 100644 --- a/lib/cinder +++ b/lib/cinder @@ -272,6 +272,8 @@ function configure_cinder { iniset $CINDER_CONF DEFAULT os_region_name "$REGION_NAME" + iniset $CINDER_CONF privsep_osbrick helper_command "sudo cinder-rootwrap \$rootwrap_config privsep-helper --config-file $CINDER_CONF" + if is_service_enabled c-vol && [[ -n "$CINDER_ENABLED_BACKENDS" ]]; then local enabled_backends="" local default_name=""