openstack/devstack
Code Issues Proposed changes
c58c5d60ce
devstack/tools/create-stack-user.sh
Ian Wienand 7710e7fc27 Only use lsb_release for distro tags 
The existing GetOSVersion has a lot of unused code which is wrong in
several ways

 - the only path tested in upstream CI is with lsb_release, because
   it's pre-installed on all nodes

 - the /etc/redhat-release checking probably still works, but is
   unnecessary

 - If using lsb_release, os_UPDATE has never actually been set.

 - the /etc/SuSE-release branch checking is broken if the lsb package
   is actually installed.  lsb checking does not set os_UPDATE but yet
   the SuSE DISTRO setting relies on this to set a patch level (and so
   does some of the rpm tags).  SuSE 11 is up to update 3, but the rpm
   matching is stuck hard-coded to update 2.  I'm guessing
   installation is actually broken there.

 - the debian checking branch is broken.  The VERSION tags have been
   removed and were not supposed to be relied on anyway (see notes in
   [1])

This simplifies things:

 - remove OSX checking (moved here after discussions in
   I31d0fdd30928ecc8d959a95838b1d3affd28ac6f)

 - only use the output of lsb_release.

 - A small best-effort check to pre-install lsb packages if not
   detected (that avoids chicken-egg-problem of package-install
   wrappers relying on os_* flags).

 - The unset os_UPDATE is removed.  It's only previous use was for
   setting separate suse versions in the DISTRO element for matching
   during package installs (since removed)

 - DISTRO setting is modified to use the parts of os_RELEASE it wants.
   Per-above, this is the correct place to parse out specifics.

 - Call out the is_* functions, which are a better way to detect
   platforms

 - Export the variables as read-only, since they shouldn't be reset

[1] http://sources.debian.net/src/base-files/7.5/debian/changelog/

Change-Id: I46a2c36d95327087085df07cb797eb91249a893c
2016-01-12 09:23:35 +11:00

55 lines
1.7 KiB
Bash
Executable File
Raw Blame History

#!/usr/bin/env bash
# **create-stack-user.sh**
# Create a user account suitable for running DevStack
# - create a group named $STACK_USER if it does not exist
# - create a user named $STACK_USER if it does not exist
#
# - home is $DEST
#
# - configure sudo for $STACK_USER
# ``stack.sh`` was never intended to run as root. It had a hack to do what is
# now in this script and re-launch itself, but that hack was less than perfect
# and it was time for this nonsense to stop. Run this script as root to create
# the user and configure sudo.
set -o errexit
# Keep track of the DevStack directory
TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
# Import common functions
source $TOP_DIR/functions
# Determine what system we are running on. This provides ``os_VENDOR``,
# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
# and ``DISTRO``
GetDistro
# Needed to get ``ENABLED_SERVICES`` and ``STACK_USER``
source $TOP_DIR/stackrc
# Give the non-root user the ability to run as **root** via ``sudo``
is_package_installed sudo || install_package sudo
[[ -z "$STACK_USER" ]] && die "STACK_USER is not set. Exiting."
if ! getent group $STACK_USER >/dev/null; then
echo "Creating a group called $STACK_USER"
groupadd $STACK_USER
fi
if ! getent passwd $STACK_USER >/dev/null; then
echo "Creating a user called $STACK_USER"
useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
fi
echo "Giving stack user passwordless sudo privileges"
# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
echo "#includedir /etc/sudoers.d" >> /etc/sudoers
( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
> /etc/sudoers.d/50_stack_sh )
View Git Blame Copy Permalink