From 00e574e59592f7e95f39dabb7342d802b62566f1 Mon Sep 17 00:00:00 2001
From: Tomas Sedovic <tsedovic@redhat.com>
Date: Fri, 14 Feb 2014 12:15:01 -0500
Subject: [PATCH] Don't disable SELinux in cloud-init's boothook.sh

This is a first step towards fixing #1257410 as outlined in the bug
report.

Disabling SELinux is not necessary, but the fact that we're using both
the `user` directive in cloudinit/config and `useradd` in boothook.sh
is a bit confusing so this documents the reasons for both.

Change-Id: Ife4fec99650341de698eb51741d96f95de00dcf0
Partial-Bug: #1257410
---
 heat/cloudinit/boothook.sh | 6 +++++-
 heat/cloudinit/config      | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/heat/cloudinit/boothook.sh b/heat/cloudinit/boothook.sh
index d19015a21a..0b8b219f8d 100755
--- a/heat/cloudinit/boothook.sh
+++ b/heat/cloudinit/boothook.sh
@@ -1,5 +1,9 @@
 #!/bin/bash
-command -v setenforce >/dev/null 2>&1 && setenforce 0
+
+# FIXME(shadower) The `useradd` and `sudoers` lines are a workaround for
+# cloud-init 0.6.3 present in Ubuntu 12.04 LTS:
+# https://bugs.launchpad.net/heat/+bug/1257410
+# Once we drop support for it, we can safely remove them.
 useradd -m @INSTANCE_USER@
 echo -e '@INSTANCE_USER@\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
 
diff --git a/heat/cloudinit/config b/heat/cloudinit/config
index a0d1d1ae95..555900881c 100644
--- a/heat/cloudinit/config
+++ b/heat/cloudinit/config
@@ -1,3 +1,7 @@
+# Set the SSH key provided by Nova to this user.
+# On cloud-init 0.7.x (anything except Ubuntu 12.04 LTS which ships 0.6.3) this
+# also creates the user and sets up passwordless sudo if the user isn't present
+# already.
 user: @INSTANCE_USER@
 
 # Capture all subprocess output into a logfile