Refactor and enable shell access

When installing from binary, packaging tools create a user for Keystone which does not have a shell. This results in fernet token operations failing due to the fact that `rsync` cannot connect over SSH because the Keystone user cannot login. This patch addresses this issue by enabling shell access to the Keystone user, it also refactors the Nova SSH controller to use the pre-existing macro. Change-Id: Ic753a94311c5d7d72a82d91c1279dfe982e9afbd Related-Bug: #1617902
2017-03-14 20:09:58 -04:00 · 2017-03-14 20:09:58 -04:00 · b68bdabbb4
parent 6d1f01b100
commit b68bdabbb4
2 changed files with 5 additions and 2 deletions
--- a/docker/keystone/keystone-ssh/Dockerfile.j2
+++ b/docker/keystone/keystone-ssh/Dockerfile.j2
@ -5,6 +5,8 @@ MAINTAINER {{ maintainer }}

 {% import "macros.j2" as macros with context %}

+{{ macros.configure_user(name='keystone', shell='/bin/bash') }}
+
 {% if base_distro in ['centos', 'oraclelinux', 'rhel'] %}
    {% set keystone_ssh_packages = [
        'openssh-server',
--- a/docker/nova/nova-ssh/Dockerfile.j2
+++ b/docker/nova/nova-ssh/Dockerfile.j2
@ -5,6 +5,8 @@ MAINTAINER {{ maintainer }}

 {% import "macros.j2" as macros with context %}

+{{ macros.configure_user(name='nova', shell='/bin/bash') }}
+
 {% set nova_ssh_packages = [
    'openssh-server'
 ] %}
@ -18,8 +20,7 @@ RUN mkdir -p /var/run/sshd \

 {{ macros.install_packages(nova_ssh_packages | customizable("packages")) }}

-RUN chsh -s /bin/bash nova \
-    && sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd
+RUN sed -ri 's/session(\s+)required(\s+)pam_loginuid.so/session\1optional\2pam_loginuid.so/' /etc/pam.d/sshd

 COPY extend_start.sh /usr/local/bin/kolla_extend_start
 RUN chmod 755 /usr/local/bin/kolla_extend_start