Merge "Make use of STACK_USER instead of relying on USER"

This commit is contained in:
Jenkins 2013-11-22 13:47:12 +00:00 committed by Gerrit Code Review
commit e2ebd2315e
7 changed files with 24 additions and 18 deletions

View File

@ -4,6 +4,10 @@
# Dependencies:
#
# - ``functions`` file
# -``STACK_USER`` must be defined
# lib/apache exports the following functions:
#
# - is_apache_enabled_service
# - install_apache_wsgi
# - config_apache_wsgi
@ -19,7 +23,7 @@ set +o xtrace
# Allow overriding the default Apache user and group, default to
# current user and his default group.
APACHE_USER=${APACHE_USER:-$USER}
APACHE_USER=${APACHE_USER:-$STACK_USER}
APACHE_GROUP=${APACHE_GROUP:-$(id -gn $APACHE_USER)}

View File

@ -67,10 +67,10 @@ function configure_ceilometer() {
setup_develop $CEILOMETER_DIR
[ ! -d $CEILOMETER_CONF_DIR ] && sudo mkdir -m 755 -p $CEILOMETER_CONF_DIR
sudo chown $USER $CEILOMETER_CONF_DIR
sudo chown $STACK_USER $CEILOMETER_CONF_DIR
[ ! -d $CEILOMETER_API_LOG_DIR ] && sudo mkdir -m 755 -p $CEILOMETER_API_LOG_DIR
sudo chown $USER $CEILOMETER_API_LOG_DIR
sudo chown $STACK_USER $CEILOMETER_API_LOG_DIR
iniset_rpc_backend ceilometer $CEILOMETER_CONF DEFAULT

View File

@ -199,7 +199,7 @@ function configure_cinder() {
fi
TEMPFILE=`mktemp`
echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_CINDER_SUDOER_CMD" >$TEMPFILE
echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_CINDER_SUDOER_CMD" >$TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/cinder-rootwrap

View File

@ -4,6 +4,7 @@
# Dependencies:
# ``functions`` file
# ``DEST`` must be defined
# ``STACK_USER`` must be defined
# ``stack.sh`` calls the entry points in this order:
#
@ -730,7 +731,7 @@ function _neutron_setup_rootwrap() {
# Set up the rootwrap sudoers for neutron
TEMPFILE=`mktemp`
echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/neutron-rootwrap

View File

@ -195,7 +195,7 @@ function configure_nova_rootwrap() {
# Set up the rootwrap sudoers for nova
TEMPFILE=`mktemp`
echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap

View File

@ -7,6 +7,7 @@
# Dependencies:
# ``functions`` file
# ``nova`` configuration
# ``STACK_USER`` has to be defined
# install_nova_hypervisor - install any external requirements
# configure_nova_hypervisor - make configuration changes, including those to other services
@ -68,7 +69,7 @@ EOF"
# with 'unix-group:$group'.
sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[libvirt Management Access]
Identity=unix-user:$USER
Identity=unix-user:$STACK_USER
Action=org.libvirt.unix.manage
ResultAny=yes
ResultInactive=yes

View File

@ -225,7 +225,7 @@ function configure_swift() {
swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
sudo mkdir -p ${SWIFT_CONF_DIR}/{object,container,account}-server
sudo chown -R $USER: ${SWIFT_CONF_DIR}
sudo chown -R ${STACK_USER}: ${SWIFT_CONF_DIR}
if [[ "$SWIFT_CONF_DIR" != "/etc/swift" ]]; then
# Some swift tools are hard-coded to use ``/etc/swift`` and are apparently not going to be fixed.
@ -238,7 +238,7 @@ function configure_swift() {
# setup) we configure it with our version of rsync.
sed -e "
s/%GROUP%/${USER_GROUP}/;
s/%USER%/$USER/;
s/%USER%/${STACK_USER}/;
s,%SWIFT_DATA_DIR%,$SWIFT_DATA_DIR,;
" $FILES/swift/rsyncd.conf | sudo tee /etc/rsyncd.conf
# rsyncd.conf just prepared for 4 nodes
@ -252,7 +252,7 @@ function configure_swift() {
cp ${SWIFT_DIR}/etc/proxy-server.conf-sample ${SWIFT_CONFIG_PROXY_SERVER}
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${USER}
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${STACK_USER}
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir ${SWIFT_CONF_DIR}
@ -348,7 +348,7 @@ EOF
node_path=${SWIFT_DATA_DIR}/${node_number}
iniuncomment ${swift_node_config} DEFAULT user
iniset ${swift_node_config} DEFAULT user ${USER}
iniset ${swift_node_config} DEFAULT user ${STACK_USER}
iniuncomment ${swift_node_config} DEFAULT bind_port
iniset ${swift_node_config} DEFAULT bind_port ${bind_port}
@ -419,7 +419,7 @@ EOF
swift_log_dir=${SWIFT_DATA_DIR}/logs
rm -rf ${swift_log_dir}
mkdir -p ${swift_log_dir}/hourly
sudo chown -R $USER:adm ${swift_log_dir}
sudo chown -R ${STACK_USER}:adm ${swift_log_dir}
sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf | sudo \
tee /etc/rsyslog.d/10-swift.conf
if is_apache_enabled_service swift; then
@ -434,9 +434,9 @@ function create_swift_disk() {
# First do a bit of setup by creating the directories and
# changing the permissions so we can run it as our user.
USER_GROUP=$(id -g)
USER_GROUP=$(id -g ${STACK_USER})
sudo mkdir -p ${SWIFT_DATA_DIR}/{drives,cache,run,logs}
sudo chown -R $USER:${USER_GROUP} ${SWIFT_DATA_DIR}
sudo chown -R ${STACK_USER}:${USER_GROUP} ${SWIFT_DATA_DIR}
# Create a loopback disk and format it to XFS.
if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
@ -448,7 +448,7 @@ function create_swift_disk() {
mkdir -p ${SWIFT_DATA_DIR}/drives/images
sudo touch ${SWIFT_DISK_IMAGE}
sudo chown $USER: ${SWIFT_DISK_IMAGE}
sudo chown ${STACK_USER}: ${SWIFT_DISK_IMAGE}
truncate -s ${SWIFT_LOOPBACK_DISK_SIZE} ${SWIFT_DISK_IMAGE}
@ -471,9 +471,9 @@ function create_swift_disk() {
node_device=${node}/sdb1
[[ -d $node ]] && continue
[[ -d $drive ]] && continue
sudo install -o ${USER} -g $USER_GROUP -d $drive
sudo install -o ${USER} -g $USER_GROUP -d $node_device
sudo chown -R $USER: ${node}
sudo install -o ${STACK_USER} -g $USER_GROUP -d $drive
sudo install -o ${STACK_USER} -g $USER_GROUP -d $node_device
sudo chown -R ${STACK_USER}: ${node}
done
}
# create_swift_accounts() - Set up standard swift accounts and extra