Fix Swift deployment issue

Swift deployment is broken since CVE-2022-38060 fixed sudoers file in the I66476a2b396e2cbe41e68ac51f57aae1806b2ed8. The kolla-toolbox container have their own virtualenv path differs from all other containers. This change adds the correct sudoers secure_path configuration needed only for kolla-toolbox conainer. Related-Bug: #1985784 Change-Id: I3651576ee354364d639c187ff750491667ecab56 Signed-off-by: Maksim Malchuk <[email protected]> (cherry picked from commit b8a3526)
stackhpc · Oct 9, 2022 · 420244f · 420244f
1 parent bcfdd7f
commit 420244f
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 0 deletions.
diff --git a/docker/kolla-toolbox/ansible_sudoers b/docker/kolla-toolbox/ansible_sudoers
@@ -1 +1,3 @@
+Defaults secure_path="/opt/ansible/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
+
 ansible ALL=(root) NOPASSWD: /opt/ansible/bin/ansible localhost -m find_disks -a *, /usr/local/bin/ansible localhost -m find_disks -a *
diff --git a/releasenotes/notes/swift-sudo-issue-84d37919c980a373.yaml b/releasenotes/notes/swift-sudo-issue-84d37919c980a373.yaml
@@ -0,0 +1,7 @@
+---
+fixes:
+  - |
+    Fixes an issue with Swift deployment via Kolla Ansible caused by
+    the fix to CVE-2022-38060.
+    The kolla-toolbox container now have its own sudoers secure_path
+    configuration which allows the necessary binaries to execute.
Original file line number	Diff line number	Diff line change
		@@ -1 +1,3 @@
		Defaults secure_path="/opt/ansible/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"

		ansible ALL=(root) NOPASSWD: /opt/ansible/bin/ansible localhost -m find_disks -a , /usr/local/bin/ansible localhost -m find_disks -a