From ce6a6ebe1f72ab9f65ce7009bc1b3dbd6a229d7e Mon Sep 17 00:00:00 2001
From: Jimmy McCrory <jimmy.mccrory@gmail.com>
Date: Sun, 18 Sep 2016 16:02:51 -0700
Subject: [PATCH] Remove baremetal rootwrap filters

The baremetal rootwrap filters were removed from nova over a year ago in
change I952e484cf0b7b6526dced74769ed00a1b7541711. Remove them from this
repository as well. Also update the 'Copy nova rootwrap filter config'
task to handle looking up rootwrap filter files using 'with_fileglob' to
avoid having to maintain the task with each addition or removal of these
files.

Change-Id: I9c7df5d29f9557fbc467402166cec7546a3e79c7
---
 files/rootwrap.d/baremetal-compute-ipmi.filters  |  9 ---------
 files/rootwrap.d/baremetal-deploy-helper.filters | 11 -----------
 tasks/nova_post_install.yml                      | 12 ++++--------
 3 files changed, 4 insertions(+), 28 deletions(-)
 delete mode 100644 files/rootwrap.d/baremetal-compute-ipmi.filters
 delete mode 100644 files/rootwrap.d/baremetal-deploy-helper.filters

diff --git a/files/rootwrap.d/baremetal-compute-ipmi.filters b/files/rootwrap.d/baremetal-compute-ipmi.filters
deleted file mode 100644
index 4132a999..00000000
--- a/files/rootwrap.d/baremetal-compute-ipmi.filters
+++ /dev/null
@@ -1,9 +0,0 @@
-# nova-rootwrap command filters for compute nodes
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova/virt/baremetal/ipmi.py: 'ipmitool', ..
-ipmitool: CommandFilter, ipmitool, root
-
-# nova/virt/baremetal/ipmi.py: 'kill', '-TERM', str(console_pid)
-kill_shellinaboxd: KillFilter, root, /usr/local/bin/shellinaboxd, -15, -TERM
diff --git a/files/rootwrap.d/baremetal-deploy-helper.filters b/files/rootwrap.d/baremetal-deploy-helper.filters
deleted file mode 100644
index 6d14b5d9..00000000
--- a/files/rootwrap.d/baremetal-deploy-helper.filters
+++ /dev/null
@@ -1,11 +0,0 @@
-# nova-rootwrap command filters for nova-baremetal-deploy-helper
-# This file should be owned by (and only-writeable by) the root user
-
-[Filters]
-# nova-baremetal-deploy-helper
-iscsiadm: CommandFilter, iscsiadm, root
-sfdisk: CommandFilter, sfdisk, root
-dd: CommandFilter, dd, root
-mkswap: CommandFilter, mkswap, root
-blkid: CommandFilter, blkid, root
-mkfs: CommandFilter, mkfs, root
diff --git a/tasks/nova_post_install.yml b/tasks/nova_post_install.yml
index 483272f8..274bf6a9 100644
--- a/tasks/nova_post_install.yml
+++ b/tasks/nova_post_install.yml
@@ -60,16 +60,12 @@
 
 - name: Copy nova rootwrap filter config
   copy:
-    src: "{{ item.src }}"
-    dest: "{{ item.dest }}"
+    src: "{{ item }}"
+    dest: "/etc/nova/rootwrap.d/"
     owner: "root"
     group: "root"
-  with_items:
-    - { src: "rootwrap.d/api-metadata.filters", dest: "/etc/nova/rootwrap.d/api-metadata.filters" }
-    - { src: "rootwrap.d/baremetal-compute-ipmi.filters", dest: "/etc/nova/rootwrap.d/baremetal-compute-ipmi.filters" }
-    - { src: "rootwrap.d/baremetal-deploy-helper.filters", dest: "/etc/nova/rootwrap.d/baremetal-deploy-helper.filters" }
-    - { src: "rootwrap.d/compute.filters", dest: "/etc/nova/rootwrap.d/compute.filters" }
-    - { src: "rootwrap.d/network.filters", dest: "/etc/nova/rootwrap.d/network.filters" }
+  with_fileglob:
+    - rootwrap.d/*
   notify: Restart nova services
   tags:
     - nova-config