From 420244f7f0850c1048b41b9b916d13114994bdcb Mon Sep 17 00:00:00 2001 From: Maksim Malchuk Date: Sat, 8 Oct 2022 01:29:02 +0300 Subject: [PATCH] Fix Swift deployment issue Swift deployment is broken since CVE-2022-38060 fixed sudoers file in the I66476a2b396e2cbe41e68ac51f57aae1806b2ed8. The kolla-toolbox container have their own virtualenv path differs from all other containers. This change adds the correct sudoers secure_path configuration needed only for kolla-toolbox conainer. Related-Bug: #1985784 Change-Id: I3651576ee354364d639c187ff750491667ecab56 Signed-off-by: Maksim Malchuk (cherry picked from commit b8a352647d57d35463e551a0d360c19fb2ad34c6) --- docker/kolla-toolbox/ansible_sudoers | 2 ++ releasenotes/notes/swift-sudo-issue-84d37919c980a373.yaml | 7 +++++++ 2 files changed, 9 insertions(+) create mode 100644 releasenotes/notes/swift-sudo-issue-84d37919c980a373.yaml diff --git a/docker/kolla-toolbox/ansible_sudoers b/docker/kolla-toolbox/ansible_sudoers index c43917f651..5a3f109b45 100644 --- a/docker/kolla-toolbox/ansible_sudoers +++ b/docker/kolla-toolbox/ansible_sudoers @@ -1 +1,3 @@ +Defaults secure_path="/opt/ansible/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin" + ansible ALL=(root) NOPASSWD: /opt/ansible/bin/ansible localhost -m find_disks -a *, /usr/local/bin/ansible localhost -m find_disks -a * diff --git a/releasenotes/notes/swift-sudo-issue-84d37919c980a373.yaml b/releasenotes/notes/swift-sudo-issue-84d37919c980a373.yaml new file mode 100644 index 0000000000..5823848f74 --- /dev/null +++ b/releasenotes/notes/swift-sudo-issue-84d37919c980a373.yaml @@ -0,0 +1,7 @@ +--- +fixes: + - | + Fixes an issue with Swift deployment via Kolla Ansible caused by + the fix to CVE-2022-38060. + The kolla-toolbox container now have its own sudoers secure_path + configuration which allows the necessary binaries to execute.