openstack/devstack
Code Issues Proposed changes

Fix "sudo: sorry, you must have a tty to run sudo"

Browse Source 
On many systems the requiretty sudoers option is turned on by default.
With "requiretty" option the sudo ensures the user have real tty access.

Just several "su" variant has an option for skipping the new session creation step.

Only one session can posses a tty, so after a "su -c" the sudo will not
work.

We will use sudo instead of su, when we create the stack account.

This change adds new variable the STACK_USER for
 service username.

Change-Id: I1b3fbd903686884e74a5a22d82c0c0890e1be03c
This commit is contained in:
Attila Fazekas
2013-01-06 22:40:09 +01:00
parent 9f67bd692c
commit 91b8d13eda
17 changed files with 72 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
lib/baremetal
View File

@@ -200,14 +200,14 @@ function configure_baremetal_nova_dirs() {
sudo mkdir -p /tftpboot sudo mkdir -p /tftpboot
sudo mkdir -p /tftpboot/pxelinux.cfg sudo mkdir -p /tftpboot/pxelinux.cfg
sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot/ sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
sudo chown -R `whoami`:libvirtd /tftpboot sudo chown -R $STACK_USER:libvirtd /tftpboot
# ensure $NOVA_STATE_PATH/baremetal is prepared # ensure $NOVA_STATE_PATH/baremetal is prepared
sudo mkdir -p $NOVA_STATE_PATH/baremetal sudo mkdir -p $NOVA_STATE_PATH/baremetal
sudo mkdir -p $NOVA_STATE_PATH/baremetal/console sudo mkdir -p $NOVA_STATE_PATH/baremetal/console
sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq
sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host
sudo chown -R `whoami` $NOVA_STATE_PATH/baremetal sudo chown -R $STACK_USER $NOVA_STATE_PATH/baremetal
# ensure dnsmasq is installed but not running # ensure dnsmasq is installed but not running
# because baremetal driver will reconfigure and restart this as needed # because baremetal driver will reconfigure and restart this as needed

3
lib/ceilometer
View File

@@ -9,6 +9,7 @@
# - OS_AUTH_URL for auth in api # - OS_AUTH_URL for auth in api
# - DEST set to the destination directory # - DEST set to the destination directory
# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api # - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
# - STACK_USER service user
# stack.sh # stack.sh
# --------- # ---------
@@ -94,7 +95,7 @@ function configure_ceilometer() {
function init_ceilometer() { function init_ceilometer() {
# Create cache dir # Create cache dir
sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR
sudo chown `whoami` $CEILOMETER_AUTH_CACHE_DIR sudo chown $STACK_USER $CEILOMETER_AUTH_CACHE_DIR
rm -f $CEILOMETER_AUTH_CACHE_DIR/* rm -f $CEILOMETER_AUTH_CACHE_DIR/*
} }

6
lib/cinder
View File

@@ -3,7 +3,7 @@
# Dependencies: # Dependencies:
# - functions # - functions
# - DEST, DATA_DIR must be defined # - DEST, DATA_DIR, STACK_USER must be defined
# SERVICE_{TENANT_NAME|PASSWORD} must be defined # SERVICE_{TENANT_NAME|PASSWORD} must be defined
# ``KEYSTONE_TOKEN_FORMAT`` must be defined # ``KEYSTONE_TOKEN_FORMAT`` must be defined
@@ -110,7 +110,7 @@ function configure_cinder() {
if [[ ! -d $CINDER_CONF_DIR ]]; then if [[ ! -d $CINDER_CONF_DIR ]]; then
sudo mkdir -p $CINDER_CONF_DIR sudo mkdir -p $CINDER_CONF_DIR
fi fi
sudo chown `whoami` $CINDER_CONF_DIR sudo chown $STACK_USER $CINDER_CONF_DIR
cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR
@@ -295,7 +295,7 @@ function init_cinder() {
# Create cache dir # Create cache dir
sudo mkdir -p $CINDER_AUTH_CACHE_DIR sudo mkdir -p $CINDER_AUTH_CACHE_DIR
sudo chown `whoami` $CINDER_AUTH_CACHE_DIR sudo chown $STACK_USER $CINDER_AUTH_CACHE_DIR
rm -f $CINDER_AUTH_CACHE_DIR/* rm -f $CINDER_AUTH_CACHE_DIR/*
} }

8
lib/glance
View File

@@ -3,7 +3,7 @@
# Dependencies: # Dependencies:
# ``functions`` file # ``functions`` file
# ``DEST``, ``DATA_DIR`` must be defined # ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined # ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``SERVICE_HOST`` # ``SERVICE_HOST``
# ``KEYSTONE_TOKEN_FORMAT`` must be defined # ``KEYSTONE_TOKEN_FORMAT`` must be defined
@@ -75,7 +75,7 @@ function configure_glance() {
if [[ ! -d $GLANCE_CONF_DIR ]]; then if [[ ! -d $GLANCE_CONF_DIR ]]; then
sudo mkdir -p $GLANCE_CONF_DIR sudo mkdir -p $GLANCE_CONF_DIR
fi fi
sudo chown `whoami` $GLANCE_CONF_DIR sudo chown $STACK_USER $GLANCE_CONF_DIR
# Copy over our glance configurations and update them # Copy over our glance configurations and update them
cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
@@ -158,10 +158,10 @@ function init_glance() {
# Create cache dir # Create cache dir
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/api
rm -f $GLANCE_AUTH_CACHE_DIR/api/* rm -f $GLANCE_AUTH_CACHE_DIR/api/*
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/registry
rm -f $GLANCE_AUTH_CACHE_DIR/registry/* rm -f $GLANCE_AUTH_CACHE_DIR/registry/*
} }

2
lib/heat
View File

@@ -49,7 +49,7 @@ function configure_heat() {
if [[ ! -d $HEAT_CONF_DIR ]]; then if [[ ! -d $HEAT_CONF_DIR ]]; then
sudo mkdir -p $HEAT_CONF_DIR sudo mkdir -p $HEAT_CONF_DIR
fi fi
sudo chown `whoami` $HEAT_CONF_DIR sudo chown $STACK_USER $HEAT_CONF_DIR
HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$SERVICE_HOST} HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$SERVICE_HOST}
HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000} HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}

5
lib/keystone
View File

@@ -7,6 +7,7 @@
# ``SERVICE_HOST``, ``SERVICE_PROTOCOL`` # ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
# ``SERVICE_TOKEN`` # ``SERVICE_TOKEN``
# ``S3_SERVICE_PORT`` (template backend only) # ``S3_SERVICE_PORT`` (template backend only)
# ``STACK_USER``
# ``stack.sh`` calls the entry points in this order: # ``stack.sh`` calls the entry points in this order:
# #
@@ -79,7 +80,7 @@ function configure_keystone() {
if [[ ! -d $KEYSTONE_CONF_DIR ]]; then if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
sudo mkdir -p $KEYSTONE_CONF_DIR sudo mkdir -p $KEYSTONE_CONF_DIR
fi fi
sudo chown `whoami` $KEYSTONE_CONF_DIR sudo chown $STACK_USER $KEYSTONE_CONF_DIR
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
@@ -261,7 +262,7 @@ function init_keystone() {
# Create cache dir # Create cache dir
sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR sudo chown $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
rm -f $KEYSTONE_AUTH_CACHE_DIR/* rm -f $KEYSTONE_AUTH_CACHE_DIR/*
fi fi
} }

12
lib/nova
View File

@@ -3,7 +3,7 @@
# Dependencies: # Dependencies:
# ``functions`` file # ``functions`` file
# ``DEST``, ``DATA_DIR`` must be defined # ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined # ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``LIBVIRT_TYPE`` must be defined # ``LIBVIRT_TYPE`` must be defined
# ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined # ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
@@ -149,7 +149,7 @@ function configure_nova() {
if [[ ! -d $NOVA_CONF_DIR ]]; then if [[ ! -d $NOVA_CONF_DIR ]]; then
sudo mkdir -p $NOVA_CONF_DIR sudo mkdir -p $NOVA_CONF_DIR
fi fi
sudo chown `whoami` $NOVA_CONF_DIR sudo chown $STACK_USER $NOVA_CONF_DIR
cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
@@ -277,7 +277,7 @@ EOF"
if ! getent group libvirtd >/dev/null; then if ! getent group libvirtd >/dev/null; then
sudo groupadd libvirtd sudo groupadd libvirtd
fi fi
add_user_to_group `whoami` libvirtd add_user_to_group $STACK_USER libvirtd
# libvirt detects various settings on startup, as we potentially changed # libvirt detects various settings on startup, as we potentially changed
# the system configuration (modules, filesystems), we need to restart # the system configuration (modules, filesystems), we need to restart
@@ -297,7 +297,7 @@ EOF"
if [ -L /dev/disk/by-label/nova-instances ]; then if [ -L /dev/disk/by-label/nova-instances ]; then
if ! mount -n | grep -q $NOVA_INSTANCES_PATH; then if ! mount -n | grep -q $NOVA_INSTANCES_PATH; then
sudo mount -L nova-instances $NOVA_INSTANCES_PATH sudo mount -L nova-instances $NOVA_INSTANCES_PATH
sudo chown -R `whoami` $NOVA_INSTANCES_PATH sudo chown -R $STACK_USER $NOVA_INSTANCES_PATH
fi fi
fi fi
@@ -474,13 +474,13 @@ function init_nova() {
# Create cache dir # Create cache dir
sudo mkdir -p $NOVA_AUTH_CACHE_DIR sudo mkdir -p $NOVA_AUTH_CACHE_DIR
sudo chown `whoami` $NOVA_AUTH_CACHE_DIR sudo chown $STACK_USER $NOVA_AUTH_CACHE_DIR
rm -f $NOVA_AUTH_CACHE_DIR/* rm -f $NOVA_AUTH_CACHE_DIR/*
# Create the keys folder # Create the keys folder
sudo mkdir -p ${NOVA_STATE_PATH}/keys sudo mkdir -p ${NOVA_STATE_PATH}/keys
# make sure we own NOVA_STATE_PATH and all subdirs # make sure we own NOVA_STATE_PATH and all subdirs
sudo chown -R `whoami` ${NOVA_STATE_PATH} sudo chown -R $STACK_USER ${NOVA_STATE_PATH}
} }
# install_novaclient() - Collect source and prepare # install_novaclient() - Collect source and prepare

4
lib/quantum
View File

@@ -388,7 +388,7 @@ function _configure_quantum_common() {
if [[ ! -d $QUANTUM_CONF_DIR ]]; then if [[ ! -d $QUANTUM_CONF_DIR ]]; then
sudo mkdir -p $QUANTUM_CONF_DIR sudo mkdir -p $QUANTUM_CONF_DIR
fi fi
sudo chown `whoami` $QUANTUM_CONF_DIR sudo chown $STACK_USER $QUANTUM_CONF_DIR
cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF
@@ -730,7 +730,7 @@ function _quantum_setup_keystone() {
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
# Create cache dir # Create cache dir
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR sudo chown $STACK_USER $QUANTUM_AUTH_CACHE_DIR
rm -f $QUANTUM_AUTH_CACHE_DIR/* rm -f $QUANTUM_AUTH_CACHE_DIR/*
} }

2
lib/ryu
View File

@@ -27,7 +27,7 @@ function init_ryu() {
if [[ ! -d $RYU_CONF_DIR ]]; then if [[ ! -d $RYU_CONF_DIR ]]; then
sudo mkdir -p $RYU_CONF_DIR sudo mkdir -p $RYU_CONF_DIR
fi fi
sudo chown `whoami` $RYU_CONF_DIR sudo chown $STACK_USER $RYU_CONF_DIR
RYU_CONF=$RYU_CONF_DIR/ryu.conf RYU_CONF=$RYU_CONF_DIR/ryu.conf
sudo rm -rf $RYU_CONF sudo rm -rf $RYU_CONF

3
lib/swift
View File

@@ -4,6 +4,7 @@
# Dependencies: # Dependencies:
# ``functions`` file # ``functions`` file
# ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined # ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined
# ``STACK_USER`` must be defined
# ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined # ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined
# ``lib/keystone`` file # ``lib/keystone`` file
# ``stack.sh`` calls the entry points in this order: # ``stack.sh`` calls the entry points in this order:
@@ -333,7 +334,7 @@ function init_swift() {
# Create cache dir # Create cache dir
sudo mkdir -p $SWIFT_AUTH_CACHE_DIR sudo mkdir -p $SWIFT_AUTH_CACHE_DIR
sudo chown `whoami` $SWIFT_AUTH_CACHE_DIR sudo chown $STACK_USER $SWIFT_AUTH_CACHE_DIR
rm -f $SWIFT_AUTH_CACHE_DIR/* rm -f $SWIFT_AUTH_CACHE_DIR/*
} }

35
stack.sh
View File

@@ -177,40 +177,43 @@ VERBOSE=$(trueorfalse True $VERBOSE)
# sudo privileges and runs as that user. # sudo privileges and runs as that user.
if [[ $EUID -eq 0 ]]; then if [[ $EUID -eq 0 ]]; then
STACK_USER=$DEFAULT_STACK_USER
ROOTSLEEP=${ROOTSLEEP:-10} ROOTSLEEP=${ROOTSLEEP:-10}
echo "You are running this script as root." echo "You are running this script as root."
echo "In $ROOTSLEEP seconds, we will create a user 'stack' and run as that user" echo "In $ROOTSLEEP seconds, we will create a user '$STACK_USER' and run as that user"
sleep $ROOTSLEEP sleep $ROOTSLEEP
# Give the non-root user the ability to run as **root** via ``sudo`` # Give the non-root user the ability to run as **root** via ``sudo``
is_package_installed sudo || install_package sudo is_package_installed sudo || install_package sudo
if ! getent group stack >/dev/null; then if ! getent group $STACK_USER >/dev/null; then
echo "Creating a group called stack" echo "Creating a group called $STACK_USER"
groupadd stack groupadd $STACK_USER
fi fi
if ! getent passwd stack >/dev/null; then if ! getent passwd $STACK_USER >/dev/null; then
echo "Creating a user called stack" echo "Creating a user called $STACK_USER"
useradd -g stack -s /bin/bash -d $DEST -m stack useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
fi fi
echo "Giving stack user passwordless sudo privileges" echo "Giving stack user passwordless sudo privileges"
# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one # UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers || grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
echo "#includedir /etc/sudoers.d" >> /etc/sudoers echo "#includedir /etc/sudoers.d" >> /etc/sudoers
( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \ ( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
> /etc/sudoers.d/50_stack_sh ) > /etc/sudoers.d/50_stack_sh )
echo "Copying files to stack user" echo "Copying files to $STACK_USER user"
STACK_DIR="$DEST/${TOP_DIR##*/}" STACK_DIR="$DEST/${TOP_DIR##*/}"
cp -r -f -T "$TOP_DIR" "$STACK_DIR" cp -r -f -T "$TOP_DIR" "$STACK_DIR"
chown -R stack "$STACK_DIR" chown -R $STACK_USER "$STACK_DIR"
cd "$STACK_DIR"
if [[ "$SHELL_AFTER_RUN" != "no" ]]; then if [[ "$SHELL_AFTER_RUN" != "no" ]]; then
exec su -c "set -e; cd $STACK_DIR; bash stack.sh; bash" stack exec sudo -u $STACK_USER bash -l -c "set -e; bash stack.sh; bash"
else else
exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack exec sudo -u $STACK_USER bash -l -c "set -e; source stack.sh"
fi fi
exit 1 exit 1
else else
STACK_USER=`whoami`
# We're not **root**, make sure ``sudo`` is available # We're not **root**, make sure ``sudo`` is available
is_package_installed sudo || die "Sudo is required. Re-run stack.sh as root ONE TIME ONLY to set up sudo." is_package_installed sudo || die "Sudo is required. Re-run stack.sh as root ONE TIME ONLY to set up sudo."
@@ -220,10 +223,10 @@ else
# Set up devstack sudoers # Set up devstack sudoers
TEMPFILE=`mktemp` TEMPFILE=`mktemp`
echo "`whoami` ALL=(root) NOPASSWD:ALL" >$TEMPFILE echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
# Some binaries might be under /sbin or /usr/sbin, so make sure sudo will # Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
# see them by forcing PATH # see them by forcing PATH
echo "Defaults:`whoami` secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
chmod 0440 $TEMPFILE chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
@@ -235,7 +238,7 @@ fi
# Create the destination directory and ensure it is writable by the user # Create the destination directory and ensure it is writable by the user
sudo mkdir -p $DEST sudo mkdir -p $DEST
if [ ! -w $DEST ]; then if [ ! -w $DEST ]; then
sudo chown `whoami` $DEST sudo chown $STACK_USER $DEST
fi fi
# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without # Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
@@ -251,7 +254,7 @@ ERROR_ON_CLONE=`trueorfalse False $ERROR_ON_CLONE`
# Destination path for service data # Destination path for service data
DATA_DIR=${DATA_DIR:-${DEST}/data} DATA_DIR=${DATA_DIR:-${DEST}/data}
sudo mkdir -p $DATA_DIR sudo mkdir -p $DATA_DIR
sudo chown `whoami` $DATA_DIR sudo chown $STACK_USER $DATA_DIR
# Common Configuration # Common Configuration

3
stackrc
View File

@@ -12,6 +12,9 @@ DATA_DIR=${DEST}/data
# Select the default database # Select the default database
DATABASE_TYPE=mysql DATABASE_TYPE=mysql
# Default stack user
DEFAULT_STACK_USER=stack
# Specify which services to launch. These generally correspond to # Specify which services to launch. These generally correspond to
# screen tabs. To change the default list, use the ``enable_service`` and # screen tabs. To change the default list, use the ``enable_service`` and
# ``disable_service`` functions in ``localrc``. # ``disable_service`` functions in ``localrc``.

12
tools/build_ramdisk.sh
View File

@@ -125,17 +125,17 @@ if [ ! -r $DEV_FILE ]; then
# Create a stack user that is a member of the libvirtd group so that stack # Create a stack user that is a member of the libvirtd group so that stack
# is able to interact with libvirt. # is able to interact with libvirt.
chroot $MNTDIR groupadd libvirtd chroot $MNTDIR groupadd libvirtd
chroot $MNTDIR useradd stack -s /bin/bash -d $DEST -G libvirtd chroot $MNTDIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd
mkdir -p $MNTDIR/$DEST mkdir -p $MNTDIR/$DEST
chroot $MNTDIR chown stack $DEST chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST
# A simple password - pass # A simple password - pass
echo stack:pass | chroot $MNTDIR chpasswd echo $DEFAULT_STACK_USER:pass | chroot $MNTDIR chpasswd
echo root:$ROOT_PASSWORD | chroot $MNTDIR chpasswd echo root:$ROOT_PASSWORD | chroot $MNTDIR chpasswd
# And has sudo ability (in the future this should be limited to only what # And has sudo ability (in the future this should be limited to only what
# stack requires) # stack requires)
echo "stack ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers
umount $MNTDIR umount $MNTDIR
rmdir $MNTDIR rmdir $MNTDIR
@@ -187,7 +187,7 @@ git_clone $OPENSTACKX_REPO $DEST/openstackx $OPENSTACKX_BRANCH
# Use this version of devstack # Use this version of devstack
rm -rf $MNTDIR/$DEST/devstack rm -rf $MNTDIR/$DEST/devstack
cp -pr $CWD $MNTDIR/$DEST/devstack cp -pr $CWD $MNTDIR/$DEST/devstack
chroot $MNTDIR chown -R stack $DEST/devstack chroot $MNTDIR chown -R $DEFAULT_STACK_USER $DEST/devstack
# Configure host network for DHCP # Configure host network for DHCP
mkdir -p $MNTDIR/etc/network mkdir -p $MNTDIR/etc/network
@@ -225,7 +225,7 @@ EOF
# Make the run.sh executable # Make the run.sh executable
chmod 755 $RUN_SH chmod 755 $RUN_SH
chroot $MNTDIR chown stack $DEST/run.sh chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST/run.sh
umount $MNTDIR umount $MNTDIR
rmdir $MNTDIR rmdir $MNTDIR

8
tools/build_uec.sh
View File

@@ -207,11 +207,11 @@ ROOTSLEEP=0
`cat $TOP_DIR/localrc` `cat $TOP_DIR/localrc`
LOCAL_EOF LOCAL_EOF
fi fi
useradd -U -G sudo -s /bin/bash -d /opt/stack -m stack useradd -U -G sudo -s /bin/bash -d /opt/stack -m $DEFAULT_STACK_USER
echo stack:pass | chpasswd echo $DEFAULT_STACK_USER:pass | chpasswd
mkdir -p /opt/stack/.ssh mkdir -p /opt/stack/.ssh
echo "$PUB_KEY" > /opt/stack/.ssh/authorized_keys echo "$PUB_KEY" > /opt/stack/.ssh/authorized_keys
chown -R stack /opt/stack chown -R $DEFAULT_STACK_USER /opt/stack
chmod 700 /opt/stack/.ssh chmod 700 /opt/stack/.ssh
chmod 600 /opt/stack/.ssh/authorized_keys chmod 600 /opt/stack/.ssh/authorized_keys
@@ -224,7 +224,7 @@ fi
# Run stack.sh # Run stack.sh
cat >> $vm_dir/uec/user-data<<EOF cat >> $vm_dir/uec/user-data<<EOF
su -c "cd /opt/stack/devstack && ./stack.sh" stack sudo -u $DEFAULT_STACK_USER bash -l -c "cd /opt/stack/devstack && ./stack.sh"
EOF EOF
# (re)start a metadata service # (re)start a metadata service

11
tools/copy_dev_environment_to_uec.sh
View File

@@ -18,6 +18,9 @@ TOP_DIR=$(cd $TOOLS_DIR/..; pwd)
# Change dir to top of devstack # Change dir to top of devstack
cd $TOP_DIR cd $TOP_DIR
# Source params
source ./stackrc
# Echo usage # Echo usage
usage() { usage() {
echo "Add stack user and keys" echo "Add stack user and keys"
@@ -43,13 +46,13 @@ mkdir -p $STAGING_DIR/$DEST
# Create a stack user that is a member of the libvirtd group so that stack # Create a stack user that is a member of the libvirtd group so that stack
# is able to interact with libvirt. # is able to interact with libvirt.
chroot $STAGING_DIR groupadd libvirtd || true chroot $STAGING_DIR groupadd libvirtd || true
chroot $STAGING_DIR useradd stack -s /bin/bash -d $DEST -G libvirtd || true chroot $STAGING_DIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd || true
# Add a simple password - pass # Add a simple password - pass
echo stack:pass | chroot $STAGING_DIR chpasswd echo $DEFAULT_STACK_USER:pass | chroot $STAGING_DIR chpasswd
# Configure sudo # Configure sudo
( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \ ( umask 226 && echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD:ALL" \
> $STAGING_DIR/etc/sudoers.d/50_stack_sh ) > $STAGING_DIR/etc/sudoers.d/50_stack_sh )
# Copy over your ssh keys and env if desired # Copy over your ssh keys and env if desired
@@ -64,7 +67,7 @@ rm -rf $STAGING_DIR/$DEST/devstack
cp_it . $STAGING_DIR/$DEST/devstack cp_it . $STAGING_DIR/$DEST/devstack
# Give stack ownership over $DEST so it may do the work needed # Give stack ownership over $DEST so it may do the work needed
chroot $STAGING_DIR chown -R stack $DEST chroot $STAGING_DIR chown -R $DEFAULT_STACK_USER $DEST
# Unmount # Unmount
umount $STAGING_DIR umount $STAGING_DIR

4
tools/xen/build_xva.sh
View File

@@ -65,8 +65,8 @@ cd $TOP_DIR
cat <<EOF >$STAGING_DIR/etc/rc.local cat <<EOF >$STAGING_DIR/etc/rc.local
# network restart required for getting the right gateway # network restart required for getting the right gateway
/etc/init.d/networking restart /etc/init.d/networking restart
chown -R stack /opt/stack chown -R $DEFAULT_STACK_USER /opt/stack
su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" stack su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" $DEFAULT_STACK_USER
exit 0 exit 0
EOF EOF

9
tools/xen/prepare_guest.sh
View File

@@ -19,6 +19,7 @@ GUEST_PASSWORD=${GUEST_PASSWORD:-secrete}
STAGING_DIR=${STAGING_DIR:-stage} STAGING_DIR=${STAGING_DIR:-stage}
DO_TGZ=${DO_TGZ:-1} DO_TGZ=${DO_TGZ:-1}
XS_TOOLS_PATH=${XS_TOOLS_PATH:-"/root/xs-tools.deb"} XS_TOOLS_PATH=${XS_TOOLS_PATH:-"/root/xs-tools.deb"}
STACK_USER=${STACK_USER:-stack}
# Install basics # Install basics
chroot $STAGING_DIR apt-get update chroot $STAGING_DIR apt-get update
@@ -46,12 +47,12 @@ rm -f $STAGING_DIR/etc/localtime
# Add stack user # Add stack user
chroot $STAGING_DIR groupadd libvirtd chroot $STAGING_DIR groupadd libvirtd
chroot $STAGING_DIR useradd stack -s /bin/bash -d /opt/stack -G libvirtd chroot $STAGING_DIR useradd $STACK_USER -s /bin/bash -d /opt/stack -G libvirtd
echo stack:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd echo $STACK_USER:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd
echo "stack ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers echo "$STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers
# Give ownership of /opt/stack to stack user # Give ownership of /opt/stack to stack user
chroot $STAGING_DIR chown -R stack /opt/stack chroot $STAGING_DIR chown -R $STACK_USER /opt/stack
# Make our ip address hostnames look nice at the command prompt # Make our ip address hostnames look nice at the command prompt
echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $STAGING_DIR/opt/stack/.bashrc echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $STAGING_DIR/opt/stack/.bashrc