Deprecate root_helper in favor of rootwrap_config

Align with recent changes in nova-rootwrap by marking the root_helper option deprecated and introduce usage of the rootwrap_config option instead. The root_helper option will still fully be supported in Folsom, but will be removed in Grizzly. Transition notes: you should replace: root_helper=sudo cinder-rootwrap /etc/cinder/rootwrap.conf by: rootwrap_config=/etc/cinder/rootwrap.conf Change-Id: I22a6d2bdee6ad2c5ad587ceec574cec4b2887f22
openstack · Aug 3, 2012 · 2b2c97e · 2b2c97e
1 parent 0be1725
commit 2b2c97e
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 4 deletions.
diff --git a/bin/cinder-rootwrap b/bin/cinder-rootwrap
@@ -21,7 +21,7 @@
    Filters which commands cinder is allowed to run as another user.
 
    To use this, you should set the following in cinder.conf:
-   root_helper=sudo cinder-rootwrap /etc/cinder/rootwrap.conf
+   rootwrap_config=/etc/cinder/rootwrap.conf
 
    You also need to let the cinder user run cinder-rootwrap as root in sudoers:
    cinder ALL = (root) NOPASSWD: /usr/bin/cinder-rootwrap

diff --git a/cinder/flags.py b/cinder/flags.py
@@ -247,7 +247,11 @@ def _get_my_ip():
                     'formatted with on creation.'),
     cfg.StrOpt('root_helper',
                default='sudo',
-               help='Command prefix to use for running commands as root'),
+               help='Deprecated: command to use for running commands as root'),
+    cfg.StrOpt('rootwrap_config',
+               default=None,
+               help='Path to the rootwrap configuration file to use for '
+                    'running commands as root'),
     cfg.BoolOpt('use_ipv6',
                 default=False,
                 help='use ipv6'),

diff --git a/cinder/utils.py b/cinder/utils.py
@@ -62,6 +62,12 @@
 PERFECT_TIME_FORMAT = "%Y-%m-%dT%H:%M:%S.%f"
 FLAGS = flags.FLAGS
 
+if FLAGS.rootwrap_config is None or FLAGS.root_helper != 'sudo':
+    LOG.warn(_('The root_helper option (which lets you specify a root '
+               'wrapper different from cinder-rootwrap, and defaults to '
+               'using sudo) is now deprecated. You should use the '
+               'rootwrap_config option instead.'))
+
 
 def find_config(config_path):
     """Find a configuration file using the given hint.
@@ -143,7 +149,7 @@ def execute(*cmd, **kwargs):
     """Helper method to execute command with optional retry.
 
     If you add a run_as_root=True command, don't forget to add the
-    corresponding filter to cinder.rootwrap !
+    corresponding filter to etc/cinder/rootwrap.d !
 
     :param cmd:                Passed to subprocess.Popen.
     :param process_input:      Send to opened process.
@@ -184,7 +190,11 @@ def execute(*cmd, **kwargs):
                                 'to utils.execute: %r') % kwargs)
 
     if run_as_root:
-        cmd = shlex.split(FLAGS.root_helper) + list(cmd)
+        if (FLAGS.rootwrap_config is not None):
+            cmd = ['sudo', 'cinder-rootwrap',
+                   FLAGS.rootwrap_config] + list(cmd)
+        else:
+            cmd = shlex.split(FLAGS.root_helper) + list(cmd)
     cmd = map(str, cmd)
 
     while attempts > 0: