From 3048eb82f7e03750c596128aa525ecebf788d364 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Mon, 9 Apr 2018 11:32:52 -0700
Subject: [PATCH] Preserve env when running vbmc

The create-node.sh and cleanup-node.sh scripts are called with sudo -E
but then runs su which will break the env we were initially trying to
preserve. This is important so that devstack can control things like
$PATH for determining the path to vbmc. Address this by adding a -p to
the su call which should preserve the environment for us.

Unfortunately for PATH specifically even using sudo -E has a tendency
for sanitizing PATH. We work around this behavior by explicitly setting
$PATH in the commands being run by sudo su.

Note that the su appears to be necessary to have the stack user pick up
its new libvirt group membership which allows it to successfully use
virsh to start the virtual baremetal instances.

Change-Id: I3398b6fd14b491a13231a6032a669d6e30deca98
---
 devstack/lib/ironic | 12 ++++++++++--
 1 file changed, 10 insertions(+), 2 deletions(-)

diff --git a/devstack/lib/ironic b/devstack/lib/ironic
index 5960500be9..07f848be30 100644
--- a/devstack/lib/ironic
+++ b/devstack/lib/ironic
@@ -1617,7 +1617,11 @@ function create_bridge_and_vms {
     bridge_mac=$(ip link show dev $IRONIC_VM_NETWORK_BRIDGE | grep -Eo "ether [A-Za-z0-9:]+"|sed "s/ether\ //")
 
     for vm_name in $(_ironic_bm_vm_names); do
-        sudo -E su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/create-node.sh -n $vm_name \
+        # The su appears to be important here for picking up the stack user's
+        # new libvirt group abilities that allow it to speak to virsh.
+        # We pass through PATH explicitly as sudo has a tendency to sanitize it
+        # from the env even with -E.
+        sudo -E su -p $STACK_USER -c "PATH=$PATH $IRONIC_SCRIPTS_DIR/create-node.sh -n $vm_name \
             -c $IRONIC_VM_SPECS_CPU -m $IRONIC_VM_SPECS_RAM -d $IRONIC_VM_SPECS_DISK \
             -a $IRONIC_VM_SPECS_CPU_ARCH -b $IRONIC_VM_NETWORK_BRIDGE $vm_opts -p $vbmc_port -o $pdu_outlet \
             -i $IRONIC_VM_INTERFACE_COUNT -f $IRONIC_VM_SPECS_DISK_FORMAT  -M $PUBLIC_BRIDGE_MTU $log_arg" >> $IRONIC_VM_MACS_CSV_FILE
@@ -2421,7 +2425,11 @@ function cleanup_baremetal_basic_ops {
 
     local vm_name
     for vm_name in $(_ironic_bm_vm_names); do
-        sudo su $STACK_USER -c "$IRONIC_SCRIPTS_DIR/cleanup-node.sh $vm_name"
+        # The su appears to be important here for picking up the stack user's
+        # new libvirt group abilities that allow it to speak to virsh.
+        # We pass through PATH explicitly as sudo has a tendency to sanitize it
+        # from the env even with -E.
+        sudo -E su -p $STACK_USER -c "PATH=$PATH $IRONIC_SCRIPTS_DIR/cleanup-node.sh $vm_name"
 
         # Cleanup node bridge/interfaces
         for i in $(seq 1 $IRONIC_VM_INTERFACE_COUNT); do