Refactor and enable shell access
When installing from binary, packaging tools create a user for Keystone which does not have a shell. This results in fernet token operations failing due to the fact that `rsync` cannot connect over SSH because the Keystone user cannot login. This patch addresses this issue by enabling shell access to the Keystone user, it also refactors the Nova SSH controller to use the pre-existing macro. Change-Id: Ic753a94311c5d7d72a82d91c1279dfe982e9afbd Related-Bug: #1617902
This commit is contained in:
parent
6d1f01b100
commit
b68bdabbb4
|
@ -5,6 +5,8 @@ MAINTAINER {{ maintainer }}
|
|||
|
||||
{% import "macros.j2" as macros with context %}
|
||||
|
||||
{{ macros.configure_user(name='keystone', shell='/bin/bash') }}
|
||||
|
||||
{% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
|
||||
{% set keystone_ssh_packages = [
|
||||
'openssh-server',
|
||||
|
|
|
@ -5,6 +5,8 @@ MAINTAINER {{ maintainer }}
|
|||
|
||||
{% import "macros.j2" as macros with context %}
|
||||
|
||||
{{ macros.configure_user(name='nova', shell='/bin/bash') }}
|
||||
|
||||
{% set nova_ssh_packages = [
|
||||
'openssh-server'
|
||||
] %}
|
||||
|
@ -18,8 +20,7 @@ RUN mkdir -p /var/run/sshd \
|
|||
|
||||
{{ macros.install_packages(nova_ssh_packages | customizable("packages")) }}
|
||||
|
||||
RUN chsh -s /bin/bash nova \
|
||||
&& sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd
|
||||
RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd
|
||||
|
||||
COPY extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
RUN chmod 755 /usr/local/bin/kolla_extend_start
|
||||
|
|
Loading…
Reference in New Issue