From 9e4ada022c97af5eb37cb0c299bf0824d227ef2f Mon Sep 17 00:00:00 2001 From: Steve Wilkerson Date: Wed, 12 Apr 2017 08:07:06 -0500 Subject: [PATCH] Add cinder rootwrap Currently cinder doesn't include the template for adding rootwrap. As we look to include additional backends, we'll require rootwrap.conf to be present for cinder function properly Change-Id: Id8af3637edca12bc54edc9e25f5f88b2ef0cc410 --- cinder/templates/configmap-etc.yaml | 2 ++ cinder/templates/etc/_rootwrap.conf.tpl | 27 +++++++++++++++++++++++++ 2 files changed, 29 insertions(+) create mode 100644 cinder/templates/etc/_rootwrap.conf.tpl diff --git a/cinder/templates/configmap-etc.yaml b/cinder/templates/configmap-etc.yaml index 8317882bc2..ffab725561 100644 --- a/cinder/templates/configmap-etc.yaml +++ b/cinder/templates/configmap-etc.yaml @@ -19,6 +19,8 @@ metadata: data: cinder.conf: |+ {{ tuple "etc/_cinder.conf.tpl" . | include "helm-toolkit.template" | indent 4 }} + rootwrap.conf: |+ +{{ tuple "etc/_rootwrap.conf.tpl" . | include "helm-toolkit.template" | indent 4 }} api-paste.ini: |+ {{ tuple "etc/_cinder-api-paste.ini.tpl" . | include "helm-toolkit.template" | indent 4 }} policy.json: |+ diff --git a/cinder/templates/etc/_rootwrap.conf.tpl b/cinder/templates/etc/_rootwrap.conf.tpl new file mode 100644 index 0000000000..4986c9e39f --- /dev/null +++ b/cinder/templates/etc/_rootwrap.conf.tpl @@ -0,0 +1,27 @@ +# Configuration for cinder-rootwrap +# This file should be owned by (and only-writeable by) the root user + +[DEFAULT] +# List of directories to load filter definitions from (separated by ','). +# These directories MUST all be only writeable by root ! +filters_path=/etc/cinder/rootwrap.d + +# List of directories to search executables in, in case filters do not +# explicitely specify a full path (separated by ',') +# If not specified, defaults to system PATH environment variable. +# These directories MUST all be only writeable by root ! +exec_dirs=/sbin,/usr/sbin,/bin,/usr/bin,/usr/local/bin,/usr/local/sbin + +# Enable logging to syslog +# Default value is False +use_syslog=False + +# Which syslog facility to use. +# Valid values include auth, authpriv, syslog, local0, local1... +# Default value is 'syslog' +syslog_log_facility=syslog + +# Which messages to log. +# INFO means log all usage +# ERROR means only log unsuccessful attempts +syslog_log_level=ERROR