Skip to content

Commit 420244f

Browse files
mmalchukmmalchuk
committed
Fix Swift deployment issue
Swift deployment is broken since CVE-2022-38060 fixed sudoers file in the I66476a2b396e2cbe41e68ac51f57aae1806b2ed8. The kolla-toolbox container have their own virtualenv path differs from all other containers. This change adds the correct sudoers secure_path configuration needed only for kolla-toolbox conainer. Related-Bug: #1985784 Change-Id: I3651576ee354364d639c187ff750491667ecab56 Signed-off-by: Maksim Malchuk <[email protected]> (cherry picked from commit b8a3526)
1 parent bcfdd7f commit 420244f

File tree

2 files changed

+9
-0
lines changed

2 files changed

+9
-0
lines changed

docker/kolla-toolbox/ansible_sudoers

Lines changed: 2 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1 +1,3 @@
1+
Defaults secure_path="/opt/ansible/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
2+
13
ansible ALL=(root) NOPASSWD: /opt/ansible/bin/ansible localhost -m find_disks -a *, /usr/local/bin/ansible localhost -m find_disks -a *

releasenotes/notes/swift-sudo-issue-84d37919c980a373.yaml

Lines changed: 7 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,7 @@
1+
---
2+
fixes:
3+
- |
4+
Fixes an issue with Swift deployment via Kolla Ansible caused by
5+
the fix to CVE-2022-38060.
6+
The kolla-toolbox container now have its own sudoers secure_path
7+
configuration which allows the necessary binaries to execute.

0 commit comments

Comments
 (0)