From 8384ab2c4e4fd7b436827d995d6a60852282d32f Mon Sep 17 00:00:00 2001 From: Mohammed Naser Date: Tue, 14 Mar 2017 20:09:58 -0400 Subject: [PATCH] Refactor and enable shell access When installing from binary, packaging tools create a user for Keystone which does not have a shell. This results in fernet token operations failing due to the fact that `rsync` cannot connect over SSH because the Keystone user cannot login. This patch addresses this issue by enabling shell access to the Keystone user, it also refactors the Nova SSH controller to use the pre-existing macro. Change-Id: Ic753a94311c5d7d72a82d91c1279dfe982e9afbd Related-Bug: #1617902 --- docker/keystone/keystone-ssh/Dockerfile.j2 | 2 ++ docker/nova/nova-ssh/Dockerfile.j2 | 5 +++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/docker/keystone/keystone-ssh/Dockerfile.j2 b/docker/keystone/keystone-ssh/Dockerfile.j2 index 51314cdc82..2f919fe9c1 100644 --- a/docker/keystone/keystone-ssh/Dockerfile.j2 +++ b/docker/keystone/keystone-ssh/Dockerfile.j2 @@ -5,6 +5,8 @@ MAINTAINER {{ maintainer }} {% import "macros.j2" as macros with context %} +{{ macros.configure_user(name='keystone', shell='/bin/bash') }} + {% if base_distro in ['centos', 'oraclelinux', 'rhel'] %} {% set keystone_ssh_packages = [ 'openssh-server', diff --git a/docker/nova/nova-ssh/Dockerfile.j2 b/docker/nova/nova-ssh/Dockerfile.j2 index 98bee70f13..f54f4cdc60 100644 --- a/docker/nova/nova-ssh/Dockerfile.j2 +++ b/docker/nova/nova-ssh/Dockerfile.j2 @@ -5,6 +5,8 @@ MAINTAINER {{ maintainer }} {% import "macros.j2" as macros with context %} +{{ macros.configure_user(name='nova', shell='/bin/bash') }} + {% set nova_ssh_packages = [ 'openssh-server' ] %} @@ -18,8 +20,7 @@ RUN mkdir -p /var/run/sshd \ {{ macros.install_packages(nova_ssh_packages | customizable("packages")) }} -RUN chsh -s /bin/bash nova \ - && sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd +RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd COPY extend_start.sh /usr/local/bin/kolla_extend_start RUN chmod 755 /usr/local/bin/kolla_extend_start