Fix the qemu has nova permission in nova instances folder

Fix the permission issue on different distro * In CentOS, add the qemu to nova group in CentOS * In Ubuntu, add the nova to libvirtd group Co-Authored-By: Steven Dake <stdake@cisco.com> Change-Id: I1f4f9ce29abf0d788965fe94d8918b10a7169a75 Closes-Bug: #1568012
2016-04-08 23:42:59 +08:00 · 2016-04-08 23:42:59 +08:00 · ad1461f46d
commit ad1461f46d
parent fda9444ea6
5 changed files with 9 additions and 15 deletions
--- a/docker/nova/nova-base/Dockerfile.j2
+++ b/docker/nova/nova-base/Dockerfile.j2
@ -45,7 +45,8 @@ RUN apt-get install -y --no-install-recommends \

 ADD nova-base-archive /nova-base-source
 RUN ln -s nova-base-source/* nova \
-    && useradd --user-group --home-dir /var/lib/nova nova \
+    && useradd --user-group --create-home --home-dir /var/lib/nova nova \
+    && chmod 755 /var/lib/nova \
    && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /nova \
    && mkdir -p /etc/nova /var/lib/nova \
    && cp -r /nova/etc/nova/* /etc/nova/ \
--- a/docker/nova/nova-compute/Dockerfile.j2
+++ b/docker/nova/nova-compute/Dockerfile.j2
@ -55,11 +55,8 @@ RUN /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements

 {% endif %}

-COPY nova_compute_sudoers /etc/sudoers.d/nova_compute_sudoers
 COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start
 RUN chmod 755 /usr/local/bin/kolla_nova_extend_start \
-    && chmod 750 /etc/sudoers.d \
-    && chmod 440 /etc/sudoers.d/nova_compute_sudoers \
    && rm -f /etc/machine-id

 {{ include_footer }}
--- a/docker/nova/nova-compute/extend_start.sh
+++ b/docker/nova/nova-compute/extend_start.sh
@ -3,11 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo chown nova: /var/lib/nova/
    mkdir -p /var/lib/nova/instances
-    # Only update permissions if permissions need to be updated
-    if [[ $(stat -c %U:%G /var/lib/nova/instances) != "nova:nova" ]]; then
-        sudo chown nova: /var/lib/nova/instances
-    fi
    exit 0
 fi
--- a/docker/nova/nova-compute/nova_compute_sudoers
+++ b/docker/nova/nova-compute/nova_compute_sudoers
@ -1 +0,0 @@
-%kolla ALL=(root) NOPASSWD: /usr/bin/chown nova\: /var/lib/nova/, /bin/chown nova\: /var/lib/nova/
--- a/docker/nova/nova-libvirt/Dockerfile.j2
+++ b/docker/nova/nova-libvirt/Dockerfile.j2
@ -1,4 +1,4 @@
-FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
 MAINTAINER {{ maintainer }}

 {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
@ -11,7 +11,9 @@ RUN yum -y install \
        libvirt-daemon-config-nwfilter \
        libvirt-daemon-driver-lxc \
        ceph-common \
-    && yum clean all
+    && yum clean all \
+    && usermod -a -G nova qemu
+

 {% elif base_distro in ['ubuntu', 'debian'] %}

@ -27,12 +29,12 @@ RUN apt-get install -y --no-install-recommends \
    && apt-get clean \
    && mkdir -p /etc/ceph \
    && rm /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/autostart/default.xml \
-    && sed -i 's|.*stdio_handler.*|stdio_handler = "file"|' /etc/libvirt/qemu.conf
+    && sed -i 's|.*stdio_handler.*|stdio_handler = "file"|' /etc/libvirt/qemu.conf \
+    && usermod -a -G libvirtd nova

 {% endif %}

 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start \
-    && useradd --user-group nova
+RUN chmod 755 /usr/local/bin/kolla_extend_start

 {{ include_footer }}
				`@ -1 +0,0 @@`
				`%kolla ALL=(root) NOPASSWD: /usr/bin/chown nova\: /var/lib/nova/, /bin/chown nova\: /var/lib/nova/`