From 5e90e90b110ec2fbbf1f67234565e525139affe7 Mon Sep 17 00:00:00 2001
From: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Date: Sat, 25 Jun 2016 18:04:11 +0800
Subject: [PATCH] Set the privsep_osbrick.helper_command in nova and cinder

os-brick starts using privsep, it will need to know how to invoke its
privileged half. This follow the how the devstack fixed in nova[1] and
cinder[2].

[1] https://review.openstack.org/#/c/277696/
[2] https://review.openstack.org/#/c/280031/

TrivialFix

Change-Id: I3761a5bde9766297127ad2011453ae4221ff5c2b
---
 ansible/roles/cinder/templates/cinder.conf.j2 | 3 +++
 ansible/roles/nova/templates/nova.conf.j2     | 3 +++
 2 files changed, 6 insertions(+)

diff --git a/ansible/roles/cinder/templates/cinder.conf.j2 b/ansible/roles/cinder/templates/cinder.conf.j2
index d1ff2b33bc..31ed79655b 100644
--- a/ansible/roles/cinder/templates/cinder.conf.j2
+++ b/ansible/roles/cinder/templates/cinder.conf.j2
@@ -92,3 +92,6 @@ rbd_user = cinder
 rbd_secret_uuid = {{ rbd_secret_uuid }}
 report_discard_supported = True
 {% endif %}
+
+[privsep_entrypoint]
+helper_command=sudo cinder-rootwrap /etc/cinder/rootwrap.conf privsep-helper --config-file /etc/cinder/cinder.conf
diff --git a/ansible/roles/nova/templates/nova.conf.j2 b/ansible/roles/nova/templates/nova.conf.j2
index 475416096d..b1777b69be 100644
--- a/ansible/roles/nova/templates/nova.conf.j2
+++ b/ansible/roles/nova/templates/nova.conf.j2
@@ -175,3 +175,6 @@ topics = notifications
 {% else %}
 driver = noop
 {% endif %}
+
+[privsep_entrypoint]
+helper_command=sudo nova-rootwrap /etc/nova/rootwrap.conf privsep-helper --config-file /etc/nova/nova.conf