Add tss user/group for nova image

When using emulated TPM, needs to set the user/group that swtpm binary runs as. Related-Prod: PRODX-37352 Change-Id: Ife7b0000a66936f3581f968d8825294b71ac3c49
2023-12-08 14:01:27 +01:00
parent 1b578c3d51
commit 97263c21d1
2 changed files with 14 additions and 0 deletions
--- a/8
+++ b/8
@@ -29,11 +29,19 @@ ARG DEBIAN_FRONTEND=noninteractive
 ARG UID=42424
 ARG GID=42424

+# Nova arguments
+# User/group that swtpm binary runs as.
+ARG NOVA_TSS_USER=tss
+ARG NOVA_TSS_UID=42434
+ARG NOVA_TSS_GID=42434
+
 ARG NOVNC_REPO=${NOVNC_REPO:-https://github.com/novnc/novnc}
 ARG NOVNC_REF=${NOVNC_REF:-v1.0.0}
 ARG SPICE_REPO=${SPICE_REPO:-https://gitlab.freedesktop.org/spice/spice-html5.git}
 ARG SPICE_REF=${SPICE_REF:-spice-html5-0.1.6}

+# End Nova arguments
+
 ADD data /tmp/
 COPY scripts /opt/loci/scripts
 ADD bindep.txt pydep.txt $EXTRA_BINDEP $EXTRA_PYDEP /opt/loci/
--- a/scripts/project_specific/nova/02_add_tss_user.sh
+++ b/scripts/project_specific/nova/02_add_tss_user.sh
@@ -0,0 +1,6 @@
+#!/bin/bash
+# When using emulated TPM, the user/group that swtpm binary runs as.
+set -ex
+
+groupadd -g ${NOVA_TSS_GID} ${NOVA_TSS_USER}
+useradd -u ${NOVA_TSS_UID} -g ${NOVA_TSS_USER} -s /usr/sbin/nologin -c "${NOVA_TSS_USER} user" ${NOVA_TSS_USER}