On our compute host we have venvs for both neutron and nova, and under
/etc/sudoers.d/ we had a file for each projects rootwrap. And in those files
we specified a secure path.
/etc/sudoers.d/nova-rootwrap
Defaults secure_path="/opt/openstack/nova/venv/bin:..."
nova ALL=(root) NOPASSWD: /opt/openstack/nova/venv/bin/nova-rootwrap /etc/nova/rootwrap.conf *
But only one of those 'secure_path' takes preference, in our case nova which
meant that 'neutron-ns-metadata-proxy' was out of our path again.
Wouldn't it just be better if we just set the environment PATH to the
exec_dirs, since that's where we'll be searching for the executables.
This would also result in less places to maintain your paths.
oslo_rootwrap/wrapper.py
if config.has_option("DEFAULT", "exec_dirs"):
self.exec_dirs = config.get("DEFAULT", "exec_dirs").split(",")
# Replace PATH with exec_dirs if specified
os.putenv("PATH", ":".join(self.exec_dirs))
We ran into this problem yesterday.
On our compute host we have venvs for both neutron and nova, and under
/etc/sudoers.d/ we had a file for each projects rootwrap. And in those files
we specified a secure path.
/etc/sudoers. d/neutron- rootwrap path="/ opt/openstack/ neutron/ venv/bin: ..." neutron/ venv/bin/ neutron- rootwrap /etc/neutron/ rootwrap. conf *
Defaults secure_
neutron ALL=(root) NOPASSWD: /opt/openstack/
/etc/sudoers. d/nova- rootwrap path="/ opt/openstack/ nova/venv/ bin:... " nova/venv/ bin/nova- rootwrap /etc/nova/ rootwrap. conf *
Defaults secure_
nova ALL=(root) NOPASSWD: /opt/openstack/
But only one of those 'secure_path' takes preference, in our case nova which ns-metadata- proxy' was out of our path again.
meant that 'neutron-
Wouldn't it just be better if we just set the environment PATH to the
exec_dirs, since that's where we'll be searching for the executables.
This would also result in less places to maintain your paths.
oslo_rootwrap/ wrapper. py has_option( "DEFAULT" , "exec_dirs"): get("DEFAULT" , "exec_dirs" ).split( ",") self.exec_ dirs))
if config.
self.exec_dirs = config.
# Replace PATH with exec_dirs if specified
os.putenv("PATH", ":".join(