Fix the qemu has nova permission in nova instances folder

Fix the permission issue on different distro
* In CentOS, add the qemu to nova group in CentOS
* In Ubuntu, add the nova to libvirtd group

Co-Authored-By: Steven Dake <stdake@cisco.com>
Change-Id: I1f4f9ce29abf0d788965fe94d8918b10a7169a75
Closes-Bug: #1568012

docker/nova/nova-base/Dockerfile.j2

@@ -45,7 +45,8 @@ RUN apt-get install -y --no-install-recommends \
 
 ADD nova-base-archive /nova-base-source
 RUN ln -s nova-base-source/* nova \
-    && useradd --user-group --home-dir /var/lib/nova nova \
+    && useradd --user-group --create-home --home-dir /var/lib/nova nova \
+    && chmod 755 /var/lib/nova \
     && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /nova \
     && mkdir -p /etc/nova /var/lib/nova \
     && cp -r /nova/etc/nova/* /etc/nova/ \

docker/nova/nova-compute/Dockerfile.j2

@@ -55,11 +55,8 @@ RUN /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements
 
 {% endif %}
 
-COPY nova_compute_sudoers /etc/sudoers.d/nova_compute_sudoers
 COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start
 RUN chmod 755 /usr/local/bin/kolla_nova_extend_start \
-    && chmod 750 /etc/sudoers.d \
-    && chmod 440 /etc/sudoers.d/nova_compute_sudoers \
     && rm -f /etc/machine-id
 
 {{ include_footer }}

docker/nova/nova-compute/extend_start.sh

@@ -3,11 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo chown nova: /var/lib/nova/
     mkdir -p /var/lib/nova/instances
-    # Only update permissions if permissions need to be updated
-    if [[ $(stat -c %U:%G /var/lib/nova/instances) != "nova:nova" ]]; then
-        sudo chown nova: /var/lib/nova/instances
-    fi
     exit 0
 fi

docker/nova/nova-compute/nova_compute_sudoers

@@ -1 +0,0 @@
-%kolla ALL=(root) NOPASSWD: /usr/bin/chown nova\: /var/lib/nova/, /bin/chown nova\: /var/lib/nova/

docker/nova/nova-libvirt/Dockerfile.j2

@@ -1,4 +1,4 @@
-FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
 MAINTAINER {{ maintainer }}
 
 {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
@@ -11,7 +11,9 @@ RUN yum -y install \
         libvirt-daemon-config-nwfilter \
         libvirt-daemon-driver-lxc \
         ceph-common \
-    && yum clean all
+    && yum clean all \
+    && usermod -a -G nova qemu
+
 
 {% elif base_distro in ['ubuntu', 'debian'] %}
 
@@ -27,12 +29,12 @@ RUN apt-get install -y --no-install-recommends \
     && apt-get clean \
     && mkdir -p /etc/ceph \
     && rm /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/autostart/default.xml \
-    && sed -i 's|.*stdio_handler.*|stdio_handler = "file"|' /etc/libvirt/qemu.conf
+    && sed -i 's|.*stdio_handler.*|stdio_handler = "file"|' /etc/libvirt/qemu.conf \
+    && usermod -a -G libvirtd nova
 
 {% endif %}
 
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start \
+RUN chmod 755 /usr/local/bin/kolla_extend_start
-    && useradd --user-group nova
 
 {{ include_footer }}