Fix the qemu has nova permission in nova instances folder

Fix the permission issue on different distro
* In CentOS, add the qemu to nova group in CentOS
* In Ubuntu, add the nova to libvirtd group

Co-Authored-By: Steven Dake <stdake@cisco.com>
Change-Id: I1f4f9ce29abf0d788965fe94d8918b10a7169a75
Closes-Bug: #1568012
This commit is contained in:
Jeffrey Zhang 2016-04-08 23:42:59 +08:00 committed by Steven Dake
parent fda9444ea6
commit ad1461f46d
5 changed files with 9 additions and 15 deletions

View File

@ -45,7 +45,8 @@ RUN apt-get install -y --no-install-recommends \
ADD nova-base-archive /nova-base-source ADD nova-base-archive /nova-base-source
RUN ln -s nova-base-source/* nova \ RUN ln -s nova-base-source/* nova \
&& useradd --user-group --home-dir /var/lib/nova nova \ && useradd --user-group --create-home --home-dir /var/lib/nova nova \
&& chmod 755 /var/lib/nova \
&& /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /nova \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /nova \
&& mkdir -p /etc/nova /var/lib/nova \ && mkdir -p /etc/nova /var/lib/nova \
&& cp -r /nova/etc/nova/* /etc/nova/ \ && cp -r /nova/etc/nova/* /etc/nova/ \

View File

@ -55,11 +55,8 @@ RUN /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements
{% endif %} {% endif %}
COPY nova_compute_sudoers /etc/sudoers.d/nova_compute_sudoers
COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start
RUN chmod 755 /usr/local/bin/kolla_nova_extend_start \ RUN chmod 755 /usr/local/bin/kolla_nova_extend_start \
&& chmod 750 /etc/sudoers.d \
&& chmod 440 /etc/sudoers.d/nova_compute_sudoers \
&& rm -f /etc/machine-id && rm -f /etc/machine-id
{{ include_footer }} {{ include_footer }}

View File

@ -3,11 +3,6 @@
# Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
# of the KOLLA_BOOTSTRAP variable being set, including empty. # of the KOLLA_BOOTSTRAP variable being set, including empty.
if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
sudo chown nova: /var/lib/nova/
mkdir -p /var/lib/nova/instances mkdir -p /var/lib/nova/instances
# Only update permissions if permissions need to be updated
if [[ $(stat -c %U:%G /var/lib/nova/instances) != "nova:nova" ]]; then
sudo chown nova: /var/lib/nova/instances
fi
exit 0 exit 0
fi fi

View File

@ -1 +0,0 @@
%kolla ALL=(root) NOPASSWD: /usr/bin/chown nova\: /var/lib/nova/, /bin/chown nova\: /var/lib/nova/

View File

@ -1,4 +1,4 @@
FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }} FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
MAINTAINER {{ maintainer }} MAINTAINER {{ maintainer }}
{% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
@ -11,7 +11,9 @@ RUN yum -y install \
libvirt-daemon-config-nwfilter \ libvirt-daemon-config-nwfilter \
libvirt-daemon-driver-lxc \ libvirt-daemon-driver-lxc \
ceph-common \ ceph-common \
&& yum clean all && yum clean all \
&& usermod -a -G nova qemu
{% elif base_distro in ['ubuntu', 'debian'] %} {% elif base_distro in ['ubuntu', 'debian'] %}
@ -27,12 +29,12 @@ RUN apt-get install -y --no-install-recommends \
&& apt-get clean \ && apt-get clean \
&& mkdir -p /etc/ceph \ && mkdir -p /etc/ceph \
&& rm /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/autostart/default.xml \ && rm /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/autostart/default.xml \
&& sed -i 's|.*stdio_handler.*|stdio_handler = "file"|' /etc/libvirt/qemu.conf && sed -i 's|.*stdio_handler.*|stdio_handler = "file"|' /etc/libvirt/qemu.conf \
&& usermod -a -G libvirtd nova
{% endif %} {% endif %}
COPY extend_start.sh /usr/local/bin/kolla_extend_start COPY extend_start.sh /usr/local/bin/kolla_extend_start
RUN chmod 755 /usr/local/bin/kolla_extend_start \ RUN chmod 755 /usr/local/bin/kolla_extend_start
&& useradd --user-group nova
{{ include_footer }} {{ include_footer }}