(backward compatibility) create kolla UIDs/GIDs for TCIB
When upgrading container images from Kolla-based to TCIB-based, the
config files can't be read if we don't apply the new chown values unless
we re-use the same UIDs/GIDs as we had with Kolla; which is what we'll
do for now until we figure out an easy way to update config permissions
during the upgrade/update stage.
This introduces a new script, that will be injected in the base layer:
uid_gid_manage.sh
Usage:
./uid_gid_manage.sh qemu nova
It'll first create the qemu user/group, then nova user/group.
The format aims to be simple:
<username> <uid> <gid> <optional homedir> <optional list of extra groups>
It's also removing instances of usermod which aren't needed anymore;
since we create the user / groups only in the images where they are
needed; which wasn't the case for Kolla where all users/groups were
created in the base image.
Note: we create the user/group before installing packaging so if
packaging creates directories and sets permissions, it'll be with the
right UID/GID (unless packaging overrides UID/GID but rarely do it).
Related-Bug: #1890798
Change-Id: If3fa2ff34af42a7438c6dbf81dbcb0bddd63afa6
(cherry picked from commit fb0ec2ffd0)
This commit is contained in:
Emilien Macchi
parent
662b0acd91
commit
5397e9eb4f
|
|
@ -0,0 +1,124 @@
|
|||
#!/bin/bash
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
#
|
||||
# This script maintains compatibility when upgrading kolla images to the
|
||||
# TCIB images. To allow containers reading configuration files, we need to
|
||||
# maintain the same UIDs/GIDs for now until we update file permissions during
|
||||
# update/upgrade tasks.
|
||||
#
|
||||
# Usage:
|
||||
# ./uid_gid_manage.sh qemu nova
|
||||
#
|
||||
# Note: order of args is maintained during the creation.
|
||||
#
|
||||
|
||||
set -o errexit
|
||||
set -o xtrace
|
||||
|
||||
[ -z $1 ] && echo "Argument missing: name of user to create" && exit 1
|
||||
_USERS_TO_CREATE=$@
|
||||
|
||||
declare -A _SUPPORTED_USERS
|
||||
# This comes from kolla/common/config.py.
|
||||
# Format: <username> <uid> <gid> <optional homedir> <optional comma-separated list of extra groups>
|
||||
# Note: if homedir isn't specified, extra groups aren't supported
|
||||
_SUPPORTED_USERS['aodh']='aodh 42402 42402 /var/lib/aodh kolla'
|
||||
_SUPPORTED_USERS['barbican']='barbican 42403 42403 /var/lib/barbican kolla,nfast'
|
||||
_SUPPORTED_USERS['ceilometer']='ceilometer 42405 42405 /var/lib/ceilometer kolla'
|
||||
_SUPPORTED_USERS['cinder']='cinder 42407 42407 /var/lib/cinder kolla'
|
||||
_SUPPORTED_USERS['collectd']='collectd 42409 42409 /var/lib/collectd kolla'
|
||||
_SUPPORTED_USERS['designate']='designate 42411 42411 /var/lib/designate kolla'
|
||||
_SUPPORTED_USERS['etcd']='etcd 42413 42413 /var/lib/etcd kolla'
|
||||
_SUPPORTED_USERS['glance']='glance 42415 42415 /var/lib/glance kolla'
|
||||
_SUPPORTED_USERS['gnocchi']='gnocchi 42416 42416 /var/lib/gnocchi kolla'
|
||||
_SUPPORTED_USERS['haproxy']='haproxy 42454 42454 /var/lib/haproxy kolla'
|
||||
_SUPPORTED_USERS['heat']='heat 42418 42418 /var/lib/heat kolla'
|
||||
_SUPPORTED_USERS['horizon']='horizon 42420 42420 /var/lib/horizon kolla'
|
||||
_SUPPORTED_USERS['hugetlbfs']='hugetlbfs 42477 42477'
|
||||
_SUPPORTED_USERS['ironic']='ironic 42422 42422 /var/lib/ironic kolla'
|
||||
_SUPPORTED_USERS['ironic-inspector']='ironic-inspector 42461 42461 /var/lib/ironic-inspector kolla'
|
||||
_SUPPORTED_USERS['keystone']='keystone 42425 42425 /var/lib/keystone kolla'
|
||||
_SUPPORTED_USERS['kolla']='kolla 42400 42400'
|
||||
_SUPPORTED_USERS['libvirt']='libvirt 42473 42473'
|
||||
_SUPPORTED_USERS['manila']='manila 42429 42429 /var/lib/manila kolla'
|
||||
_SUPPORTED_USERS['memcached']='memcached 42457 42457 /run/memcache kolla'
|
||||
_SUPPORTED_USERS['mistral']='mistral 42430 42430 /var/lib/mistral kolla'
|
||||
_SUPPORTED_USERS['mysql']='mysql 42434 42434 /var/lib/mysql kolla'
|
||||
_SUPPORTED_USERS['neutron']='neutron 42435 42435 /var/lib/neutron kolla'
|
||||
_SUPPORTED_USERS['nfast']='nfast 42481 42481'
|
||||
_SUPPORTED_USERS['nova']='nova 42436 42436 /var/lib/nova qemu,libvirt,kolla'
|
||||
_SUPPORTED_USERS['novajoin']='novajoin 42470 42470 /var/lib/novajoin kolla'
|
||||
_SUPPORTED_USERS['octavia']='octavia 42437 42437 /var/lib/octavia kolla'
|
||||
_SUPPORTED_USERS['openvswitch']='openvswitch 42476 42476'
|
||||
_SUPPORTED_USERS['placement']='placement 42482 42482 /var/lib/placement kolla'
|
||||
_SUPPORTED_USERS['qdrouterd']='qdrouterd 42465 42465 /var/lib/qdrouterd kolla'
|
||||
_SUPPORTED_USERS['qemu']='qemu 42427 42427'
|
||||
_SUPPORTED_USERS['rabbitmq']='rabbitmq 42439 42439 /var/lib/rabbitmq kolla'
|
||||
_SUPPORTED_USERS['redis']='redis 42460 42460 /run/redis kolla'
|
||||
_SUPPORTED_USERS['swift']='swift 42445 42445 /var/lib/swift kolla'
|
||||
_SUPPORTED_USERS['tempest']='tempest 42480 42480 /var/lib/tempest kolla'
|
||||
_SUPPORTED_USERS['zaqar']='zaqar 42452 42452 /var/lib/zaqar kolla'
|
||||
|
||||
for _USER_TO_CREATE in $_USERS_TO_CREATE; do
|
||||
# Initialize computed args
|
||||
_EXTRA_GROUPS_ARG=
|
||||
_EXTRA_PERMS=
|
||||
_HOME_ARGS=
|
||||
|
||||
_NAME=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $1 }')
|
||||
_UID=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $2 }')
|
||||
_GID=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $3 }')
|
||||
_HOME_DIR=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $4 }')
|
||||
_EXTRA_GROUPS=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $5 }')
|
||||
|
||||
# User was not found, we fail
|
||||
if [[ "$_NAME" != "$_USER_TO_CREATE" ]]; then
|
||||
echo "User ${_USER_TO_CREATE} was not found in the supported list"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
if [[ ! -z $_EXTRA_GROUPS ]]; then
|
||||
_EXTRA_GROUPS_ARG="--groups $_EXTRA_GROUPS"
|
||||
fi
|
||||
|
||||
# Some users don't need a home directory
|
||||
if [[ -z $_HOME_DIR ]]; then
|
||||
_HOME_ARGS="-M"
|
||||
else
|
||||
_HOME_ARGS="-m --home $_HOME_DIR"
|
||||
fi
|
||||
|
||||
if id -g $_NAME 2>/dev/null; then
|
||||
_GROUPADD_CMD="groupmod --gid $_GID $_NAME"
|
||||
else
|
||||
_GROUPADD_CMD="groupadd --gid $_GID $_NAME"
|
||||
fi
|
||||
|
||||
if id $_NAME 2>/dev/null; then
|
||||
# -M argument doesn't exist with usermod
|
||||
if [[ -z $_HOME_DIR ]]; then
|
||||
_HOME_ARGS=
|
||||
# usermod doesn't guaranty the home directory permissions (best effort)
|
||||
else
|
||||
_EXTRA_PERMS="&& mkdir -p $_HOME_DIR && chown -R $_UID:$_GID $_HOME_DIR"
|
||||
fi
|
||||
# --append only exists with usermod
|
||||
[ ! -z $_EXTRA_GROUPS_ARG ] && _EXTRA_GROUPS_ARG="--append $_EXTRA_GROUPS_ARG"
|
||||
_USERADD_CMD="usermod ${_HOME_ARGS} --gid $_GID --uid $_UID ${_EXTRA_GROUPS_ARG} $_NAME ${_EXTRA_PERMS}"
|
||||
else
|
||||
_USERADD_CMD="useradd -l ${_HOME_ARGS} --shell /usr/sbin/nologin --uid $_UID --gid $_GID ${_EXTRA_GROUPS_ARG} $_NAME"
|
||||
fi
|
||||
eval $_GROUPADD_CMD
|
||||
eval $_USERADD_CMD
|
||||
done
|
||||
|
|
@ -12,7 +12,9 @@ tcib_actions:
|
|||
crudini --set /etc/dnf/dnf.conf main plugins 1 &&
|
||||
crudini --set /etc/dnf/dnf.conf main skip_missing_names_on_install False &&
|
||||
crudini --set /etc/dnf/dnf.conf main tsflags nodocs
|
||||
- run: groupadd --force --gid 42400 kolla && useradd -l -M --shell /usr/sbin/nologin --uid 42400 --gid 42400 kolla
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/base/uid_gid_manage.sh /usr/local/bin/uid_gid_manage
|
||||
- run: chmod 755 /usr/local/bin/uid_gid_manage
|
||||
- run: bash /usr/local/bin/uid_gid_manage kolla hugetlbfs libvirt qemu
|
||||
- run: touch /usr/local/bin/kolla_extend_start && chmod 755 /usr/local/bin/kolla_extend_start
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/base/set_configs.py /usr/local/bin/kolla_set_configs
|
||||
- run: chmod 755 /usr/local/bin/kolla_set_configs
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage collectd
|
||||
- run: >-
|
||||
if [ '{{ tcib_distro }}' == 'rhel' ]; then
|
||||
{% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}
|
||||
|
|
@ -6,8 +7,7 @@ tcib_actions:
|
|||
- run: if [ "{{ tcib_distro }}" == "rhel" ]; then dnf -y install {{ tcib_packages['rhel'] | join(' ') }}; fi
|
||||
- run: if [ "$(uname -m)" == "x86_64" ]; then dnf -y install {{ tcib_packages['x86_64'] | join(' ') }}; fi
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: mkdir -p /var/lib/collectd && useradd -d /var/lib/collectd -l -M --shell /usr/sbin/nologin collectd && chown collectd:collectd /var/lib/collectd
|
||||
- run: chown -R collectd /var/lib/collectd && chown -R collectd /etc/collectd* && chown -R collectd /var/run/
|
||||
- run: chown -R collectd:collectd /etc/collectd* /var/run/
|
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/collectd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||
tcib_packages:
|
||||
common:
|
||||
|
|
|
|||
|
|
@ -1,4 +1,5 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/etcd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||
tcib_packages:
|
||||
|
|
|
|||
|
|
@ -1,10 +1,10 @@
|
|||
tcib_actions:
|
||||
- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset" > /etc/sudoers.d/security_reset && chmod 640 /etc/sudoers.d/security_reset'
|
||||
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
|
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
- run: chmod 755 /usr/local/bin/kolla_extend_start
|
||||
- run: usermod -a -G kolla {{ tcib_user }}
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/security_reset.expect /usr/local/bin/kolla_security_reset
|
||||
- run: chmod 755 /usr/local/bin/kolla_security_reset
|
||||
- run: rm -rf /var/lib/mysql/* /etc/my.cnf.d/mariadb-server.cnf /etc/my.cnf.d/auth_gssapi.cnf
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
|
||||
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla {{ tcib_user }}
|
||||
- run: mkdir -p /run/memcache && chown -R memcached:memcached /run/memcache
|
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/memcached /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||
tcib_packages:
|
||||
common:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage aodh
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla aodh
|
||||
tcib_packages:
|
||||
common:
|
||||
- openstack-aodh-common
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage nfast barbican
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican /var/lib/barbican/, /bin/chown -R barbican /var/lib/barbican/" > /etc/sudoers.d/barbican_sudoers && chmod 640 /etc/sudoers.d/barbican_sudoers'
|
||||
- run: usermod -a -G kolla barbican
|
||||
tcib_packages:
|
||||
common:
|
||||
- openstack-barbican-common
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage ceilometer
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla ceilometer
|
||||
tcib_packages:
|
||||
common:
|
||||
- openstack-ceilometer-common
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage cinder
|
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla cinder
|
||||
tcib_packages:
|
||||
common:
|
||||
- ceph-common
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage designate
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla designate
|
||||
tcib_packages:
|
||||
common:
|
||||
- openstack-designate-common
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
|
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla {{ tcib_user }}
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/glance-api/extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
- run: chmod 755 /usr/local/bin/kolla_extend_start
|
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/glance-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage gnocchi
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla gnocchi
|
||||
tcib_packages:
|
||||
common:
|
||||
- gnocchi-common
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage heat
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla heat
|
||||
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
|
||||
tcib_packages:
|
||||
common:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage ironic
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla ironic
|
||||
tcib_packages:
|
||||
common:
|
||||
- openstack-ironic-common
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla {{ tcib_user }}
|
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-inspector /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||
tcib_packages:
|
||||
common:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage keystone
|
||||
- run: dnf module -y enable mod_auth_openidc && dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla keystone
|
||||
- run: mkdir -p /var/www/cgi-bin/keystone && chown -R keystone /var/www/cgi-bin/keystone
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/keystone/extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
- run: chmod 755 /usr/local/bin/kolla_extend_start
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage manila
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla manila
|
||||
tcib_packages:
|
||||
common:
|
||||
- openstack-manila
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage mistral
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla mistral
|
||||
tcib_packages:
|
||||
common:
|
||||
- openstack-mistral-common
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage neutron
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla neutron
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/neutron-base/neutron_sudoers /etc/sudoers.d/neutron_sudoers
|
||||
- run: chmod 440 /etc/sudoers.d/neutron_sudoers
|
||||
# TODO(emilien) add support for tripleo-common being installed from source
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage nova
|
||||
- run: mkdir -p /etc/ssh && touch /etc/ssh/ssh_known_host
|
||||
- run: dnf install -y {{ tcib_packages | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla nova
|
||||
tcib_packages:
|
||||
- openstack-nova-common
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
tcib_actions:
|
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
# this need to happen after installing nova-compute because the distgit does usermod to add libvirt/qemu groups
|
||||
- run: bash /usr/local/bin/uid_gid_manage nova
|
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-ironic /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||
tcib_packages:
|
||||
common:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,8 @@
|
|||
tcib_actions:
|
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
# this need to happen after installing nova-compute because the distgit does usermod to add libvirt/qemu groups
|
||||
- run: bash /usr/local/bin/uid_gid_manage nova
|
||||
- run: rm -f /etc/machine-id
|
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-compute /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||
tcib_packages:
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage novajoin
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla novajoin
|
||||
tcib_packages:
|
||||
common:
|
||||
- python3-novajoin
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage octavia
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla octavia
|
||||
tcib_packages:
|
||||
common:
|
||||
- openstack-octavia-common
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage swift
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla swift
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/swift-base/swift-rootwrap /usr/bin/swift-rootwrap
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/swift-base/swift-sudoers /etc/sudoers.d/swift-sudoers
|
||||
- run: chmod 755 /usr/bin/swift-rootwrap && chmod 440 /etc/sudoers.d/swift-sudoers
|
||||
|
|
|
|||
|
|
@ -1,7 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: groupadd --force --gid 42480 tempest && useradd -l -M --shell /usr/sbin/nologin --uid 42480 --gid 42480 tempest
|
||||
- run: usermod -a -G kolla tempest
|
||||
tcib_packages:
|
||||
common:
|
||||
- iputils
|
||||
|
|
|
|||
|
|
@ -1,6 +1,6 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod -a -G kolla qdrouterd && mkdir -p /var/lib/qdrouterd && chown -R qdrouterd /var/lib/qdrouterd
|
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/qdrouterd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||
tcib_packages:
|
||||
common:
|
||||
|
|
|
|||
|
|
@ -1,8 +1,8 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
|
||||
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- copy: /usr/share/tripleo-common/container-images/kolla/rabbitmq/extend_start.sh /usr/local/bin/kolla_extend_start
|
||||
- run: chmod 755 /usr/local/bin/kolla_extend_start
|
||||
- run: usermod -a -G kolla {{ tcib_user }}
|
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/rabbitmq /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/rabbitmq/*'', wantlist=True) }}'
|
||||
tcib_packages:
|
||||
|
|
|
|||
|
|
@ -1,7 +1,7 @@
|
|||
tcib_actions:
|
||||
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
|
||||
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
|
||||
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
|
||||
- run: usermod --append --home /run/redis --groups kolla redis && mkdir -p /run/redis && chown -R redis /run/redis
|
||||
- run: mkdir /etc/libqb
|
||||
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/redis /openstack/healthcheck && chmod a+rx /openstack/healthcheck
|
||||
tcib_packages:
|
||||
|
|
|
|||
Loading…
Reference in New Issue