openstack/devstack
Code Issues Proposed changes

Merge "Make use of STACK_USER instead of relying on USER"

Browse Source
This commit is contained in:
Jenkins 2013-11-22 13:47:12 +00:00 committed by Gerrit Code Review
commit e2ebd2315e
7 changed files with 24 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
lib/apache
View File

@ -4,6 +4,10 @@
# Dependencies: # Dependencies:
# #
# - ``functions`` file # - ``functions`` file
# -``STACK_USER`` must be defined
# lib/apache exports the following functions:
#
# - is_apache_enabled_service # - is_apache_enabled_service
# - install_apache_wsgi # - install_apache_wsgi
# - config_apache_wsgi # - config_apache_wsgi
@ -19,7 +23,7 @@ set +o xtrace
# Allow overriding the default Apache user and group, default to # Allow overriding the default Apache user and group, default to
# current user and his default group. # current user and his default group.
APACHE_USER=${APACHE_USER:-$USER} APACHE_USER=${APACHE_USER:-$STACK_USER}
APACHE_GROUP=${APACHE_GROUP:-$(id -gn $APACHE_USER)} APACHE_GROUP=${APACHE_GROUP:-$(id -gn $APACHE_USER)}

4
lib/ceilometer
View File

@ -67,10 +67,10 @@ function configure_ceilometer() {
setup_develop $CEILOMETER_DIR setup_develop $CEILOMETER_DIR
[ ! -d $CEILOMETER_CONF_DIR ] && sudo mkdir -m 755 -p $CEILOMETER_CONF_DIR [ ! -d $CEILOMETER_CONF_DIR ] && sudo mkdir -m 755 -p $CEILOMETER_CONF_DIR
sudo chown $USER $CEILOMETER_CONF_DIR sudo chown $STACK_USER $CEILOMETER_CONF_DIR
[ ! -d $CEILOMETER_API_LOG_DIR ] && sudo mkdir -m 755 -p $CEILOMETER_API_LOG_DIR [ ! -d $CEILOMETER_API_LOG_DIR ] && sudo mkdir -m 755 -p $CEILOMETER_API_LOG_DIR
sudo chown $USER $CEILOMETER_API_LOG_DIR sudo chown $STACK_USER $CEILOMETER_API_LOG_DIR
iniset_rpc_backend ceilometer $CEILOMETER_CONF DEFAULT iniset_rpc_backend ceilometer $CEILOMETER_CONF DEFAULT

2
lib/cinder
View File

@ -199,7 +199,7 @@ function configure_cinder() {
fi fi
TEMPFILE=`mktemp` TEMPFILE=`mktemp`
echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_CINDER_SUDOER_CMD" >$TEMPFILE echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_CINDER_SUDOER_CMD" >$TEMPFILE
chmod 0440 $TEMPFILE chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/cinder-rootwrap sudo mv $TEMPFILE /etc/sudoers.d/cinder-rootwrap

3
lib/neutron
View File

@ -4,6 +4,7 @@
# Dependencies: # Dependencies:
# ``functions`` file # ``functions`` file
# ``DEST`` must be defined # ``DEST`` must be defined
# ``STACK_USER`` must be defined
# ``stack.sh`` calls the entry points in this order: # ``stack.sh`` calls the entry points in this order:
# #
@ -730,7 +731,7 @@ function _neutron_setup_rootwrap() {
# Set up the rootwrap sudoers for neutron # Set up the rootwrap sudoers for neutron
TEMPFILE=`mktemp` TEMPFILE=`mktemp`
echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
chmod 0440 $TEMPFILE chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/neutron-rootwrap sudo mv $TEMPFILE /etc/sudoers.d/neutron-rootwrap

2
lib/nova
View File

@ -195,7 +195,7 @@ function configure_nova_rootwrap() {
# Set up the rootwrap sudoers for nova # Set up the rootwrap sudoers for nova
TEMPFILE=`mktemp` TEMPFILE=`mktemp`
echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE
chmod 0440 $TEMPFILE chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap

3
lib/nova_plugins/hypervisor-libvirt
View File

@ -7,6 +7,7 @@
# Dependencies: # Dependencies:
# ``functions`` file # ``functions`` file
# ``nova`` configuration # ``nova`` configuration
# ``STACK_USER`` has to be defined
# install_nova_hypervisor - install any external requirements # install_nova_hypervisor - install any external requirements
# configure_nova_hypervisor - make configuration changes, including those to other services # configure_nova_hypervisor - make configuration changes, including those to other services
@ -68,7 +69,7 @@ EOF"
# with 'unix-group:$group'. # with 'unix-group:$group'.
sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[libvirt Management Access] [libvirt Management Access]
Identity=unix-user:$USER Identity=unix-user:$STACK_USER
Action=org.libvirt.unix.manage Action=org.libvirt.unix.manage
ResultAny=yes ResultAny=yes
ResultInactive=yes ResultInactive=yes

22
lib/swift
View File

@ -225,7 +225,7 @@ function configure_swift() {
swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
sudo mkdir -p ${SWIFT_CONF_DIR}/{object,container,account}-server sudo mkdir -p ${SWIFT_CONF_DIR}/{object,container,account}-server
sudo chown -R $USER: ${SWIFT_CONF_DIR} sudo chown -R ${STACK_USER}: ${SWIFT_CONF_DIR}
if [[ "$SWIFT_CONF_DIR" != "/etc/swift" ]]; then if [[ "$SWIFT_CONF_DIR" != "/etc/swift" ]]; then
# Some swift tools are hard-coded to use ``/etc/swift`` and are apparently not going to be fixed. # Some swift tools are hard-coded to use ``/etc/swift`` and are apparently not going to be fixed.
@ -238,7 +238,7 @@ function configure_swift() {
# setup) we configure it with our version of rsync. # setup) we configure it with our version of rsync.
sed -e " sed -e "
s/%GROUP%/${USER_GROUP}/; s/%GROUP%/${USER_GROUP}/;
s/%USER%/$USER/; s/%USER%/${STACK_USER}/;
s,%SWIFT_DATA_DIR%,$SWIFT_DATA_DIR,; s,%SWIFT_DATA_DIR%,$SWIFT_DATA_DIR,;
" $FILES/swift/rsyncd.conf | sudo tee /etc/rsyncd.conf " $FILES/swift/rsyncd.conf | sudo tee /etc/rsyncd.conf
# rsyncd.conf just prepared for 4 nodes # rsyncd.conf just prepared for 4 nodes
@ -252,7 +252,7 @@ function configure_swift() {
cp ${SWIFT_DIR}/etc/proxy-server.conf-sample ${SWIFT_CONFIG_PROXY_SERVER} cp ${SWIFT_DIR}/etc/proxy-server.conf-sample ${SWIFT_CONFIG_PROXY_SERVER}
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${USER} iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${STACK_USER}
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir ${SWIFT_CONF_DIR} iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir ${SWIFT_CONF_DIR}
@ -348,7 +348,7 @@ EOF
node_path=${SWIFT_DATA_DIR}/${node_number} node_path=${SWIFT_DATA_DIR}/${node_number}
iniuncomment ${swift_node_config} DEFAULT user iniuncomment ${swift_node_config} DEFAULT user
iniset ${swift_node_config} DEFAULT user ${USER} iniset ${swift_node_config} DEFAULT user ${STACK_USER}
iniuncomment ${swift_node_config} DEFAULT bind_port iniuncomment ${swift_node_config} DEFAULT bind_port
iniset ${swift_node_config} DEFAULT bind_port ${bind_port} iniset ${swift_node_config} DEFAULT bind_port ${bind_port}
@ -419,7 +419,7 @@ EOF
swift_log_dir=${SWIFT_DATA_DIR}/logs swift_log_dir=${SWIFT_DATA_DIR}/logs
rm -rf ${swift_log_dir} rm -rf ${swift_log_dir}
mkdir -p ${swift_log_dir}/hourly mkdir -p ${swift_log_dir}/hourly
sudo chown -R $USER:adm ${swift_log_dir} sudo chown -R ${STACK_USER}:adm ${swift_log_dir}
sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf | sudo \ sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf | sudo \
tee /etc/rsyslog.d/10-swift.conf tee /etc/rsyslog.d/10-swift.conf
if is_apache_enabled_service swift; then if is_apache_enabled_service swift; then
@ -434,9 +434,9 @@ function create_swift_disk() {
# First do a bit of setup by creating the directories and # First do a bit of setup by creating the directories and
# changing the permissions so we can run it as our user. # changing the permissions so we can run it as our user.
USER_GROUP=$(id -g) USER_GROUP=$(id -g ${STACK_USER})
sudo mkdir -p ${SWIFT_DATA_DIR}/{drives,cache,run,logs} sudo mkdir -p ${SWIFT_DATA_DIR}/{drives,cache,run,logs}
sudo chown -R $USER:${USER_GROUP} ${SWIFT_DATA_DIR} sudo chown -R ${STACK_USER}:${USER_GROUP} ${SWIFT_DATA_DIR}
# Create a loopback disk and format it to XFS. # Create a loopback disk and format it to XFS.
if [[ -e ${SWIFT_DISK_IMAGE} ]]; then if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
@ -448,7 +448,7 @@ function create_swift_disk() {
mkdir -p ${SWIFT_DATA_DIR}/drives/images mkdir -p ${SWIFT_DATA_DIR}/drives/images
sudo touch ${SWIFT_DISK_IMAGE} sudo touch ${SWIFT_DISK_IMAGE}
sudo chown $USER: ${SWIFT_DISK_IMAGE} sudo chown ${STACK_USER}: ${SWIFT_DISK_IMAGE}
truncate -s ${SWIFT_LOOPBACK_DISK_SIZE} ${SWIFT_DISK_IMAGE} truncate -s ${SWIFT_LOOPBACK_DISK_SIZE} ${SWIFT_DISK_IMAGE}
@ -471,9 +471,9 @@ function create_swift_disk() {
node_device=${node}/sdb1 node_device=${node}/sdb1
[[ -d $node ]] && continue [[ -d $node ]] && continue
[[ -d $drive ]] && continue [[ -d $drive ]] && continue
sudo install -o ${USER} -g $USER_GROUP -d $drive sudo install -o ${STACK_USER} -g $USER_GROUP -d $drive
sudo install -o ${USER} -g $USER_GROUP -d $node_device sudo install -o ${STACK_USER} -g $USER_GROUP -d $node_device
sudo chown -R $USER: ${node} sudo chown -R ${STACK_USER}: ${node}
done done
} }
# create_swift_accounts() - Set up standard swift accounts and extra # create_swift_accounts() - Set up standard swift accounts and extra