openstack/openstack-helm
Code Issues Proposed changes

Mount Sudoers file for masakari-hostmonitors

Browse Source 
masakari hostmonitors needs to run the privsep-helper as root. As masakari monitors runs as masakari-monitors users, sudoers file is added so that privsep-helper can be run as root user without using password.

Change-Id: I3501d8913f4b8b0bf9d7e03c8d411137d9c25a8c
This commit is contained in:
xuxant02@gmail.com 2021-12-09 13:35:55 +05:45
parent 09b453e488
commit 5c5f1be812
5 changed files with 10 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
masakari/Chart.yaml
View File

@ -14,7 +14,7 @@ apiVersion: v1
appVersion: v1.0.0 appVersion: v1.0.0
description: OpenStack-Helm Masakari description: OpenStack-Helm Masakari
name: masakari name: masakari
version: 0.1.2 version: 0.1.3
home: https://docs.openstack.org/developer/masakari home: https://docs.openstack.org/developer/masakari
icon: https://www.openstack.org/themes/openstack/images/project-mascots/Masakari/OpenStack_Project_masakari_vertical.png icon: https://www.openstack.org/themes/openstack/images/project-mascots/Masakari/OpenStack_Project_masakari_vertical.png
sources: sources:

1
masakari/templates/configmap-etc.yaml
View File

@ -132,6 +132,7 @@ data:
masakari.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.masakari | b64enc }} masakari.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.masakari | b64enc }}
api-paste.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | b64enc }} api-paste.ini: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.paste | b64enc }}
masakarimonitors.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.masakarimonitors | b64enc }} masakarimonitors.conf: {{ include "helm-toolkit.utils.to_oslo_conf" .Values.conf.masakarimonitors | b64enc }}
masakari_sudoers: {{ $envAll.Values.conf.masakari_sudoers | b64enc }}
{{- end }} {{- end }}
{{- end }} {{- end }}
{{- if .Values.manifests.configmap_etc }} {{- if .Values.manifests.configmap_etc }}

3
masakari/templates/daemonset-host-monitor.yaml
View File

@ -102,6 +102,9 @@ spec:
- name: masakari-etc - name: masakari-etc
mountPath: /etc/masakari/masakarimonitors.conf mountPath: /etc/masakari/masakarimonitors.conf
subPath: masakarimonitors.conf subPath: masakarimonitors.conf
- name: masakari-etc
mountPath: /etc/sudoers.d/masakari_sudoers
subPath: masakari_sudoers
- name: masakarietc - name: masakarietc
mountPath: /etc/masakari mountPath: /etc/masakari
- name: varrun - name: varrun

5
masakari/values.yaml
View File

@ -571,6 +571,9 @@ conf:
disable_ipmi_checks: true disable_ipmi_checks: true
corosync_multicast_ports: 5405 corosync_multicast_ports: 5405
pacemaker_node_type: remote pacemaker_node_type: remote
masakari_sudoers: |
Defaults secure_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin:/var/lib/openstack/bin"
masakari-monitors ALL=(ALL:ALL) NOPASSWD: /var/lib/openstack/bin/privsep-helper
# Note(xuxant): Hooks will break the upgrade for helm2 # Note(xuxant): Hooks will break the upgrade for helm2
# Set to false if using helm2. # Set to false if using helm2.
@ -602,5 +605,5 @@ manifests:
pdb_api: true pdb_api: true
# Host Monitors in containers needs pacemaker remote. # Host Monitors in containers needs pacemaker remote.
host_monitor: false host_monitor: false
instance_monitor: true instance_monitor: false
process_monitor: false process_monitor: false

1
releasenotes/notes/masakari.yaml
View File

@ -3,4 +3,5 @@ masakari:
- 0.1.0 Initial Chart - 0.1.0 Initial Chart
- 0.1.1 Seperate node labels for monitors - 0.1.1 Seperate node labels for monitors
- 0.1.2 Added halm hook and fix for hostmonitors to support pacemaker remote - 0.1.2 Added halm hook and fix for hostmonitors to support pacemaker remote
- 0.1.3 Mount sudoers file for masakari hostmonitors
... ...