When built with the binary install type (at least on CentOS), Ironic
inspector fails to start and the container remains in a restarting
state. The log file shows that it is failing to execute iptables, and
analysis found that this was due to an incorrect rootwrap
configuration. The RDO ironic inspector RPM expects Ironic inspector
to be run as the ironic-inspector user, however Kolla uses the ironic
user. This means that neither of the packaged ironic nor
ironic-inspector sudoers configuration files works for us.
Kolla currently installs a sudoers file pointing to the rootwrap
script in the virtualenv of the source install, but of course this
only makes sense for source installs, and should not be installed for
binary installs.
This change adds a second sudoers file that will work for the binary
install type, and installs the correct sudoers file for the install
type.
Change-Id: I8ecd0b658b8df8f38ddf717fa9443d4dc2896984
Closes-Bug: #1624457
(cherry picked from commit 5752c7eb0b1f9c5978dd4e9271ded346cea231e0)
Reviewed: https:/ /review. openstack. org/440672 /git.openstack. org/cgit/ openstack/ kolla/commit/ ?id=9ec3d110078 d571068325e1f19 8745a6ae78f633
Committed: https:/
Submitter: Jenkins
Branch: stable/ocata
commit 9ec3d110078d571 068325e1f198745 a6ae78f633
Author: Mark Goddard <email address hidden>
Date: Wed Feb 22 02:23:05 2017 +0000
Fix binary ironic-inspector rootwrap configuration
When built with the binary install type (at least on CentOS), Ironic inspector sudoers configuration files works for us.
inspector fails to start and the container remains in a restarting
state. The log file shows that it is failing to execute iptables, and
analysis found that this was due to an incorrect rootwrap
configuration. The RDO ironic inspector RPM expects Ironic inspector
to be run as the ironic-inspector user, however Kolla uses the ironic
user. This means that neither of the packaged ironic nor
ironic-
Kolla currently installs a sudoers file pointing to the rootwrap
script in the virtualenv of the source install, but of course this
only makes sense for source installs, and should not be installed for
binary installs.
This change adds a second sudoers file that will work for the binary
install type, and installs the correct sudoers file for the install
type.
Change-Id: I8ecd0b658b8df8 f38ddf717fa9443 d4dc2896984 978dd4e9271ded3 46cea231e0)
Closes-Bug: #1624457
(cherry picked from commit 5752c7eb0b1f9c5