Merge "Fix "sudo: sorry, you must have a tty to run sudo""
This commit is contained in:
commit
fec9355fd2
@ -200,14 +200,14 @@ function configure_baremetal_nova_dirs() {
|
|||||||
sudo mkdir -p /tftpboot
|
sudo mkdir -p /tftpboot
|
||||||
sudo mkdir -p /tftpboot/pxelinux.cfg
|
sudo mkdir -p /tftpboot/pxelinux.cfg
|
||||||
sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
|
sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
|
||||||
sudo chown -R `whoami`:libvirtd /tftpboot
|
sudo chown -R $STACK_USER:libvirtd /tftpboot
|
||||||
|
|
||||||
# ensure $NOVA_STATE_PATH/baremetal is prepared
|
# ensure $NOVA_STATE_PATH/baremetal is prepared
|
||||||
sudo mkdir -p $NOVA_STATE_PATH/baremetal
|
sudo mkdir -p $NOVA_STATE_PATH/baremetal
|
||||||
sudo mkdir -p $NOVA_STATE_PATH/baremetal/console
|
sudo mkdir -p $NOVA_STATE_PATH/baremetal/console
|
||||||
sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq
|
sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq
|
||||||
sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host
|
sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host
|
||||||
sudo chown -R `whoami` $NOVA_STATE_PATH/baremetal
|
sudo chown -R $STACK_USER $NOVA_STATE_PATH/baremetal
|
||||||
|
|
||||||
# ensure dnsmasq is installed but not running
|
# ensure dnsmasq is installed but not running
|
||||||
# because baremetal driver will reconfigure and restart this as needed
|
# because baremetal driver will reconfigure and restart this as needed
|
||||||
|
@ -9,6 +9,7 @@
|
|||||||
# - OS_AUTH_URL for auth in api
|
# - OS_AUTH_URL for auth in api
|
||||||
# - DEST set to the destination directory
|
# - DEST set to the destination directory
|
||||||
# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
|
# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
|
||||||
|
# - STACK_USER service user
|
||||||
|
|
||||||
# stack.sh
|
# stack.sh
|
||||||
# ---------
|
# ---------
|
||||||
@ -94,7 +95,7 @@ function configure_ceilometer() {
|
|||||||
function init_ceilometer() {
|
function init_ceilometer() {
|
||||||
# Create cache dir
|
# Create cache dir
|
||||||
sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR
|
sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR
|
||||||
sudo chown `whoami` $CEILOMETER_AUTH_CACHE_DIR
|
sudo chown $STACK_USER $CEILOMETER_AUTH_CACHE_DIR
|
||||||
rm -f $CEILOMETER_AUTH_CACHE_DIR/*
|
rm -f $CEILOMETER_AUTH_CACHE_DIR/*
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
# Dependencies:
|
# Dependencies:
|
||||||
# - functions
|
# - functions
|
||||||
# - DEST, DATA_DIR must be defined
|
# - DEST, DATA_DIR, STACK_USER must be defined
|
||||||
# SERVICE_{TENANT_NAME|PASSWORD} must be defined
|
# SERVICE_{TENANT_NAME|PASSWORD} must be defined
|
||||||
# ``KEYSTONE_TOKEN_FORMAT`` must be defined
|
# ``KEYSTONE_TOKEN_FORMAT`` must be defined
|
||||||
|
|
||||||
@ -116,7 +116,7 @@ function configure_cinder() {
|
|||||||
if [[ ! -d $CINDER_CONF_DIR ]]; then
|
if [[ ! -d $CINDER_CONF_DIR ]]; then
|
||||||
sudo mkdir -p $CINDER_CONF_DIR
|
sudo mkdir -p $CINDER_CONF_DIR
|
||||||
fi
|
fi
|
||||||
sudo chown `whoami` $CINDER_CONF_DIR
|
sudo chown $STACK_USER $CINDER_CONF_DIR
|
||||||
|
|
||||||
cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR
|
cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR
|
||||||
|
|
||||||
@ -306,7 +306,7 @@ function init_cinder() {
|
|||||||
|
|
||||||
# Create cache dir
|
# Create cache dir
|
||||||
sudo mkdir -p $CINDER_AUTH_CACHE_DIR
|
sudo mkdir -p $CINDER_AUTH_CACHE_DIR
|
||||||
sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
|
sudo chown $STACK_USER $CINDER_AUTH_CACHE_DIR
|
||||||
rm -f $CINDER_AUTH_CACHE_DIR/*
|
rm -f $CINDER_AUTH_CACHE_DIR/*
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
# Dependencies:
|
# Dependencies:
|
||||||
# ``functions`` file
|
# ``functions`` file
|
||||||
# ``DEST``, ``DATA_DIR`` must be defined
|
# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
|
||||||
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
|
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
|
||||||
# ``SERVICE_HOST``
|
# ``SERVICE_HOST``
|
||||||
# ``KEYSTONE_TOKEN_FORMAT`` must be defined
|
# ``KEYSTONE_TOKEN_FORMAT`` must be defined
|
||||||
@ -75,7 +75,7 @@ function configure_glance() {
|
|||||||
if [[ ! -d $GLANCE_CONF_DIR ]]; then
|
if [[ ! -d $GLANCE_CONF_DIR ]]; then
|
||||||
sudo mkdir -p $GLANCE_CONF_DIR
|
sudo mkdir -p $GLANCE_CONF_DIR
|
||||||
fi
|
fi
|
||||||
sudo chown `whoami` $GLANCE_CONF_DIR
|
sudo chown $STACK_USER $GLANCE_CONF_DIR
|
||||||
|
|
||||||
# Copy over our glance configurations and update them
|
# Copy over our glance configurations and update them
|
||||||
cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
|
cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
|
||||||
@ -158,10 +158,10 @@ function init_glance() {
|
|||||||
|
|
||||||
# Create cache dir
|
# Create cache dir
|
||||||
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
|
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
|
||||||
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
|
sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/api
|
||||||
rm -f $GLANCE_AUTH_CACHE_DIR/api/*
|
rm -f $GLANCE_AUTH_CACHE_DIR/api/*
|
||||||
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
|
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
|
||||||
sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
|
sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/registry
|
||||||
rm -f $GLANCE_AUTH_CACHE_DIR/registry/*
|
rm -f $GLANCE_AUTH_CACHE_DIR/registry/*
|
||||||
}
|
}
|
||||||
|
|
||||||
|
2
lib/heat
2
lib/heat
@ -49,7 +49,7 @@ function configure_heat() {
|
|||||||
if [[ ! -d $HEAT_CONF_DIR ]]; then
|
if [[ ! -d $HEAT_CONF_DIR ]]; then
|
||||||
sudo mkdir -p $HEAT_CONF_DIR
|
sudo mkdir -p $HEAT_CONF_DIR
|
||||||
fi
|
fi
|
||||||
sudo chown `whoami` $HEAT_CONF_DIR
|
sudo chown $STACK_USER $HEAT_CONF_DIR
|
||||||
|
|
||||||
HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$SERVICE_HOST}
|
HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$SERVICE_HOST}
|
||||||
HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}
|
HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}
|
||||||
|
@ -7,6 +7,7 @@
|
|||||||
# ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
|
# ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
|
||||||
# ``SERVICE_TOKEN``
|
# ``SERVICE_TOKEN``
|
||||||
# ``S3_SERVICE_PORT`` (template backend only)
|
# ``S3_SERVICE_PORT`` (template backend only)
|
||||||
|
# ``STACK_USER``
|
||||||
|
|
||||||
# ``stack.sh`` calls the entry points in this order:
|
# ``stack.sh`` calls the entry points in this order:
|
||||||
#
|
#
|
||||||
@ -79,7 +80,7 @@ function configure_keystone() {
|
|||||||
if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
|
if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
|
||||||
sudo mkdir -p $KEYSTONE_CONF_DIR
|
sudo mkdir -p $KEYSTONE_CONF_DIR
|
||||||
fi
|
fi
|
||||||
sudo chown `whoami` $KEYSTONE_CONF_DIR
|
sudo chown $STACK_USER $KEYSTONE_CONF_DIR
|
||||||
|
|
||||||
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
|
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
|
||||||
cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
|
cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
|
||||||
@ -261,7 +262,7 @@ function init_keystone() {
|
|||||||
|
|
||||||
# Create cache dir
|
# Create cache dir
|
||||||
sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
|
sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
|
||||||
sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR
|
sudo chown $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
|
||||||
rm -f $KEYSTONE_AUTH_CACHE_DIR/*
|
rm -f $KEYSTONE_AUTH_CACHE_DIR/*
|
||||||
fi
|
fi
|
||||||
}
|
}
|
||||||
|
12
lib/nova
12
lib/nova
@ -3,7 +3,7 @@
|
|||||||
|
|
||||||
# Dependencies:
|
# Dependencies:
|
||||||
# ``functions`` file
|
# ``functions`` file
|
||||||
# ``DEST``, ``DATA_DIR`` must be defined
|
# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
|
||||||
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
|
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
|
||||||
# ``LIBVIRT_TYPE`` must be defined
|
# ``LIBVIRT_TYPE`` must be defined
|
||||||
# ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
|
# ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
|
||||||
@ -149,7 +149,7 @@ function configure_nova() {
|
|||||||
if [[ ! -d $NOVA_CONF_DIR ]]; then
|
if [[ ! -d $NOVA_CONF_DIR ]]; then
|
||||||
sudo mkdir -p $NOVA_CONF_DIR
|
sudo mkdir -p $NOVA_CONF_DIR
|
||||||
fi
|
fi
|
||||||
sudo chown `whoami` $NOVA_CONF_DIR
|
sudo chown $STACK_USER $NOVA_CONF_DIR
|
||||||
|
|
||||||
cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
|
cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
|
||||||
|
|
||||||
@ -277,7 +277,7 @@ EOF"
|
|||||||
if ! getent group libvirtd >/dev/null; then
|
if ! getent group libvirtd >/dev/null; then
|
||||||
sudo groupadd libvirtd
|
sudo groupadd libvirtd
|
||||||
fi
|
fi
|
||||||
add_user_to_group `whoami` libvirtd
|
add_user_to_group $STACK_USER libvirtd
|
||||||
|
|
||||||
# libvirt detects various settings on startup, as we potentially changed
|
# libvirt detects various settings on startup, as we potentially changed
|
||||||
# the system configuration (modules, filesystems), we need to restart
|
# the system configuration (modules, filesystems), we need to restart
|
||||||
@ -297,7 +297,7 @@ EOF"
|
|||||||
if [ -L /dev/disk/by-label/nova-instances ]; then
|
if [ -L /dev/disk/by-label/nova-instances ]; then
|
||||||
if ! mount -n | grep -q $NOVA_INSTANCES_PATH; then
|
if ! mount -n | grep -q $NOVA_INSTANCES_PATH; then
|
||||||
sudo mount -L nova-instances $NOVA_INSTANCES_PATH
|
sudo mount -L nova-instances $NOVA_INSTANCES_PATH
|
||||||
sudo chown -R `whoami` $NOVA_INSTANCES_PATH
|
sudo chown -R $STACK_USER $NOVA_INSTANCES_PATH
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@ -474,13 +474,13 @@ function init_nova() {
|
|||||||
|
|
||||||
# Create cache dir
|
# Create cache dir
|
||||||
sudo mkdir -p $NOVA_AUTH_CACHE_DIR
|
sudo mkdir -p $NOVA_AUTH_CACHE_DIR
|
||||||
sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
|
sudo chown $STACK_USER $NOVA_AUTH_CACHE_DIR
|
||||||
rm -f $NOVA_AUTH_CACHE_DIR/*
|
rm -f $NOVA_AUTH_CACHE_DIR/*
|
||||||
|
|
||||||
# Create the keys folder
|
# Create the keys folder
|
||||||
sudo mkdir -p ${NOVA_STATE_PATH}/keys
|
sudo mkdir -p ${NOVA_STATE_PATH}/keys
|
||||||
# make sure we own NOVA_STATE_PATH and all subdirs
|
# make sure we own NOVA_STATE_PATH and all subdirs
|
||||||
sudo chown -R `whoami` ${NOVA_STATE_PATH}
|
sudo chown -R $STACK_USER ${NOVA_STATE_PATH}
|
||||||
}
|
}
|
||||||
|
|
||||||
# install_novaclient() - Collect source and prepare
|
# install_novaclient() - Collect source and prepare
|
||||||
|
@ -390,7 +390,7 @@ function _configure_quantum_common() {
|
|||||||
if [[ ! -d $QUANTUM_CONF_DIR ]]; then
|
if [[ ! -d $QUANTUM_CONF_DIR ]]; then
|
||||||
sudo mkdir -p $QUANTUM_CONF_DIR
|
sudo mkdir -p $QUANTUM_CONF_DIR
|
||||||
fi
|
fi
|
||||||
sudo chown `whoami` $QUANTUM_CONF_DIR
|
sudo chown $STACK_USER $QUANTUM_CONF_DIR
|
||||||
|
|
||||||
cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF
|
cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF
|
||||||
|
|
||||||
@ -742,7 +742,7 @@ function _quantum_setup_keystone() {
|
|||||||
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
|
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
|
||||||
# Create cache dir
|
# Create cache dir
|
||||||
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
|
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
|
||||||
sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
|
sudo chown $STACK_USER $QUANTUM_AUTH_CACHE_DIR
|
||||||
rm -f $QUANTUM_AUTH_CACHE_DIR/*
|
rm -f $QUANTUM_AUTH_CACHE_DIR/*
|
||||||
}
|
}
|
||||||
|
|
||||||
|
2
lib/ryu
2
lib/ryu
@ -27,7 +27,7 @@ function init_ryu() {
|
|||||||
if [[ ! -d $RYU_CONF_DIR ]]; then
|
if [[ ! -d $RYU_CONF_DIR ]]; then
|
||||||
sudo mkdir -p $RYU_CONF_DIR
|
sudo mkdir -p $RYU_CONF_DIR
|
||||||
fi
|
fi
|
||||||
sudo chown `whoami` $RYU_CONF_DIR
|
sudo chown $STACK_USER $RYU_CONF_DIR
|
||||||
RYU_CONF=$RYU_CONF_DIR/ryu.conf
|
RYU_CONF=$RYU_CONF_DIR/ryu.conf
|
||||||
sudo rm -rf $RYU_CONF
|
sudo rm -rf $RYU_CONF
|
||||||
|
|
||||||
|
@ -4,6 +4,7 @@
|
|||||||
# Dependencies:
|
# Dependencies:
|
||||||
# ``functions`` file
|
# ``functions`` file
|
||||||
# ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined
|
# ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined
|
||||||
|
# ``STACK_USER`` must be defined
|
||||||
# ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined
|
# ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined
|
||||||
# ``lib/keystone`` file
|
# ``lib/keystone`` file
|
||||||
# ``stack.sh`` calls the entry points in this order:
|
# ``stack.sh`` calls the entry points in this order:
|
||||||
@ -333,7 +334,7 @@ function init_swift() {
|
|||||||
|
|
||||||
# Create cache dir
|
# Create cache dir
|
||||||
sudo mkdir -p $SWIFT_AUTH_CACHE_DIR
|
sudo mkdir -p $SWIFT_AUTH_CACHE_DIR
|
||||||
sudo chown `whoami` $SWIFT_AUTH_CACHE_DIR
|
sudo chown $STACK_USER $SWIFT_AUTH_CACHE_DIR
|
||||||
rm -f $SWIFT_AUTH_CACHE_DIR/*
|
rm -f $SWIFT_AUTH_CACHE_DIR/*
|
||||||
}
|
}
|
||||||
|
|
||||||
|
35
stack.sh
35
stack.sh
@ -177,40 +177,43 @@ VERBOSE=$(trueorfalse True $VERBOSE)
|
|||||||
# sudo privileges and runs as that user.
|
# sudo privileges and runs as that user.
|
||||||
|
|
||||||
if [[ $EUID -eq 0 ]]; then
|
if [[ $EUID -eq 0 ]]; then
|
||||||
|
STACK_USER=$DEFAULT_STACK_USER
|
||||||
ROOTSLEEP=${ROOTSLEEP:-10}
|
ROOTSLEEP=${ROOTSLEEP:-10}
|
||||||
echo "You are running this script as root."
|
echo "You are running this script as root."
|
||||||
echo "In $ROOTSLEEP seconds, we will create a user 'stack' and run as that user"
|
echo "In $ROOTSLEEP seconds, we will create a user '$STACK_USER' and run as that user"
|
||||||
sleep $ROOTSLEEP
|
sleep $ROOTSLEEP
|
||||||
|
|
||||||
# Give the non-root user the ability to run as **root** via ``sudo``
|
# Give the non-root user the ability to run as **root** via ``sudo``
|
||||||
is_package_installed sudo || install_package sudo
|
is_package_installed sudo || install_package sudo
|
||||||
if ! getent group stack >/dev/null; then
|
if ! getent group $STACK_USER >/dev/null; then
|
||||||
echo "Creating a group called stack"
|
echo "Creating a group called $STACK_USER"
|
||||||
groupadd stack
|
groupadd $STACK_USER
|
||||||
fi
|
fi
|
||||||
if ! getent passwd stack >/dev/null; then
|
if ! getent passwd $STACK_USER >/dev/null; then
|
||||||
echo "Creating a user called stack"
|
echo "Creating a user called $STACK_USER"
|
||||||
useradd -g stack -s /bin/bash -d $DEST -m stack
|
useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo "Giving stack user passwordless sudo privileges"
|
echo "Giving stack user passwordless sudo privileges"
|
||||||
# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
|
# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
|
||||||
grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
|
grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
|
||||||
echo "#includedir /etc/sudoers.d" >> /etc/sudoers
|
echo "#includedir /etc/sudoers.d" >> /etc/sudoers
|
||||||
( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \
|
( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
|
||||||
> /etc/sudoers.d/50_stack_sh )
|
> /etc/sudoers.d/50_stack_sh )
|
||||||
|
|
||||||
echo "Copying files to stack user"
|
echo "Copying files to $STACK_USER user"
|
||||||
STACK_DIR="$DEST/${TOP_DIR##*/}"
|
STACK_DIR="$DEST/${TOP_DIR##*/}"
|
||||||
cp -r -f -T "$TOP_DIR" "$STACK_DIR"
|
cp -r -f -T "$TOP_DIR" "$STACK_DIR"
|
||||||
chown -R stack "$STACK_DIR"
|
chown -R $STACK_USER "$STACK_DIR"
|
||||||
|
cd "$STACK_DIR"
|
||||||
if [[ "$SHELL_AFTER_RUN" != "no" ]]; then
|
if [[ "$SHELL_AFTER_RUN" != "no" ]]; then
|
||||||
exec su -c "set -e; cd $STACK_DIR; bash stack.sh; bash" stack
|
exec sudo -u $STACK_USER bash -l -c "set -e; bash stack.sh; bash"
|
||||||
else
|
else
|
||||||
exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack
|
exec sudo -u $STACK_USER bash -l -c "set -e; source stack.sh"
|
||||||
fi
|
fi
|
||||||
exit 1
|
exit 1
|
||||||
else
|
else
|
||||||
|
STACK_USER=`whoami`
|
||||||
# We're not **root**, make sure ``sudo`` is available
|
# We're not **root**, make sure ``sudo`` is available
|
||||||
is_package_installed sudo || die "Sudo is required. Re-run stack.sh as root ONE TIME ONLY to set up sudo."
|
is_package_installed sudo || die "Sudo is required. Re-run stack.sh as root ONE TIME ONLY to set up sudo."
|
||||||
|
|
||||||
@ -220,10 +223,10 @@ else
|
|||||||
|
|
||||||
# Set up devstack sudoers
|
# Set up devstack sudoers
|
||||||
TEMPFILE=`mktemp`
|
TEMPFILE=`mktemp`
|
||||||
echo "`whoami` ALL=(root) NOPASSWD:ALL" >$TEMPFILE
|
echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
|
||||||
# Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
|
# Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
|
||||||
# see them by forcing PATH
|
# see them by forcing PATH
|
||||||
echo "Defaults:`whoami` secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
|
echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
|
||||||
chmod 0440 $TEMPFILE
|
chmod 0440 $TEMPFILE
|
||||||
sudo chown root:root $TEMPFILE
|
sudo chown root:root $TEMPFILE
|
||||||
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
|
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
|
||||||
@ -235,7 +238,7 @@ fi
|
|||||||
# Create the destination directory and ensure it is writable by the user
|
# Create the destination directory and ensure it is writable by the user
|
||||||
sudo mkdir -p $DEST
|
sudo mkdir -p $DEST
|
||||||
if [ ! -w $DEST ]; then
|
if [ ! -w $DEST ]; then
|
||||||
sudo chown `whoami` $DEST
|
sudo chown $STACK_USER $DEST
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
|
# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
|
||||||
@ -251,7 +254,7 @@ ERROR_ON_CLONE=`trueorfalse False $ERROR_ON_CLONE`
|
|||||||
# Destination path for service data
|
# Destination path for service data
|
||||||
DATA_DIR=${DATA_DIR:-${DEST}/data}
|
DATA_DIR=${DATA_DIR:-${DEST}/data}
|
||||||
sudo mkdir -p $DATA_DIR
|
sudo mkdir -p $DATA_DIR
|
||||||
sudo chown `whoami` $DATA_DIR
|
sudo chown $STACK_USER $DATA_DIR
|
||||||
|
|
||||||
|
|
||||||
# Common Configuration
|
# Common Configuration
|
||||||
|
3
stackrc
3
stackrc
@ -12,6 +12,9 @@ DATA_DIR=${DEST}/data
|
|||||||
# Select the default database
|
# Select the default database
|
||||||
DATABASE_TYPE=mysql
|
DATABASE_TYPE=mysql
|
||||||
|
|
||||||
|
# Default stack user
|
||||||
|
DEFAULT_STACK_USER=stack
|
||||||
|
|
||||||
# Specify which services to launch. These generally correspond to
|
# Specify which services to launch. These generally correspond to
|
||||||
# screen tabs. To change the default list, use the ``enable_service`` and
|
# screen tabs. To change the default list, use the ``enable_service`` and
|
||||||
# ``disable_service`` functions in ``localrc``.
|
# ``disable_service`` functions in ``localrc``.
|
||||||
|
@ -125,17 +125,17 @@ if [ ! -r $DEV_FILE ]; then
|
|||||||
# Create a stack user that is a member of the libvirtd group so that stack
|
# Create a stack user that is a member of the libvirtd group so that stack
|
||||||
# is able to interact with libvirt.
|
# is able to interact with libvirt.
|
||||||
chroot $MNTDIR groupadd libvirtd
|
chroot $MNTDIR groupadd libvirtd
|
||||||
chroot $MNTDIR useradd stack -s /bin/bash -d $DEST -G libvirtd
|
chroot $MNTDIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd
|
||||||
mkdir -p $MNTDIR/$DEST
|
mkdir -p $MNTDIR/$DEST
|
||||||
chroot $MNTDIR chown stack $DEST
|
chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST
|
||||||
|
|
||||||
# A simple password - pass
|
# A simple password - pass
|
||||||
echo stack:pass | chroot $MNTDIR chpasswd
|
echo $DEFAULT_STACK_USER:pass | chroot $MNTDIR chpasswd
|
||||||
echo root:$ROOT_PASSWORD | chroot $MNTDIR chpasswd
|
echo root:$ROOT_PASSWORD | chroot $MNTDIR chpasswd
|
||||||
|
|
||||||
# And has sudo ability (in the future this should be limited to only what
|
# And has sudo ability (in the future this should be limited to only what
|
||||||
# stack requires)
|
# stack requires)
|
||||||
echo "stack ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers
|
echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers
|
||||||
|
|
||||||
umount $MNTDIR
|
umount $MNTDIR
|
||||||
rmdir $MNTDIR
|
rmdir $MNTDIR
|
||||||
@ -187,7 +187,7 @@ git_clone $OPENSTACKX_REPO $DEST/openstackx $OPENSTACKX_BRANCH
|
|||||||
# Use this version of devstack
|
# Use this version of devstack
|
||||||
rm -rf $MNTDIR/$DEST/devstack
|
rm -rf $MNTDIR/$DEST/devstack
|
||||||
cp -pr $CWD $MNTDIR/$DEST/devstack
|
cp -pr $CWD $MNTDIR/$DEST/devstack
|
||||||
chroot $MNTDIR chown -R stack $DEST/devstack
|
chroot $MNTDIR chown -R $DEFAULT_STACK_USER $DEST/devstack
|
||||||
|
|
||||||
# Configure host network for DHCP
|
# Configure host network for DHCP
|
||||||
mkdir -p $MNTDIR/etc/network
|
mkdir -p $MNTDIR/etc/network
|
||||||
@ -225,7 +225,7 @@ EOF
|
|||||||
|
|
||||||
# Make the run.sh executable
|
# Make the run.sh executable
|
||||||
chmod 755 $RUN_SH
|
chmod 755 $RUN_SH
|
||||||
chroot $MNTDIR chown stack $DEST/run.sh
|
chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST/run.sh
|
||||||
|
|
||||||
umount $MNTDIR
|
umount $MNTDIR
|
||||||
rmdir $MNTDIR
|
rmdir $MNTDIR
|
||||||
|
@ -207,11 +207,11 @@ ROOTSLEEP=0
|
|||||||
`cat $TOP_DIR/localrc`
|
`cat $TOP_DIR/localrc`
|
||||||
LOCAL_EOF
|
LOCAL_EOF
|
||||||
fi
|
fi
|
||||||
useradd -U -G sudo -s /bin/bash -d /opt/stack -m stack
|
useradd -U -G sudo -s /bin/bash -d /opt/stack -m $DEFAULT_STACK_USER
|
||||||
echo stack:pass | chpasswd
|
echo $DEFAULT_STACK_USER:pass | chpasswd
|
||||||
mkdir -p /opt/stack/.ssh
|
mkdir -p /opt/stack/.ssh
|
||||||
echo "$PUB_KEY" > /opt/stack/.ssh/authorized_keys
|
echo "$PUB_KEY" > /opt/stack/.ssh/authorized_keys
|
||||||
chown -R stack /opt/stack
|
chown -R $DEFAULT_STACK_USER /opt/stack
|
||||||
chmod 700 /opt/stack/.ssh
|
chmod 700 /opt/stack/.ssh
|
||||||
chmod 600 /opt/stack/.ssh/authorized_keys
|
chmod 600 /opt/stack/.ssh/authorized_keys
|
||||||
|
|
||||||
@ -224,7 +224,7 @@ fi
|
|||||||
|
|
||||||
# Run stack.sh
|
# Run stack.sh
|
||||||
cat >> $vm_dir/uec/user-data<<EOF
|
cat >> $vm_dir/uec/user-data<<EOF
|
||||||
su -c "cd /opt/stack/devstack && ./stack.sh" stack
|
sudo -u $DEFAULT_STACK_USER bash -l -c "cd /opt/stack/devstack && ./stack.sh"
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
# (re)start a metadata service
|
# (re)start a metadata service
|
||||||
|
@ -18,6 +18,9 @@ TOP_DIR=$(cd $TOOLS_DIR/..; pwd)
|
|||||||
# Change dir to top of devstack
|
# Change dir to top of devstack
|
||||||
cd $TOP_DIR
|
cd $TOP_DIR
|
||||||
|
|
||||||
|
# Source params
|
||||||
|
source ./stackrc
|
||||||
|
|
||||||
# Echo usage
|
# Echo usage
|
||||||
usage() {
|
usage() {
|
||||||
echo "Add stack user and keys"
|
echo "Add stack user and keys"
|
||||||
@ -43,13 +46,13 @@ mkdir -p $STAGING_DIR/$DEST
|
|||||||
# Create a stack user that is a member of the libvirtd group so that stack
|
# Create a stack user that is a member of the libvirtd group so that stack
|
||||||
# is able to interact with libvirt.
|
# is able to interact with libvirt.
|
||||||
chroot $STAGING_DIR groupadd libvirtd || true
|
chroot $STAGING_DIR groupadd libvirtd || true
|
||||||
chroot $STAGING_DIR useradd stack -s /bin/bash -d $DEST -G libvirtd || true
|
chroot $STAGING_DIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd || true
|
||||||
|
|
||||||
# Add a simple password - pass
|
# Add a simple password - pass
|
||||||
echo stack:pass | chroot $STAGING_DIR chpasswd
|
echo $DEFAULT_STACK_USER:pass | chroot $STAGING_DIR chpasswd
|
||||||
|
|
||||||
# Configure sudo
|
# Configure sudo
|
||||||
( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \
|
( umask 226 && echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD:ALL" \
|
||||||
> $STAGING_DIR/etc/sudoers.d/50_stack_sh )
|
> $STAGING_DIR/etc/sudoers.d/50_stack_sh )
|
||||||
|
|
||||||
# Copy over your ssh keys and env if desired
|
# Copy over your ssh keys and env if desired
|
||||||
@ -64,7 +67,7 @@ rm -rf $STAGING_DIR/$DEST/devstack
|
|||||||
cp_it . $STAGING_DIR/$DEST/devstack
|
cp_it . $STAGING_DIR/$DEST/devstack
|
||||||
|
|
||||||
# Give stack ownership over $DEST so it may do the work needed
|
# Give stack ownership over $DEST so it may do the work needed
|
||||||
chroot $STAGING_DIR chown -R stack $DEST
|
chroot $STAGING_DIR chown -R $DEFAULT_STACK_USER $DEST
|
||||||
|
|
||||||
# Unmount
|
# Unmount
|
||||||
umount $STAGING_DIR
|
umount $STAGING_DIR
|
||||||
|
@ -65,8 +65,8 @@ cd $TOP_DIR
|
|||||||
cat <<EOF >$STAGING_DIR/etc/rc.local
|
cat <<EOF >$STAGING_DIR/etc/rc.local
|
||||||
# network restart required for getting the right gateway
|
# network restart required for getting the right gateway
|
||||||
/etc/init.d/networking restart
|
/etc/init.d/networking restart
|
||||||
chown -R stack /opt/stack
|
chown -R $DEFAULT_STACK_USER /opt/stack
|
||||||
su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" stack
|
su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" $DEFAULT_STACK_USER
|
||||||
exit 0
|
exit 0
|
||||||
EOF
|
EOF
|
||||||
|
|
||||||
|
@ -19,6 +19,7 @@ GUEST_PASSWORD=${GUEST_PASSWORD:-secrete}
|
|||||||
STAGING_DIR=${STAGING_DIR:-stage}
|
STAGING_DIR=${STAGING_DIR:-stage}
|
||||||
DO_TGZ=${DO_TGZ:-1}
|
DO_TGZ=${DO_TGZ:-1}
|
||||||
XS_TOOLS_PATH=${XS_TOOLS_PATH:-"/root/xs-tools.deb"}
|
XS_TOOLS_PATH=${XS_TOOLS_PATH:-"/root/xs-tools.deb"}
|
||||||
|
STACK_USER=${STACK_USER:-stack}
|
||||||
|
|
||||||
# Install basics
|
# Install basics
|
||||||
chroot $STAGING_DIR apt-get update
|
chroot $STAGING_DIR apt-get update
|
||||||
@ -46,12 +47,12 @@ rm -f $STAGING_DIR/etc/localtime
|
|||||||
|
|
||||||
# Add stack user
|
# Add stack user
|
||||||
chroot $STAGING_DIR groupadd libvirtd
|
chroot $STAGING_DIR groupadd libvirtd
|
||||||
chroot $STAGING_DIR useradd stack -s /bin/bash -d /opt/stack -G libvirtd
|
chroot $STAGING_DIR useradd $STACK_USER -s /bin/bash -d /opt/stack -G libvirtd
|
||||||
echo stack:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd
|
echo $STACK_USER:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd
|
||||||
echo "stack ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers
|
echo "$STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers
|
||||||
|
|
||||||
# Give ownership of /opt/stack to stack user
|
# Give ownership of /opt/stack to stack user
|
||||||
chroot $STAGING_DIR chown -R stack /opt/stack
|
chroot $STAGING_DIR chown -R $STACK_USER /opt/stack
|
||||||
|
|
||||||
# Make our ip address hostnames look nice at the command prompt
|
# Make our ip address hostnames look nice at the command prompt
|
||||||
echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $STAGING_DIR/opt/stack/.bashrc
|
echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $STAGING_DIR/opt/stack/.bashrc
|
||||||
|
Loading…
Reference in New Issue
Block a user