openstack/ironic
Code Issues Proposed changes

Preserve env when running vbmc

Browse Source 
The create-node.sh and cleanup-node.sh scripts are called with sudo -E
but then runs su which will break the env we were initially trying to
preserve. This is important so that devstack can control things like
$PATH for determining the path to vbmc. Address this by adding a -p to
the su call which should preserve the environment for us.

Unfortunately for PATH specifically even using sudo -E has a tendency
for sanitizing PATH. We work around this behavior by explicitly setting
$PATH in the commands being run by sudo su.

Note that the su appears to be necessary to have the stack user pick up
its new libvirt group membership which allows it to successfully use
virsh to start the virtual baremetal instances.

Change-Id: I3398b6fd14b491a13231a6032a669d6e30deca98
This commit is contained in:
Clark Boylan 2018-04-09 11:32:52 -07:00 committed by Jim Rollenhagen
parent 02d8fa1393
commit 3048eb82f7
1 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
devstack/lib/ironic
View File

@ -1617,7 +1617,11 @@ function create_bridge_and_vms {
bridge_mac=$(ip link show dev $IRONIC_VM_NETWORK_BRIDGE | grep -Eo "ether [A-Za-z0-9:]+"|sed "s/ether\ //")
for vm_name in $(_ironic_bm_vm_names); do
sudo -E su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/create-node.sh -n $vm_name \
# The su appears to be important here for picking up the stack user's
# new libvirt group abilities that allow it to speak to virsh.
# We pass through PATH explicitly as sudo has a tendency to sanitize it
# from the env even with -E.
sudo -E su -p $STACK_USER -c "PATH=$PATH $IRONIC_SCRIPTS_DIR/create-node.sh -n $vm_name \
-c $IRONIC_VM_SPECS_CPU -m $IRONIC_VM_SPECS_RAM -d $IRONIC_VM_SPECS_DISK \
-a $IRONIC_VM_SPECS_CPU_ARCH -b $IRONIC_VM_NETWORK_BRIDGE $vm_opts -p $vbmc_port -o $pdu_outlet \
-i $IRONIC_VM_INTERFACE_COUNT -f $IRONIC_VM_SPECS_DISK_FORMAT -M $PUBLIC_BRIDGE_MTU $log_arg" >> $IRONIC_VM_MACS_CSV_FILE
@ -2421,7 +2425,11 @@ function cleanup_baremetal_basic_ops {
local vm_name
for vm_name in $(_ironic_bm_vm_names); do
sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/cleanup-node.sh $vm_name"
# The su appears to be important here for picking up the stack user's
# new libvirt group abilities that allow it to speak to virsh.
# We pass through PATH explicitly as sudo has a tendency to sanitize it
# from the env even with -E.
sudo -E su -p $STACK_USER -c "PATH=$PATH $IRONIC_SCRIPTS_DIR/cleanup-node.sh $vm_name"
# Cleanup node bridge/interfaces
for i in $(seq 1 $IRONIC_VM_INTERFACE_COUNT); do