Add privsep-helper to neutron sudoers file

With the new oslo-privsep library, there is now a privsep-helper command that is used to escalate privledges. This command needs to be runnable by the neutron user via sudo without a password. The old rootwrap command is still used as well, so for now we need to have both. Change-Id: I8e9743da3e51e71a113d958c22007cf54aa17fc4
openstack · Apr 1, 2019 · 668fb5a · 668fb5a
1 parent 01857d4
commit 668fb5a
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/templates/sudoers.j2 b/templates/sudoers.j2
@@ -5,3 +5,4 @@ Defaults:{{ neutron_system_user_name }} secure_path="{{ neutron_bin }}:/usr/loca
 
 {{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/{{ neutron_service_name }}-rootwrap
 {{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/{{ neutron_service_name }}-rootwrap-daemon
+{{ neutron_system_user_name }} ALL = (root) NOPASSWD: {{ neutron_bin }}/privsep-helper