Avoid hard-coding OS user/group in each manifest

and replace hard-codes by definition in params.pp . This change
renames nova_user and nova_group to user and group, so that
the consistent variable names are used to define os user and group.

Change-Id: I5dfdc8588df3091412298507d93097388444e10b
This commit is contained in:
Takashi Kajinami 2022-02-21 01:27:29 +09:00
parent 32371f4afd
commit 39b2d75f69
15 changed files with 35 additions and 37 deletions

View File

@ -18,7 +18,7 @@ class nova::cell_v2::discover_hosts (
exec { 'nova-cell_v2-discover_hosts':
path => ['/bin', '/usr/bin'],
command => "nova-manage ${extra_params} cell_v2 discover_hosts",
user => $::nova::params::nova_user,
user => $::nova::params::user,
refreshonly => true,
subscribe => Anchor['nova::service::end']
}

View File

@ -21,7 +21,7 @@ class nova::cell_v2::map_cell0 (
exec { 'nova-cell_v2-map_cell0':
path => ['/bin', '/usr/bin'],
command => "nova-manage ${extra_params} cell_v2 map_cell0",
user => $::nova::params::nova_user,
user => $::nova::params::user,
refreshonly => true,
logoutput => on_failure,
subscribe => Anchor['nova::cell_v2::begin'],

View File

@ -18,7 +18,7 @@ class nova::cell_v2::map_cell_and_hosts (
exec { 'nova-cell_v2-map_cell_and_hosts':
path => ['/bin', '/usr/bin'],
command => "nova-manage ${extra_params} cell_v2 map_cell_and_hosts",
user => $::nova::params::nova_user,
user => $::nova::params::user,
refreshonly => true,
}
}

View File

@ -43,7 +43,7 @@ class nova::cell_v2::map_instances (
exec { 'nova-cell_v2-map_instances':
path => ['/bin', '/usr/bin'],
command => "nova-manage ${extra_params} cell_v2 map_instances --cell_uuid=${cell_uuid_real}",
user => $::nova::params::nova_user,
user => $::nova::params::user,
refreshonly => true,
}
}

View File

@ -83,8 +83,8 @@ class nova::compute::provider (
file { "${config_location}":
ensure => directory,
mode => '0750',
owner => $::nova::params::nova_user,
group => $::nova::params::nova_group,
owner => $::nova::params::user,
group => $::nova::params::group,
require => Anchor['nova::config::begin'],
before => Anchor['nova::config::end'],
}
@ -93,8 +93,8 @@ class nova::compute::provider (
file { "${config_location}/${config_file}":
ensure => file,
mode => '0640',
owner => $::nova::params::nova_user,
group => $::nova::params::nova_group,
owner => $::nova::params::user,
group => $::nova::params::group,
content => template('nova/provider.yaml.erb'),
require => Anchor['nova::config::begin'],
}

View File

@ -43,8 +43,7 @@
#
# [*user*]
# (optional) User with access to nova files.
# nova::params::nova_user will be used if this is undef.
# Defaults to undef.
# Defaults to $::nova::params::user.
#
# [*destination*]
# (optional) Path to file to which rows should be archived
@ -96,7 +95,7 @@ class nova::cron::archive_deleted_rows (
$month = '*',
$weekday = '*',
$max_rows = '100',
$user = undef,
$user = $::nova::params::user,
$destination = '/var/log/nova/nova-rowsflush.log',
$until_complete = false,
$purge = false,
@ -106,10 +105,9 @@ class nova::cron::archive_deleted_rows (
$sleep = undef,
$verbose = false,
$maxdelay = 0,
) {
) inherits nova::params {
include nova::deps
include nova::params
if $until_complete {
$until_complete_real = ' --until-complete'
@ -171,7 +169,7 @@ class nova::cron::archive_deleted_rows (
command => "${delay_cmd}${cron_cmd}${purge_real} --max_rows ${max_rows}${verbose_real}${age_real}${until_complete_real}${all_cells_real}${task_log_real}${sleep_real} >>${destination} 2>&1",
# lint:endignore
environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
user => pick($user, $::nova::params::nova_user),
user => $user,
minute => $minute,
hour => $hour,
monthday => $monthday,

View File

@ -36,8 +36,7 @@
#
# [*user*]
# (optional) User with access to nova files.
# nova::params::nova_user will be used if this is undef.
# Defaults to undef.
# Defaults to $::nova::params::user.
#
# [*destination*]
# (optional) Path to file to which rows should be archived
@ -68,13 +67,13 @@ class nova::cron::purge_shadow_tables (
$monthday = '*',
$month = '*',
$weekday = '*',
$user = undef,
$user = $::nova::params::user,
$destination = '/var/log/nova/nova-rowspurge.log',
$age = 14,
$all_cells = false,
$verbose = false,
$maxdelay = 0,
) {
) inherits nova::params {
include nova::deps
include nova::params
@ -106,7 +105,7 @@ class nova::cron::purge_shadow_tables (
command => "${delay_cmd}${cron_cmd} --before `date --date='today - ${age} days' +\\%D`${verbose_real}${all_cells_real} >>${destination} 2>&1",
# lint:endignore
environment => 'PATH=/bin:/usr/bin:/usr/sbin SHELL=/bin/sh',
user => pick($user, $::nova::params::nova_user),
user => $user,
minute => $minute,
hour => $hour,
monthday => $monthday,

View File

@ -23,7 +23,7 @@ class nova::db::online_data_migrations(
exec { 'nova-db-online-data-migrations':
command => "/usr/bin/nova-manage ${extra_params} db online_data_migrations",
user => $::nova::params::nova_user,
user => $::nova::params::user,
refreshonly => true,
try_sleep => 5,
tries => 10,

View File

@ -23,7 +23,7 @@ class nova::db::sync(
exec { 'nova-db-sync':
command => "/usr/bin/nova-manage ${extra_params} db sync",
user => $::nova::params::nova_user,
user => $::nova::params::user,
refreshonly => true,
try_sleep => 5,
tries => 10,

View File

@ -32,7 +32,7 @@ class nova::db::sync_api(
exec { 'nova-db-sync-api':
command => "/usr/bin/nova-manage ${extra_params} api_db sync",
user => $::nova::params::nova_user,
user => $::nova::params::user,
refreshonly => true,
try_sleep => 5,
tries => 10,

View File

@ -534,8 +534,8 @@ Use nova::cinder::cross_az_attach instead.')
file { '/var/lib/nova/.ssh':
ensure => directory,
mode => '0700',
owner => $::nova::params::nova_user,
group => $::nova::params::nova_group,
owner => $::nova::params::user,
group => $::nova::params::group,
require => Anchor['nova::config::begin'],
before => Anchor['nova::config::end'],
}
@ -549,7 +549,7 @@ Use nova::cinder::cross_az_attach instead.')
ensure => present,
key => $nova_public_key['key'],
type => $nova_public_key['type'],
user => 'nova',
user => $::nova::params::user,
require => File['/var/lib/nova/.ssh'],
}
}
@ -574,8 +574,8 @@ but should be one of: ssh-rsa, ssh-dsa, ssh-ecdsa.")
file { $nova_private_key_file:
content => $nova_private_key[key],
mode => '0600',
owner => $::nova::params::nova_user,
group => $::nova::params::nova_group,
owner => $::nova::params::user,
group => $::nova::params::group,
require => File['/var/lib/nova/.ssh'],
}
}

View File

@ -131,8 +131,8 @@ class nova::logging(
# This should force an update the selinux role if the logfile exists.
# It will be incorrect if the file was created by the dbsync exec resources.
file { "${log_dir}/nova-manage.log":
owner => $::nova::params::nova_user,
group => $::nova::params::nova_group,
owner => $::nova::params::user,
group => $::nova::params::group,
require => Anchor['nova::service::end']
}
}

View File

@ -6,8 +6,13 @@ class nova::params {
include openstacklib::defaults
$client_package = 'python3-novaclient'
$user = 'nova'
$group = 'nova'
# NOTE(tkajinam) These are kept for backword compatibility
$nova_user = $user
$nova_group = $group
case $::osfamily {
'RedHat': {
# package names
@ -57,8 +62,6 @@ class nova::params {
$nova_api_wsgi_script_source = '/usr/bin/nova-api-wsgi'
$nova_metadata_wsgi_script_source = '/usr/bin/nova-metadata-wsgi'
$messagebus_service_name = 'dbus'
$nova_user = 'nova'
$nova_group = 'nova'
if $::operatingsystemmajrelease >= '9' {
$mkisofs_package_name = 'xorriso'
$mkisofs_cmd = 'mkisofs'
@ -133,8 +136,6 @@ class nova::params {
}
}
$libvirt_service_name = 'libvirtd'
$nova_user = 'nova'
$nova_group = 'nova'
}
default: {
fail("Unsupported osfamily: ${::osfamily} operatingsystem: ${::operatingsystem}, \

View File

@ -143,7 +143,7 @@ class nova::wsgi::apache_api (
::openstacklib::wsgi::apache { 'nova_api_wsgi':
bind_host => $bind_host,
bind_port => $api_port,
group => 'nova',
group => $::nova::params::group,
path => $path,
priority => $priority,
servername => $servername,
@ -156,7 +156,7 @@ class nova::wsgi::apache_api (
ssl_crl_path => $ssl_crl_path,
ssl_key => $ssl_key,
threads => $threads,
user => 'nova',
user => $::nova::params::user,
vhost_custom_fragment => $vhost_custom_fragment,
workers => $workers,
wsgi_daemon_process => 'nova-api',

View File

@ -138,7 +138,7 @@ class nova::wsgi::apache_metadata (
::openstacklib::wsgi::apache { 'nova_metadata_wsgi':
bind_host => $bind_host,
bind_port => $api_port,
group => 'nova',
group => $::nova::params::group,
path => $path,
priority => $priority,
servername => $servername,
@ -151,7 +151,7 @@ class nova::wsgi::apache_metadata (
ssl_crl_path => $ssl_crl_path,
ssl_key => $ssl_key,
threads => $threads,
user => 'nova',
user => $::nova::params::user,
vhost_custom_fragment => $vhost_custom_fragment,
workers => $workers,
wsgi_daemon_process => 'nova-metadata',