From 2b2c97eb5ca332ce7d1f83e4fd2e81fabe0acb66 Mon Sep 17 00:00:00 2001 From: Thierry Carrez Date: Fri, 3 Aug 2012 15:35:03 +0200 Subject: [PATCH] Deprecate root_helper in favor of rootwrap_config Align with recent changes in nova-rootwrap by marking the root_helper option deprecated and introduce usage of the rootwrap_config option instead. The root_helper option will still fully be supported in Folsom, but will be removed in Grizzly. Transition notes: you should replace: root_helper=sudo cinder-rootwrap /etc/cinder/rootwrap.conf by: rootwrap_config=/etc/cinder/rootwrap.conf Change-Id: I22a6d2bdee6ad2c5ad587ceec574cec4b2887f22 --- bin/cinder-rootwrap | 2 +- cinder/flags.py | 6 +++++- cinder/utils.py | 14 ++++++++++++-- 3 files changed, 18 insertions(+), 4 deletions(-) diff --git a/bin/cinder-rootwrap b/bin/cinder-rootwrap index 71984d96e..04b8979fb 100755 --- a/bin/cinder-rootwrap +++ b/bin/cinder-rootwrap @@ -21,7 +21,7 @@ Filters which commands cinder is allowed to run as another user. To use this, you should set the following in cinder.conf: - root_helper=sudo cinder-rootwrap /etc/cinder/rootwrap.conf + rootwrap_config=/etc/cinder/rootwrap.conf You also need to let the cinder user run cinder-rootwrap as root in sudoers: cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap diff --git a/cinder/flags.py b/cinder/flags.py index 673aae394..c47175d8b 100644 --- a/cinder/flags.py +++ b/cinder/flags.py @@ -247,7 +247,11 @@ global_opts = [ 'formatted with on creation.'), cfg.StrOpt('root_helper', default='sudo', - help='Command prefix to use for running commands as root'), + help='Deprecated: command to use for running commands as root'), + cfg.StrOpt('rootwrap_config', + default=None, + help='Path to the rootwrap configuration file to use for ' + 'running commands as root'), cfg.BoolOpt('use_ipv6', default=False, help='use ipv6'), diff --git a/cinder/utils.py b/cinder/utils.py index fbe29efb0..dc393684c 100644 --- a/cinder/utils.py +++ b/cinder/utils.py @@ -62,6 +62,12 @@ ISO_TIME_FORMAT = "%Y-%m-%dT%H:%M:%S" PERFECT_TIME_FORMAT = "%Y-%m-%dT%H:%M:%S.%f" FLAGS = flags.FLAGS +if FLAGS.rootwrap_config is None or FLAGS.root_helper != 'sudo': + LOG.warn(_('The root_helper option (which lets you specify a root ' + 'wrapper different from cinder-rootwrap, and defaults to ' + 'using sudo) is now deprecated. You should use the ' + 'rootwrap_config option instead.')) + def find_config(config_path): """Find a configuration file using the given hint. @@ -143,7 +149,7 @@ def execute(*cmd, **kwargs): """Helper method to execute command with optional retry. If you add a run_as_root=True command, don't forget to add the - corresponding filter to cinder.rootwrap ! + corresponding filter to etc/cinder/rootwrap.d ! :param cmd: Passed to subprocess.Popen. :param process_input: Send to opened process. @@ -184,7 +190,11 @@ def execute(*cmd, **kwargs): 'to utils.execute: %r') % kwargs) if run_as_root: - cmd = shlex.split(FLAGS.root_helper) + list(cmd) + if (FLAGS.rootwrap_config is not None): + cmd = ['sudo', 'cinder-rootwrap', + FLAGS.rootwrap_config] + list(cmd) + else: + cmd = shlex.split(FLAGS.root_helper) + list(cmd) cmd = map(str, cmd) while attempts > 0: -- 2.45.2