Re: [Rootwrap] Package sudoers file for rootwrap?
by Francesco Di Nucci
Ok,
thank you all, it looks like I had a problem during major upgrades...
For example package nova-common was installed, but file
/etc/sudoers.d/nova was not present.
Reinstalled the package with DNF and now it's there... I don't know what
happened
Regards
Francesco Di Nucci
On 13/06/24 14:17, smooney(a)redhat.com wrote:
> On Thu, 2024-06-13 at 13:46 +0200, Francesco Di Nucci wrote:
>> I'm sorry,
>>
>> I have only checked using EL with CentOS Stream repos
> its in the rdo repos which is the supproted way to install on centos
> https://github.com/rdo-packages/nova-distgit/blob/rpm-master/nova-sudoers
> https://github.com/rdo-packages/neutron-distgit/blob/rpm-master/neutron-s...
>
> i didnt check all the packages but it should be covered.
>
> are you using the packages form the rpm packaging tooling
> it looks like its there too
> https://github.com/openstack/rpm-packaging/blob/master/openstack/nova/ope...
>
>> Regards
>>
>> Francesco Di Nucci
>>
>> On 13/06/24 12:43, Thomas Goirand wrote:
>>> On 6/13/24 09:48, Francesco Di Nucci wrote:
>>>> Hello,
>>>>
>>>> I was reviewing the sudoers entries I'm using for rootwrap
>>>> (https://wiki.openstack.org/wiki/Rootwrap) and I was wondering -
>>>> would it be possible to sudoers config in the packages?
>>>>
>>>> Maybe as files to be placed in /etc/sudoers.d, especially as apart
>>>> from Nova the usage is not well documented, and I had to use kolla's
>>>> files as examples
>>>>
>>>> Best regards
>>>>
>>>> Francesco Di Nucci
>>> Hi Francesco,
>>>
>>> I'm not sure for what distribution you're talking about, but at least
>>> in Debian, each package that needs it has a /etc/sudoers.d file. For
>>> example, in a compute node, you'll get:
>>>
>>> - ceph-smartctl
>>> - cinder-common
>>> - neutron_sudoers
>>> - nova-common
>>>
>>> For example, the Neutron one contains:
>>>
>>> # cat neutron_sudoers
>>> Defaults:neutron !requiretty
>>>
>>> neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap
>>> /etc/neutron/rootwrap.conf *
>>> neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon
>>> /etc/neutron/rootwrap.conf
>>>
>>> I hope this helps,
>>> Cheers,
>>>
>>> Thomas Goirand (zigo)
>>>
>>>
>
>
5 months
Re: [Rootwrap] Package sudoers file for rootwrap?
by Francesco Di Nucci
I'm sorry,
I have only checked using EL with CentOS Stream repos
Regards
Francesco Di Nucci
On 13/06/24 12:43, Thomas Goirand wrote:
> On 6/13/24 09:48, Francesco Di Nucci wrote:
>> Hello,
>>
>> I was reviewing the sudoers entries I'm using for rootwrap
>> (https://wiki.openstack.org/wiki/Rootwrap) and I was wondering -
>> would it be possible to sudoers config in the packages?
>>
>> Maybe as files to be placed in /etc/sudoers.d, especially as apart
>> from Nova the usage is not well documented, and I had to use kolla's
>> files as examples
>>
>> Best regards
>>
>> Francesco Di Nucci
>
> Hi Francesco,
>
> I'm not sure for what distribution you're talking about, but at least
> in Debian, each package that needs it has a /etc/sudoers.d file. For
> example, in a compute node, you'll get:
>
> - ceph-smartctl
> - cinder-common
> - neutron_sudoers
> - nova-common
>
> For example, the Neutron one contains:
>
> # cat neutron_sudoers
> Defaults:neutron !requiretty
>
> neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap
> /etc/neutron/rootwrap.conf *
> neutron ALL = (root) NOPASSWD: /usr/bin/neutron-rootwrap-daemon
> /etc/neutron/rootwrap.conf
>
> I hope this helps,
> Cheers,
>
> Thomas Goirand (zigo)
>
>
5 months
[Rootwrap] Package sudoers file for rootwrap?
by Francesco Di Nucci
Hello,
I was reviewing the sudoers entries I'm using for rootwrap
(https://wiki.openstack.org/wiki/Rootwrap) and I was wondering - would
it be possible to sudoers config in the packages?
Maybe as files to be placed in /etc/sudoers.d, especially as apart from
Nova the usage is not well documented, and I had to use kolla's files as
examples
Best regards
Francesco Di Nucci
5 months, 1 week