Merge "Fix "sudo: sorry, you must have a tty to run sudo""

This commit is contained in:
Jenkins 2013-01-12 20:35:13 +00:00 committed by Gerrit Code Review
commit fec9355fd2
17 changed files with 72 additions and 59 deletions

View File

@ -200,14 +200,14 @@ function configure_baremetal_nova_dirs() {
sudo mkdir -p /tftpboot sudo mkdir -p /tftpboot
sudo mkdir -p /tftpboot/pxelinux.cfg sudo mkdir -p /tftpboot/pxelinux.cfg
sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot/ sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
sudo chown -R `whoami`:libvirtd /tftpboot sudo chown -R $STACK_USER:libvirtd /tftpboot
# ensure $NOVA_STATE_PATH/baremetal is prepared # ensure $NOVA_STATE_PATH/baremetal is prepared
sudo mkdir -p $NOVA_STATE_PATH/baremetal sudo mkdir -p $NOVA_STATE_PATH/baremetal
sudo mkdir -p $NOVA_STATE_PATH/baremetal/console sudo mkdir -p $NOVA_STATE_PATH/baremetal/console
sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq
sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host
sudo chown -R `whoami` $NOVA_STATE_PATH/baremetal sudo chown -R $STACK_USER $NOVA_STATE_PATH/baremetal
# ensure dnsmasq is installed but not running # ensure dnsmasq is installed but not running
# because baremetal driver will reconfigure and restart this as needed # because baremetal driver will reconfigure and restart this as needed

View File

@ -9,6 +9,7 @@
# - OS_AUTH_URL for auth in api # - OS_AUTH_URL for auth in api
# - DEST set to the destination directory # - DEST set to the destination directory
# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api # - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
# - STACK_USER service user
# stack.sh # stack.sh
# --------- # ---------
@ -94,7 +95,7 @@ function configure_ceilometer() {
function init_ceilometer() { function init_ceilometer() {
# Create cache dir # Create cache dir
sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR
sudo chown `whoami` $CEILOMETER_AUTH_CACHE_DIR sudo chown $STACK_USER $CEILOMETER_AUTH_CACHE_DIR
rm -f $CEILOMETER_AUTH_CACHE_DIR/* rm -f $CEILOMETER_AUTH_CACHE_DIR/*
} }

View File

@ -3,7 +3,7 @@
# Dependencies: # Dependencies:
# - functions # - functions
# - DEST, DATA_DIR must be defined # - DEST, DATA_DIR, STACK_USER must be defined
# SERVICE_{TENANT_NAME|PASSWORD} must be defined # SERVICE_{TENANT_NAME|PASSWORD} must be defined
# ``KEYSTONE_TOKEN_FORMAT`` must be defined # ``KEYSTONE_TOKEN_FORMAT`` must be defined
@ -116,7 +116,7 @@ function configure_cinder() {
if [[ ! -d $CINDER_CONF_DIR ]]; then if [[ ! -d $CINDER_CONF_DIR ]]; then
sudo mkdir -p $CINDER_CONF_DIR sudo mkdir -p $CINDER_CONF_DIR
fi fi
sudo chown `whoami` $CINDER_CONF_DIR sudo chown $STACK_USER $CINDER_CONF_DIR
cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR
@ -306,7 +306,7 @@ function init_cinder() {
# Create cache dir # Create cache dir
sudo mkdir -p $CINDER_AUTH_CACHE_DIR sudo mkdir -p $CINDER_AUTH_CACHE_DIR
sudo chown `whoami` $CINDER_AUTH_CACHE_DIR sudo chown $STACK_USER $CINDER_AUTH_CACHE_DIR
rm -f $CINDER_AUTH_CACHE_DIR/* rm -f $CINDER_AUTH_CACHE_DIR/*
} }

View File

@ -3,7 +3,7 @@
# Dependencies: # Dependencies:
# ``functions`` file # ``functions`` file
# ``DEST``, ``DATA_DIR`` must be defined # ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined # ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``SERVICE_HOST`` # ``SERVICE_HOST``
# ``KEYSTONE_TOKEN_FORMAT`` must be defined # ``KEYSTONE_TOKEN_FORMAT`` must be defined
@ -75,7 +75,7 @@ function configure_glance() {
if [[ ! -d $GLANCE_CONF_DIR ]]; then if [[ ! -d $GLANCE_CONF_DIR ]]; then
sudo mkdir -p $GLANCE_CONF_DIR sudo mkdir -p $GLANCE_CONF_DIR
fi fi
sudo chown `whoami` $GLANCE_CONF_DIR sudo chown $STACK_USER $GLANCE_CONF_DIR
# Copy over our glance configurations and update them # Copy over our glance configurations and update them
cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
@ -158,10 +158,10 @@ function init_glance() {
# Create cache dir # Create cache dir
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/api
rm -f $GLANCE_AUTH_CACHE_DIR/api/* rm -f $GLANCE_AUTH_CACHE_DIR/api/*
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/registry
rm -f $GLANCE_AUTH_CACHE_DIR/registry/* rm -f $GLANCE_AUTH_CACHE_DIR/registry/*
} }

View File

@ -49,7 +49,7 @@ function configure_heat() {
if [[ ! -d $HEAT_CONF_DIR ]]; then if [[ ! -d $HEAT_CONF_DIR ]]; then
sudo mkdir -p $HEAT_CONF_DIR sudo mkdir -p $HEAT_CONF_DIR
fi fi
sudo chown `whoami` $HEAT_CONF_DIR sudo chown $STACK_USER $HEAT_CONF_DIR
HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$SERVICE_HOST} HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$SERVICE_HOST}
HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000} HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}

View File

@ -7,6 +7,7 @@
# ``SERVICE_HOST``, ``SERVICE_PROTOCOL`` # ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
# ``SERVICE_TOKEN`` # ``SERVICE_TOKEN``
# ``S3_SERVICE_PORT`` (template backend only) # ``S3_SERVICE_PORT`` (template backend only)
# ``STACK_USER``
# ``stack.sh`` calls the entry points in this order: # ``stack.sh`` calls the entry points in this order:
# #
@ -79,7 +80,7 @@ function configure_keystone() {
if [[ ! -d $KEYSTONE_CONF_DIR ]]; then if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
sudo mkdir -p $KEYSTONE_CONF_DIR sudo mkdir -p $KEYSTONE_CONF_DIR
fi fi
sudo chown `whoami` $KEYSTONE_CONF_DIR sudo chown $STACK_USER $KEYSTONE_CONF_DIR
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
@ -261,7 +262,7 @@ function init_keystone() {
# Create cache dir # Create cache dir
sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR sudo chown $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
rm -f $KEYSTONE_AUTH_CACHE_DIR/* rm -f $KEYSTONE_AUTH_CACHE_DIR/*
fi fi
} }

View File

@ -3,7 +3,7 @@
# Dependencies: # Dependencies:
# ``functions`` file # ``functions`` file
# ``DEST``, ``DATA_DIR`` must be defined # ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined # ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``LIBVIRT_TYPE`` must be defined # ``LIBVIRT_TYPE`` must be defined
# ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined # ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
@ -149,7 +149,7 @@ function configure_nova() {
if [[ ! -d $NOVA_CONF_DIR ]]; then if [[ ! -d $NOVA_CONF_DIR ]]; then
sudo mkdir -p $NOVA_CONF_DIR sudo mkdir -p $NOVA_CONF_DIR
fi fi
sudo chown `whoami` $NOVA_CONF_DIR sudo chown $STACK_USER $NOVA_CONF_DIR
cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
@ -277,7 +277,7 @@ EOF"
if ! getent group libvirtd >/dev/null; then if ! getent group libvirtd >/dev/null; then
sudo groupadd libvirtd sudo groupadd libvirtd
fi fi
add_user_to_group `whoami` libvirtd add_user_to_group $STACK_USER libvirtd
# libvirt detects various settings on startup, as we potentially changed # libvirt detects various settings on startup, as we potentially changed
# the system configuration (modules, filesystems), we need to restart # the system configuration (modules, filesystems), we need to restart
@ -297,7 +297,7 @@ EOF"
if [ -L /dev/disk/by-label/nova-instances ]; then if [ -L /dev/disk/by-label/nova-instances ]; then
if ! mount -n | grep -q $NOVA_INSTANCES_PATH; then if ! mount -n | grep -q $NOVA_INSTANCES_PATH; then
sudo mount -L nova-instances $NOVA_INSTANCES_PATH sudo mount -L nova-instances $NOVA_INSTANCES_PATH
sudo chown -R `whoami` $NOVA_INSTANCES_PATH sudo chown -R $STACK_USER $NOVA_INSTANCES_PATH
fi fi
fi fi
@ -474,13 +474,13 @@ function init_nova() {
# Create cache dir # Create cache dir
sudo mkdir -p $NOVA_AUTH_CACHE_DIR sudo mkdir -p $NOVA_AUTH_CACHE_DIR
sudo chown `whoami` $NOVA_AUTH_CACHE_DIR sudo chown $STACK_USER $NOVA_AUTH_CACHE_DIR
rm -f $NOVA_AUTH_CACHE_DIR/* rm -f $NOVA_AUTH_CACHE_DIR/*
# Create the keys folder # Create the keys folder
sudo mkdir -p ${NOVA_STATE_PATH}/keys sudo mkdir -p ${NOVA_STATE_PATH}/keys
# make sure we own NOVA_STATE_PATH and all subdirs # make sure we own NOVA_STATE_PATH and all subdirs
sudo chown -R `whoami` ${NOVA_STATE_PATH} sudo chown -R $STACK_USER ${NOVA_STATE_PATH}
} }
# install_novaclient() - Collect source and prepare # install_novaclient() - Collect source and prepare

View File

@ -390,7 +390,7 @@ function _configure_quantum_common() {
if [[ ! -d $QUANTUM_CONF_DIR ]]; then if [[ ! -d $QUANTUM_CONF_DIR ]]; then
sudo mkdir -p $QUANTUM_CONF_DIR sudo mkdir -p $QUANTUM_CONF_DIR
fi fi
sudo chown `whoami` $QUANTUM_CONF_DIR sudo chown $STACK_USER $QUANTUM_CONF_DIR
cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF
@ -742,7 +742,7 @@ function _quantum_setup_keystone() {
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
# Create cache dir # Create cache dir
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR sudo chown $STACK_USER $QUANTUM_AUTH_CACHE_DIR
rm -f $QUANTUM_AUTH_CACHE_DIR/* rm -f $QUANTUM_AUTH_CACHE_DIR/*
} }

View File

@ -27,7 +27,7 @@ function init_ryu() {
if [[ ! -d $RYU_CONF_DIR ]]; then if [[ ! -d $RYU_CONF_DIR ]]; then
sudo mkdir -p $RYU_CONF_DIR sudo mkdir -p $RYU_CONF_DIR
fi fi
sudo chown `whoami` $RYU_CONF_DIR sudo chown $STACK_USER $RYU_CONF_DIR
RYU_CONF=$RYU_CONF_DIR/ryu.conf RYU_CONF=$RYU_CONF_DIR/ryu.conf
sudo rm -rf $RYU_CONF sudo rm -rf $RYU_CONF

View File

@ -4,6 +4,7 @@
# Dependencies: # Dependencies:
# ``functions`` file # ``functions`` file
# ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined # ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined
# ``STACK_USER`` must be defined
# ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined # ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined
# ``lib/keystone`` file # ``lib/keystone`` file
# ``stack.sh`` calls the entry points in this order: # ``stack.sh`` calls the entry points in this order:
@ -333,7 +334,7 @@ function init_swift() {
# Create cache dir # Create cache dir
sudo mkdir -p $SWIFT_AUTH_CACHE_DIR sudo mkdir -p $SWIFT_AUTH_CACHE_DIR
sudo chown `whoami` $SWIFT_AUTH_CACHE_DIR sudo chown $STACK_USER $SWIFT_AUTH_CACHE_DIR
rm -f $SWIFT_AUTH_CACHE_DIR/* rm -f $SWIFT_AUTH_CACHE_DIR/*
} }

View File

@ -177,40 +177,43 @@ VERBOSE=$(trueorfalse True $VERBOSE)
# sudo privileges and runs as that user. # sudo privileges and runs as that user.
if [[ $EUID -eq 0 ]]; then if [[ $EUID -eq 0 ]]; then
STACK_USER=$DEFAULT_STACK_USER
ROOTSLEEP=${ROOTSLEEP:-10} ROOTSLEEP=${ROOTSLEEP:-10}
echo "You are running this script as root." echo "You are running this script as root."
echo "In $ROOTSLEEP seconds, we will create a user 'stack' and run as that user" echo "In $ROOTSLEEP seconds, we will create a user '$STACK_USER' and run as that user"
sleep $ROOTSLEEP sleep $ROOTSLEEP
# Give the non-root user the ability to run as **root** via ``sudo`` # Give the non-root user the ability to run as **root** via ``sudo``
is_package_installed sudo || install_package sudo is_package_installed sudo || install_package sudo
if ! getent group stack >/dev/null; then if ! getent group $STACK_USER >/dev/null; then
echo "Creating a group called stack" echo "Creating a group called $STACK_USER"
groupadd stack groupadd $STACK_USER
fi fi
if ! getent passwd stack >/dev/null; then if ! getent passwd $STACK_USER >/dev/null; then
echo "Creating a user called stack" echo "Creating a user called $STACK_USER"
useradd -g stack -s /bin/bash -d $DEST -m stack useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
fi fi
echo "Giving stack user passwordless sudo privileges" echo "Giving stack user passwordless sudo privileges"
# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one # UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers || grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
echo "#includedir /etc/sudoers.d" >> /etc/sudoers echo "#includedir /etc/sudoers.d" >> /etc/sudoers
( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \ ( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
> /etc/sudoers.d/50_stack_sh ) > /etc/sudoers.d/50_stack_sh )
echo "Copying files to stack user" echo "Copying files to $STACK_USER user"
STACK_DIR="$DEST/${TOP_DIR##*/}" STACK_DIR="$DEST/${TOP_DIR##*/}"
cp -r -f -T "$TOP_DIR" "$STACK_DIR" cp -r -f -T "$TOP_DIR" "$STACK_DIR"
chown -R stack "$STACK_DIR" chown -R $STACK_USER "$STACK_DIR"
cd "$STACK_DIR"
if [[ "$SHELL_AFTER_RUN" != "no" ]]; then if [[ "$SHELL_AFTER_RUN" != "no" ]]; then
exec su -c "set -e; cd $STACK_DIR; bash stack.sh; bash" stack exec sudo -u $STACK_USER bash -l -c "set -e; bash stack.sh; bash"
else else
exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack exec sudo -u $STACK_USER bash -l -c "set -e; source stack.sh"
fi fi
exit 1 exit 1
else else
STACK_USER=`whoami`
# We're not **root**, make sure ``sudo`` is available # We're not **root**, make sure ``sudo`` is available
is_package_installed sudo || die "Sudo is required. Re-run stack.sh as root ONE TIME ONLY to set up sudo." is_package_installed sudo || die "Sudo is required. Re-run stack.sh as root ONE TIME ONLY to set up sudo."
@ -220,10 +223,10 @@ else
# Set up devstack sudoers # Set up devstack sudoers
TEMPFILE=`mktemp` TEMPFILE=`mktemp`
echo "`whoami` ALL=(root) NOPASSWD:ALL" >$TEMPFILE echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
# Some binaries might be under /sbin or /usr/sbin, so make sure sudo will # Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
# see them by forcing PATH # see them by forcing PATH
echo "Defaults:`whoami` secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
chmod 0440 $TEMPFILE chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
@ -235,7 +238,7 @@ fi
# Create the destination directory and ensure it is writable by the user # Create the destination directory and ensure it is writable by the user
sudo mkdir -p $DEST sudo mkdir -p $DEST
if [ ! -w $DEST ]; then if [ ! -w $DEST ]; then
sudo chown `whoami` $DEST sudo chown $STACK_USER $DEST
fi fi
# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without # Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
@ -251,7 +254,7 @@ ERROR_ON_CLONE=`trueorfalse False $ERROR_ON_CLONE`
# Destination path for service data # Destination path for service data
DATA_DIR=${DATA_DIR:-${DEST}/data} DATA_DIR=${DATA_DIR:-${DEST}/data}
sudo mkdir -p $DATA_DIR sudo mkdir -p $DATA_DIR
sudo chown `whoami` $DATA_DIR sudo chown $STACK_USER $DATA_DIR
# Common Configuration # Common Configuration

View File

@ -12,6 +12,9 @@ DATA_DIR=${DEST}/data
# Select the default database # Select the default database
DATABASE_TYPE=mysql DATABASE_TYPE=mysql
# Default stack user
DEFAULT_STACK_USER=stack
# Specify which services to launch. These generally correspond to # Specify which services to launch. These generally correspond to
# screen tabs. To change the default list, use the ``enable_service`` and # screen tabs. To change the default list, use the ``enable_service`` and
# ``disable_service`` functions in ``localrc``. # ``disable_service`` functions in ``localrc``.

View File

@ -125,17 +125,17 @@ if [ ! -r $DEV_FILE ]; then
# Create a stack user that is a member of the libvirtd group so that stack # Create a stack user that is a member of the libvirtd group so that stack
# is able to interact with libvirt. # is able to interact with libvirt.
chroot $MNTDIR groupadd libvirtd chroot $MNTDIR groupadd libvirtd
chroot $MNTDIR useradd stack -s /bin/bash -d $DEST -G libvirtd chroot $MNTDIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd
mkdir -p $MNTDIR/$DEST mkdir -p $MNTDIR/$DEST
chroot $MNTDIR chown stack $DEST chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST
# A simple password - pass # A simple password - pass
echo stack:pass | chroot $MNTDIR chpasswd echo $DEFAULT_STACK_USER:pass | chroot $MNTDIR chpasswd
echo root:$ROOT_PASSWORD | chroot $MNTDIR chpasswd echo root:$ROOT_PASSWORD | chroot $MNTDIR chpasswd
# And has sudo ability (in the future this should be limited to only what # And has sudo ability (in the future this should be limited to only what
# stack requires) # stack requires)
echo "stack ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers
umount $MNTDIR umount $MNTDIR
rmdir $MNTDIR rmdir $MNTDIR
@ -187,7 +187,7 @@ git_clone $OPENSTACKX_REPO $DEST/openstackx $OPENSTACKX_BRANCH
# Use this version of devstack # Use this version of devstack
rm -rf $MNTDIR/$DEST/devstack rm -rf $MNTDIR/$DEST/devstack
cp -pr $CWD $MNTDIR/$DEST/devstack cp -pr $CWD $MNTDIR/$DEST/devstack
chroot $MNTDIR chown -R stack $DEST/devstack chroot $MNTDIR chown -R $DEFAULT_STACK_USER $DEST/devstack
# Configure host network for DHCP # Configure host network for DHCP
mkdir -p $MNTDIR/etc/network mkdir -p $MNTDIR/etc/network
@ -225,7 +225,7 @@ EOF
# Make the run.sh executable # Make the run.sh executable
chmod 755 $RUN_SH chmod 755 $RUN_SH
chroot $MNTDIR chown stack $DEST/run.sh chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST/run.sh
umount $MNTDIR umount $MNTDIR
rmdir $MNTDIR rmdir $MNTDIR

View File

@ -207,11 +207,11 @@ ROOTSLEEP=0
`cat $TOP_DIR/localrc` `cat $TOP_DIR/localrc`
LOCAL_EOF LOCAL_EOF
fi fi
useradd -U -G sudo -s /bin/bash -d /opt/stack -m stack useradd -U -G sudo -s /bin/bash -d /opt/stack -m $DEFAULT_STACK_USER
echo stack:pass | chpasswd echo $DEFAULT_STACK_USER:pass | chpasswd
mkdir -p /opt/stack/.ssh mkdir -p /opt/stack/.ssh
echo "$PUB_KEY" > /opt/stack/.ssh/authorized_keys echo "$PUB_KEY" > /opt/stack/.ssh/authorized_keys
chown -R stack /opt/stack chown -R $DEFAULT_STACK_USER /opt/stack
chmod 700 /opt/stack/.ssh chmod 700 /opt/stack/.ssh
chmod 600 /opt/stack/.ssh/authorized_keys chmod 600 /opt/stack/.ssh/authorized_keys
@ -224,7 +224,7 @@ fi
# Run stack.sh # Run stack.sh
cat >> $vm_dir/uec/user-data<<EOF cat >> $vm_dir/uec/user-data<<EOF
su -c "cd /opt/stack/devstack && ./stack.sh" stack sudo -u $DEFAULT_STACK_USER bash -l -c "cd /opt/stack/devstack && ./stack.sh"
EOF EOF
# (re)start a metadata service # (re)start a metadata service

View File

@ -18,6 +18,9 @@ TOP_DIR=$(cd $TOOLS_DIR/..; pwd)
# Change dir to top of devstack # Change dir to top of devstack
cd $TOP_DIR cd $TOP_DIR
# Source params
source ./stackrc
# Echo usage # Echo usage
usage() { usage() {
echo "Add stack user and keys" echo "Add stack user and keys"
@ -43,13 +46,13 @@ mkdir -p $STAGING_DIR/$DEST
# Create a stack user that is a member of the libvirtd group so that stack # Create a stack user that is a member of the libvirtd group so that stack
# is able to interact with libvirt. # is able to interact with libvirt.
chroot $STAGING_DIR groupadd libvirtd || true chroot $STAGING_DIR groupadd libvirtd || true
chroot $STAGING_DIR useradd stack -s /bin/bash -d $DEST -G libvirtd || true chroot $STAGING_DIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd || true
# Add a simple password - pass # Add a simple password - pass
echo stack:pass | chroot $STAGING_DIR chpasswd echo $DEFAULT_STACK_USER:pass | chroot $STAGING_DIR chpasswd
# Configure sudo # Configure sudo
( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \ ( umask 226 && echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD:ALL" \
> $STAGING_DIR/etc/sudoers.d/50_stack_sh ) > $STAGING_DIR/etc/sudoers.d/50_stack_sh )
# Copy over your ssh keys and env if desired # Copy over your ssh keys and env if desired
@ -64,7 +67,7 @@ rm -rf $STAGING_DIR/$DEST/devstack
cp_it . $STAGING_DIR/$DEST/devstack cp_it . $STAGING_DIR/$DEST/devstack
# Give stack ownership over $DEST so it may do the work needed # Give stack ownership over $DEST so it may do the work needed
chroot $STAGING_DIR chown -R stack $DEST chroot $STAGING_DIR chown -R $DEFAULT_STACK_USER $DEST
# Unmount # Unmount
umount $STAGING_DIR umount $STAGING_DIR

View File

@ -65,8 +65,8 @@ cd $TOP_DIR
cat <<EOF >$STAGING_DIR/etc/rc.local cat <<EOF >$STAGING_DIR/etc/rc.local
# network restart required for getting the right gateway # network restart required for getting the right gateway
/etc/init.d/networking restart /etc/init.d/networking restart
chown -R stack /opt/stack chown -R $DEFAULT_STACK_USER /opt/stack
su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" stack su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" $DEFAULT_STACK_USER
exit 0 exit 0
EOF EOF

View File

@ -19,6 +19,7 @@ GUEST_PASSWORD=${GUEST_PASSWORD:-secrete}
STAGING_DIR=${STAGING_DIR:-stage} STAGING_DIR=${STAGING_DIR:-stage}
DO_TGZ=${DO_TGZ:-1} DO_TGZ=${DO_TGZ:-1}
XS_TOOLS_PATH=${XS_TOOLS_PATH:-"/root/xs-tools.deb"} XS_TOOLS_PATH=${XS_TOOLS_PATH:-"/root/xs-tools.deb"}
STACK_USER=${STACK_USER:-stack}
# Install basics # Install basics
chroot $STAGING_DIR apt-get update chroot $STAGING_DIR apt-get update
@ -46,12 +47,12 @@ rm -f $STAGING_DIR/etc/localtime
# Add stack user # Add stack user
chroot $STAGING_DIR groupadd libvirtd chroot $STAGING_DIR groupadd libvirtd
chroot $STAGING_DIR useradd stack -s /bin/bash -d /opt/stack -G libvirtd chroot $STAGING_DIR useradd $STACK_USER -s /bin/bash -d /opt/stack -G libvirtd
echo stack:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd echo $STACK_USER:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd
echo "stack ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers echo "$STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers
# Give ownership of /opt/stack to stack user # Give ownership of /opt/stack to stack user
chroot $STAGING_DIR chown -R stack /opt/stack chroot $STAGING_DIR chown -R $STACK_USER /opt/stack
# Make our ip address hostnames look nice at the command prompt # Make our ip address hostnames look nice at the command prompt
echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $STAGING_DIR/opt/stack/.bashrc echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $STAGING_DIR/opt/stack/.bashrc