Avoid hard-coding OS user/group in each manifest
and replace hard-codes by definition in params.pp . This change renames nova_user and nova_group to user and group, so that the consistent variable names are used to define os user and group. Change-Id: I5dfdc8588df3091412298507d93097388444e10b
This commit is contained in:
parent
32371f4afd
commit
39b2d75f69
@ -18,7 +18,7 @@ class nova::cell_v2::discover_hosts (
|
||||
exec { 'nova-cell_v2-discover_hosts':
|
||||
path => ['/bin', '/usr/bin'],
|
||||
command => "nova-manage ${extra_params} cell_v2 discover_hosts",
|
||||
user => $::nova::params::nova_user,
|
||||
user => $::nova::params::user,
|
||||
refreshonly => true,
|
||||
subscribe => Anchor['nova::service::end']
|
||||
}
|
||||
|
@ -21,7 +21,7 @@ class nova::cell_v2::map_cell0 (
|
||||
exec { 'nova-cell_v2-map_cell0':
|
||||
path => ['/bin', '/usr/bin'],
|
||||
command => "nova-manage ${extra_params} cell_v2 map_cell0",
|
||||
user => $::nova::params::nova_user,
|
||||
user => $::nova::params::user,
|
||||
refreshonly => true,
|
||||
logoutput => on_failure,
|
||||
subscribe => Anchor['nova::cell_v2::begin'],
|
||||
|
@ -18,7 +18,7 @@ class nova::cell_v2::map_cell_and_hosts (
|
||||
exec { 'nova-cell_v2-map_cell_and_hosts':
|
||||
path => ['/bin', '/usr/bin'],
|
||||
command => "nova-manage ${extra_params} cell_v2 map_cell_and_hosts",
|
||||
user => $::nova::params::nova_user,
|
||||
user => $::nova::params::user,
|
||||
refreshonly => true,
|
||||
}
|
||||
}
|
||||
|
@ -43,7 +43,7 @@ class nova::cell_v2::map_instances (
|
||||
exec { 'nova-cell_v2-map_instances':
|
||||
path => ['/bin', '/usr/bin'],
|
||||
command => "nova-manage ${extra_params} cell_v2 map_instances --cell_uuid=${cell_uuid_real}",
|
||||
user => $::nova::params::nova_user,
|
||||
user => $::nova::params::user,
|
||||
refreshonly => true,
|
||||
}
|
||||
}
|
||||
|
@ -83,8 +83,8 @@ class nova::compute::provider (
|
||||
file { "${config_location}":
|
||||
ensure => directory,
|
||||
mode => '0750',
|
||||
owner => $::nova::params::nova_user,
|
||||
group => $::nova::params::nova_group,
|
||||
owner => $::nova::params::user,
|
||||
group => $::nova::params::group,
|
||||
require => Anchor['nova::config::begin'],
|
||||
before => Anchor['nova::config::end'],
|
||||
}
|
||||
@ -93,8 +93,8 @@ class nova::compute::provider (
|
||||
file { "${config_location}/${config_file}":
|
||||
ensure => file,
|
||||
mode => '0640',
|
||||
owner => $::nova::params::nova_user,
|
||||
group => $::nova::params::nova_group,
|
||||
owner => $::nova::params::user,
|
||||
group => $::nova::params::group,
|
||||
content => template('nova/provider.yaml.erb'),
|
||||
require => Anchor['nova::config::begin'],
|
||||
}
|
||||
|
@ -43,8 +43,7 @@
|
||||
#
|
||||
# [*user*]
|
||||
# (optional) User with access to nova files.
|
||||
# nova::params::nova_user will be used if this is undef.
|
||||
# Defaults to undef.
|
||||
# Defaults to $::nova::params::user.
|
||||
#
|
||||
# [*destination*]
|
||||
# (optional) Path to file to which rows should be archived
|
||||
@ -96,7 +95,7 @@ class nova::cron::archive_deleted_rows (
|
||||
$month = '*',
|
||||
$weekday = '*',
|
||||
$max_rows = '100',
|
||||
$user = undef,
|
||||
$user = $::nova::params::user,
|
||||
$destination = '/var/log/nova/nova-rowsflush.log',
|
||||
$until_complete = false,
|
||||
$purge = false,
|
||||
@ -106,10 +105,9 @@ class nova::cron::archive_deleted_rows (
|
||||
$sleep = undef,
|
||||
$verbose = false,
|
||||
$maxdelay = 0,
|
||||
) {
|
||||
) inherits nova::params {
|
||||
|
||||
include nova::deps
|
||||
include nova::params
|
||||
|
||||
if $until_complete {
|
||||
$until_complete_real = ' --until-complete'
|
||||
@ -171,7 +169,7 @@ class nova::cron::archive_deleted_rows (
|
||||
command => "${delay_cmd}${cron_cmd}${purge_real} --max_rows ${max_rows}${verbose_real}${age_real}${until_complete_real}${all_cells_real}${task_log_real}${sleep_real} >>${destination} 2>&1",
|
||||
# lint:endignore
|
||||
environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
||||
user => pick($user, $::nova::params::nova_user),
|
||||
user => $user,
|
||||
minute => $minute,
|
||||
hour => $hour,
|
||||
monthday => $monthday,
|
||||
|
@ -36,8 +36,7 @@
|
||||
#
|
||||
# [*user*]
|
||||
# (optional) User with access to nova files.
|
||||
# nova::params::nova_user will be used if this is undef.
|
||||
# Defaults to undef.
|
||||
# Defaults to $::nova::params::user.
|
||||
#
|
||||
# [*destination*]
|
||||
# (optional) Path to file to which rows should be archived
|
||||
@ -68,13 +67,13 @@ class nova::cron::purge_shadow_tables (
|
||||
$monthday = '*',
|
||||
$month = '*',
|
||||
$weekday = '*',
|
||||
$user = undef,
|
||||
$user = $::nova::params::user,
|
||||
$destination = '/var/log/nova/nova-rowspurge.log',
|
||||
$age = 14,
|
||||
$all_cells = false,
|
||||
$verbose = false,
|
||||
$maxdelay = 0,
|
||||
) {
|
||||
) inherits nova::params {
|
||||
|
||||
include nova::deps
|
||||
include nova::params
|
||||
@ -106,7 +105,7 @@ class nova::cron::purge_shadow_tables (
|
||||
command => "${delay_cmd}${cron_cmd} --before `date --date='today - ${age} days' +\\%D`${verbose_real}${all_cells_real} >>${destination} 2>&1",
|
||||
# lint:endignore
|
||||
environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
|
||||
user => pick($user, $::nova::params::nova_user),
|
||||
user => $user,
|
||||
minute => $minute,
|
||||
hour => $hour,
|
||||
monthday => $monthday,
|
||||
|
@ -23,7 +23,7 @@ class nova::db::online_data_migrations(
|
||||
|
||||
exec { 'nova-db-online-data-migrations':
|
||||
command => "/usr/bin/nova-manage ${extra_params} db online_data_migrations",
|
||||
user => $::nova::params::nova_user,
|
||||
user => $::nova::params::user,
|
||||
refreshonly => true,
|
||||
try_sleep => 5,
|
||||
tries => 10,
|
||||
|
@ -23,7 +23,7 @@ class nova::db::sync(
|
||||
|
||||
exec { 'nova-db-sync':
|
||||
command => "/usr/bin/nova-manage ${extra_params} db sync",
|
||||
user => $::nova::params::nova_user,
|
||||
user => $::nova::params::user,
|
||||
refreshonly => true,
|
||||
try_sleep => 5,
|
||||
tries => 10,
|
||||
|
@ -32,7 +32,7 @@ class nova::db::sync_api(
|
||||
|
||||
exec { 'nova-db-sync-api':
|
||||
command => "/usr/bin/nova-manage ${extra_params} api_db sync",
|
||||
user => $::nova::params::nova_user,
|
||||
user => $::nova::params::user,
|
||||
refreshonly => true,
|
||||
try_sleep => 5,
|
||||
tries => 10,
|
||||
|
@ -534,8 +534,8 @@ Use nova::cinder::cross_az_attach instead.')
|
||||
file { '/var/lib/nova/.ssh':
|
||||
ensure => directory,
|
||||
mode => '0700',
|
||||
owner => $::nova::params::nova_user,
|
||||
group => $::nova::params::nova_group,
|
||||
owner => $::nova::params::user,
|
||||
group => $::nova::params::group,
|
||||
require => Anchor['nova::config::begin'],
|
||||
before => Anchor['nova::config::end'],
|
||||
}
|
||||
@ -549,7 +549,7 @@ Use nova::cinder::cross_az_attach instead.')
|
||||
ensure => present,
|
||||
key => $nova_public_key['key'],
|
||||
type => $nova_public_key['type'],
|
||||
user => 'nova',
|
||||
user => $::nova::params::user,
|
||||
require => File['/var/lib/nova/.ssh'],
|
||||
}
|
||||
}
|
||||
@ -574,8 +574,8 @@ but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa.")
|
||||
file { $nova_private_key_file:
|
||||
content => $nova_private_key[key],
|
||||
mode => '0600',
|
||||
owner => $::nova::params::nova_user,
|
||||
group => $::nova::params::nova_group,
|
||||
owner => $::nova::params::user,
|
||||
group => $::nova::params::group,
|
||||
require => File['/var/lib/nova/.ssh'],
|
||||
}
|
||||
}
|
||||
|
@ -131,8 +131,8 @@ class nova::logging(
|
||||
# This should force an update the selinux role if the logfile exists.
|
||||
# It will be incorrect if the file was created by the dbsync exec resources.
|
||||
file { "${log_dir}/nova-manage.log":
|
||||
owner => $::nova::params::nova_user,
|
||||
group => $::nova::params::nova_group,
|
||||
owner => $::nova::params::user,
|
||||
group => $::nova::params::group,
|
||||
require => Anchor['nova::service::end']
|
||||
}
|
||||
}
|
||||
|
@ -6,8 +6,13 @@ class nova::params {
|
||||
include openstacklib::defaults
|
||||
|
||||
$client_package = 'python3-novaclient'
|
||||
$user = 'nova'
|
||||
$group = 'nova'
|
||||
|
||||
# NOTE(tkajinam) These are kept for backword compatibility
|
||||
$nova_user = $user
|
||||
$nova_group = $group
|
||||
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
# package names
|
||||
@ -57,8 +62,6 @@ class nova::params {
|
||||
$nova_api_wsgi_script_source = '/usr/bin/nova-api-wsgi'
|
||||
$nova_metadata_wsgi_script_source = '/usr/bin/nova-metadata-wsgi'
|
||||
$messagebus_service_name = 'dbus'
|
||||
$nova_user = 'nova'
|
||||
$nova_group = 'nova'
|
||||
if $::operatingsystemmajrelease >= '9' {
|
||||
$mkisofs_package_name = 'xorriso'
|
||||
$mkisofs_cmd = 'mkisofs'
|
||||
@ -133,8 +136,6 @@ class nova::params {
|
||||
}
|
||||
}
|
||||
$libvirt_service_name = 'libvirtd'
|
||||
$nova_user = 'nova'
|
||||
$nova_group = 'nova'
|
||||
}
|
||||
default: {
|
||||
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, \
|
||||
|
@ -143,7 +143,7 @@ class nova::wsgi::apache_api (
|
||||
::openstacklib::wsgi::apache { 'nova_api_wsgi':
|
||||
bind_host => $bind_host,
|
||||
bind_port => $api_port,
|
||||
group => 'nova',
|
||||
group => $::nova::params::group,
|
||||
path => $path,
|
||||
priority => $priority,
|
||||
servername => $servername,
|
||||
@ -156,7 +156,7 @@ class nova::wsgi::apache_api (
|
||||
ssl_crl_path => $ssl_crl_path,
|
||||
ssl_key => $ssl_key,
|
||||
threads => $threads,
|
||||
user => 'nova',
|
||||
user => $::nova::params::user,
|
||||
vhost_custom_fragment => $vhost_custom_fragment,
|
||||
workers => $workers,
|
||||
wsgi_daemon_process => 'nova-api',
|
||||
|
@ -138,7 +138,7 @@ class nova::wsgi::apache_metadata (
|
||||
::openstacklib::wsgi::apache { 'nova_metadata_wsgi':
|
||||
bind_host => $bind_host,
|
||||
bind_port => $api_port,
|
||||
group => 'nova',
|
||||
group => $::nova::params::group,
|
||||
path => $path,
|
||||
priority => $priority,
|
||||
servername => $servername,
|
||||
@ -151,7 +151,7 @@ class nova::wsgi::apache_metadata (
|
||||
ssl_crl_path => $ssl_crl_path,
|
||||
ssl_key => $ssl_key,
|
||||
threads => $threads,
|
||||
user => 'nova',
|
||||
user => $::nova::params::user,
|
||||
vhost_custom_fragment => $vhost_custom_fragment,
|
||||
workers => $workers,
|
||||
wsgi_daemon_process => 'nova-metadata',
|
||||
|
Loading…
Reference in New Issue
Block a user