Last active
April 26, 2022 15:01
-
-
Save adarobin/699a164b6ad5b355b107de77bd38ae3a to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
diff --git a/playbooks/roles/bifrost-ironic-install/defaults/main.yml b/playbooks/roles/bifrost-ironic-install/defaults/main.yml | |
index fa4591a8..3cd1eeb9 100644 | |
--- a/playbooks/roles/bifrost-ironic-install/defaults/main.yml | |
+++ b/playbooks/roles/bifrost-ironic-install/defaults/main.yml | |
@@ -406,3 +406,11 @@ pxe_kernel_params: >- | |
{{ extra_kernel_options | default('') }} | |
redfish_kernel_params: "{{ pxe_kernel_params }}" | |
ilo_kernel_params: "{{ pxe_kernel_params }}" | |
+ | |
+symlinks_from_venv: | |
+ - "{{ (true) | ternary('{{ bifrost_venv_dir }}/bin/ironic-rootwrap','') }}" | |
+ - "{{ (enable_inspector|bool) | ternary('{{ bifrost_venv_dir }}/bin/ironic-inspector-rootwrap','') }}" | |
+ | |
+sudoers_for_rootwrap: | |
+ - "{{ (true) | ternary('ironic','') }}" | |
+ - "{{ (enable_inspector|bool) | ternary('ironic-inspector','') }}" | |
diff --git a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml | |
index 44e86d86..205d061b 100644 | |
--- a/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml | |
+++ b/playbooks/roles/bifrost-ironic-install/tasks/ironic_config.yml | |
@@ -50,14 +50,10 @@ | |
src: "{{ item }}" | |
owner: root | |
group: root | |
- loop: | |
- - "{{ bifrost_venv_dir }}/bin/ironic-rootwrap" | |
- - "{{ bifrost_venv_dir }}/bin/ironic-inspector-rootwrap" | |
+ loop: "{{ symlinks_from_venv|select|list }}" | |
- name: "Set sudoers for rootwrap" | |
lineinfile: | |
dest: /etc/sudoers | |
regexp: "^ironic(.*)/{{ item }}-rootwrap /etc/{{ item }}/rootwrap.conf(.*)" | |
line: "ironic ALL = (root) NOPASSWD: {{ ironic_rootwrap_dir }}/{{ item }}-rootwrap /etc/{{ item }}/rootwrap.conf *" | |
- loop: | |
- - ironic | |
- - ironic-inspector | |
+ loop: "{{ sudoers_for_rootwrap|select|list }}" |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment