openstack/openstack-ansible-os_neutron
Code Issues Proposed changes

Merge "Rootwrap configuration should be owned by root"

Browse Source
This commit is contained in:
Jenkins 2016-03-09 07:17:23 +00:00 committed by Gerrit Code Review
commit ba11de3626
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
tasks/neutron_post_install.yml
View File

@ -17,8 +17,8 @@
config_template: config_template:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: "{{ neutron_system_user_name }}" owner: "{{ item.owner|default(neutron_system_user_name) }}"
group: "{{ neutron_system_group_name }}" group: "{{ item.group|default(neutron_system_group_name) }}"
mode: "0644" mode: "0644"
config_overrides: "{{ item.config_overrides }}" config_overrides: "{{ item.config_overrides }}"
config_type: "{{ item.config_type }}" config_type: "{{ item.config_type }}"
@ -37,6 +37,8 @@
config_type: "ini" config_type: "ini"
- src: "rootwrap.conf.j2" - src: "rootwrap.conf.j2"
dest: "/etc/neutron/rootwrap.conf" dest: "/etc/neutron/rootwrap.conf"
owner: "root"
group: "root"
config_overrides: "{{ neutron_rootwrap_conf_overrides }}" config_overrides: "{{ neutron_rootwrap_conf_overrides }}"
config_type: "ini" config_type: "ini"
- src: "policy.json.j2" - src: "policy.json.j2"
@ -83,12 +85,12 @@
tags: tags:
- neutron-config - neutron-config
- name: Drop neutron Configs - name: Drop neutron rootwrap filters
copy: copy:
src: "{{ item.src }}" src: "{{ item.src }}"
dest: "{{ item.dest }}" dest: "{{ item.dest }}"
owner: "{{ neutron_system_user_name }}" owner: "root"
group: "{{ neutron_system_group_name }}" group: "root"
with_items: with_items:
- { src: "rootwrap.d/debug.filters", dest: "/etc/neutron/rootwrap.d/debug.filters" } - { src: "rootwrap.d/debug.filters", dest: "/etc/neutron/rootwrap.d/debug.filters" }
- { src: "rootwrap.d/dibbler.filters", dest: "/etc/neutron/rootwrap.d/dibbler.filters" } - { src: "rootwrap.d/dibbler.filters", dest: "/etc/neutron/rootwrap.d/dibbler.filters" }
@ -104,12 +106,12 @@
tags: tags:
- neutron-config - neutron-config
- name: Drop neutron agent filters - name: Drop neutron agent rootwrap filters
copy: copy:
src: "{{ item.value.service_rootwrap }}" src: "{{ item.value.service_rootwrap }}"
dest: "/etc/neutron/{{ item.value.service_rootwrap }}" dest: "/etc/neutron/{{ item.value.service_rootwrap }}"
owner: "{{ neutron_system_user_name }}" owner: "root"
group: "{{ neutron_system_group_name }}" group: "root"
with_dict: neutron_services with_dict: neutron_services
when: when:
- item.value.service_en | bool - item.value.service_en | bool

2
tasks/neutron_pre_install.yml
View File

@ -44,7 +44,7 @@
- { path: "/etc/neutron" } - { path: "/etc/neutron" }
- { path: "/etc/neutron/plugins" } - { path: "/etc/neutron/plugins" }
- { path: "/etc/neutron/plugins/{{ neutron_plugin_type }}" } - { path: "/etc/neutron/plugins/{{ neutron_plugin_type }}" }
- { path: "/etc/neutron/rootwrap.d" } - { path: "/etc/neutron/rootwrap.d", owner: "root", group: "root" }
- { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" } - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
- { path: "/var/cache/neutron" } - { path: "/var/cache/neutron" }
- { path: "/var/lock/neutron" } - { path: "/var/lock/neutron" }