From 0c6e66859894771e58d488c1d9f9427bb06d4d27 Mon Sep 17 00:00:00 2001
From: "billy.olsen@canonical.com" <>
Date: Thu, 3 Sep 2015 17:30:23 -0700
Subject: [PATCH] [billy-olsen,r=]  Include an acl file for corosync containing
 the hacluster user and haclient group.

Closes-Bug: 1439649
---
 hooks/utils.py          | 7 ++++++-
 templates/hacluster.acl | 4 ++++
 2 files changed, 10 insertions(+), 1 deletion(-)
 create mode 100644 templates/hacluster.acl

diff --git a/hooks/utils.py b/hooks/utils.py
index 82095af..b152ffd 100644
--- a/hooks/utils.py
+++ b/hooks/utils.py
@@ -64,10 +64,12 @@ TEMPLATES_DIR = 'templates'
 COROSYNC_CONF = '/etc/corosync/corosync.conf'
 COROSYNC_DEFAULT = '/etc/default/corosync'
 COROSYNC_AUTHKEY = '/etc/corosync/authkey'
+COROSYNC_HACLUSTER_ACL = '/etc/corosync/uidgid.d/hacluster'
 COROSYNC_CONF_FILES = [
     COROSYNC_DEFAULT,
     COROSYNC_AUTHKEY,
-    COROSYNC_CONF
+    COROSYNC_CONF,
+    COROSYNC_HACLUSTER_ACL,
 ]
 SUPPORTED_TRANSPORTS = ['udp', 'udpu', 'multicast', 'unicast']
 
@@ -250,6 +252,9 @@ def emit_base_conf():
                content=render_template('corosync',
                                        corosync_default_context))
 
+    write_file(path=COROSYNC_HACLUSTER_ACL,
+               content=render_template('hacluster.acl', {}))
+
     corosync_key = config('corosync_key')
     if corosync_key:
         write_file(path=COROSYNC_AUTHKEY,
diff --git a/templates/hacluster.acl b/templates/hacluster.acl
new file mode 100644
index 0000000..c8296c2
--- /dev/null
+++ b/templates/hacluster.acl
@@ -0,0 +1,4 @@
+uidgid {
+ uid: hacluster
+ gid: haclient
+}