Browse Source

(backward compatibility) create kolla UIDs/GIDs for TCIB

When upgrading container images from Kolla-based to TCIB-based, the
config files can't be read if we don't apply the new chown values unless
we re-use the same UIDs/GIDs as we had with Kolla; which is what we'll
do for now until we figure out an easy way to update config permissions
during the upgrade/update stage.

This introduces a new script, that will be injected in the base layer:

uid_gid_manage.sh

Usage:

./uid_gid_manage.sh qemu nova

It'll first create the qemu user/group, then nova user/group.
The format aims to be simple:

<username> <uid> <gid> <optional homedir> <optional list of extra groups>

It's also removing instances of usermod which aren't needed anymore;
since we create the user / groups only in the images where they are
needed; which wasn't the case for Kolla where all users/groups were
created in the base image.

Note: we create the user/group before installing packaging so if
packaging creates directories and sets permissions, it'll be with the
right UID/GID (unless packaging overrides UID/GID but rarely do it).

Related-Bug: #1890798

Change-Id: If3fa2ff34af42a7438c6dbf81dbcb0bddd63afa6
(cherry picked from commit fb0ec2ffd0)
changes/40/746540/2
Emilien Macchi 1 month ago
parent
commit
5397e9eb4f
30 changed files with 158 additions and 29 deletions
  1. +124
    -0
      container-images/kolla/base/uid_gid_manage.sh
  2. +3
    -1
      container-images/tcib/base/base.yaml
  3. +2
    -2
      container-images/tcib/base/collectd/collectd.yaml
  4. +1
    -0
      container-images/tcib/base/etcd/etcd.yaml
  5. +1
    -1
      container-images/tcib/base/mariadb/mariadb.yaml
  6. +1
    -2
      container-images/tcib/base/memcached/memcached.yaml
  7. +1
    -1
      container-images/tcib/base/os/aodh-base/aodh-base.yaml
  8. +1
    -1
      container-images/tcib/base/os/barbican-base/barbican-base.yaml
  9. +1
    -1
      container-images/tcib/base/os/ceilometer-base/ceilometer-base.yaml
  10. +1
    -1
      container-images/tcib/base/os/cinder-base/cinder-base.yaml
  11. +1
    -1
      container-images/tcib/base/os/designate-base/designate-base.yaml
  12. +1
    -1
      container-images/tcib/base/os/glance-api/glance-api.yaml
  13. +1
    -1
      container-images/tcib/base/os/gnocchi-base/gnocchi-base.yaml
  14. +1
    -1
      container-images/tcib/base/os/heat-base/heat-base.yaml
  15. +1
    -1
      container-images/tcib/base/os/ironic-base/ironic-base.yaml
  16. +1
    -1
      container-images/tcib/base/os/ironic-base/ironic-inspector/ironic-inspector.yaml
  17. +1
    -1
      container-images/tcib/base/os/keystone/keystone.yaml
  18. +1
    -1
      container-images/tcib/base/os/manila-base/manila-base.yaml
  19. +1
    -1
      container-images/tcib/base/os/mistral-base/mistral-base.yaml
  20. +1
    -1
      container-images/tcib/base/os/neutron-base/neutron-base.yaml
  21. +1
    -1
      container-images/tcib/base/os/nova-base/nova-base.yaml
  22. +2
    -0
      container-images/tcib/base/os/nova-base/nova-compute-ironic/nova-compute-ironic.yaml
  23. +2
    -0
      container-images/tcib/base/os/nova-base/nova-compute/nova-compute.yaml
  24. +1
    -1
      container-images/tcib/base/os/novajoin-base/novajoin-base.yaml
  25. +1
    -1
      container-images/tcib/base/os/octavia-base/octavia-base.yaml
  26. +1
    -1
      container-images/tcib/base/os/swift-base/swift-base.yaml
  27. +1
    -2
      container-images/tcib/base/os/tempest/tempest.yaml
  28. +1
    -1
      container-images/tcib/base/qdrouterd/qdrouterd.yaml
  29. +1
    -1
      container-images/tcib/base/rabbitmq/rabbitmq.yaml
  30. +1
    -1
      container-images/tcib/base/redis/redis.yaml

+ 124
- 0
container-images/kolla/base/uid_gid_manage.sh View File

@@ -0,0 +1,124 @@
#!/bin/bash
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This script maintains compatibility when upgrading kolla images to the
# TCIB images. To allow containers reading configuration files, we need to
# maintain the same UIDs/GIDs for now until we update file permissions during
# update/upgrade tasks.
#
# Usage:
# ./uid_gid_manage.sh qemu nova
#
# Note: order of args is maintained during the creation.
#

set -o errexit
set -o xtrace

[ -z $1 ] && echo "Argument missing: name of user to create" && exit 1
_USERS_TO_CREATE=$@

declare -A _SUPPORTED_USERS
# This comes from kolla/common/config.py.
# Format: <username> <uid> <gid> <optional homedir> <optional comma-separated list of extra groups>
# Note: if homedir isn't specified, extra groups aren't supported
_SUPPORTED_USERS['aodh']='aodh 42402 42402 /var/lib/aodh kolla'
_SUPPORTED_USERS['barbican']='barbican 42403 42403 /var/lib/barbican kolla,nfast'
_SUPPORTED_USERS['ceilometer']='ceilometer 42405 42405 /var/lib/ceilometer kolla'
_SUPPORTED_USERS['cinder']='cinder 42407 42407 /var/lib/cinder kolla'
_SUPPORTED_USERS['collectd']='collectd 42409 42409 /var/lib/collectd kolla'
_SUPPORTED_USERS['designate']='designate 42411 42411 /var/lib/designate kolla'
_SUPPORTED_USERS['etcd']='etcd 42413 42413 /var/lib/etcd kolla'
_SUPPORTED_USERS['glance']='glance 42415 42415 /var/lib/glance kolla'
_SUPPORTED_USERS['gnocchi']='gnocchi 42416 42416 /var/lib/gnocchi kolla'
_SUPPORTED_USERS['haproxy']='haproxy 42454 42454 /var/lib/haproxy kolla'
_SUPPORTED_USERS['heat']='heat 42418 42418 /var/lib/heat kolla'
_SUPPORTED_USERS['horizon']='horizon 42420 42420 /var/lib/horizon kolla'
_SUPPORTED_USERS['hugetlbfs']='hugetlbfs 42477 42477'
_SUPPORTED_USERS['ironic']='ironic 42422 42422 /var/lib/ironic kolla'
_SUPPORTED_USERS['ironic-inspector']='ironic-inspector 42461 42461 /var/lib/ironic-inspector kolla'
_SUPPORTED_USERS['keystone']='keystone 42425 42425 /var/lib/keystone kolla'
_SUPPORTED_USERS['kolla']='kolla 42400 42400'
_SUPPORTED_USERS['libvirt']='libvirt 42473 42473'
_SUPPORTED_USERS['manila']='manila 42429 42429 /var/lib/manila kolla'
_SUPPORTED_USERS['memcached']='memcached 42457 42457 /run/memcache kolla'
_SUPPORTED_USERS['mistral']='mistral 42430 42430 /var/lib/mistral kolla'
_SUPPORTED_USERS['mysql']='mysql 42434 42434 /var/lib/mysql kolla'
_SUPPORTED_USERS['neutron']='neutron 42435 42435 /var/lib/neutron kolla'
_SUPPORTED_USERS['nfast']='nfast 42481 42481'
_SUPPORTED_USERS['nova']='nova 42436 42436 /var/lib/nova qemu,libvirt,kolla'
_SUPPORTED_USERS['novajoin']='novajoin 42470 42470 /var/lib/novajoin kolla'
_SUPPORTED_USERS['octavia']='octavia 42437 42437 /var/lib/octavia kolla'
_SUPPORTED_USERS['openvswitch']='openvswitch 42476 42476'
_SUPPORTED_USERS['placement']='placement 42482 42482 /var/lib/placement kolla'
_SUPPORTED_USERS['qdrouterd']='qdrouterd 42465 42465 /var/lib/qdrouterd kolla'
_SUPPORTED_USERS['qemu']='qemu 42427 42427'
_SUPPORTED_USERS['rabbitmq']='rabbitmq 42439 42439 /var/lib/rabbitmq kolla'
_SUPPORTED_USERS['redis']='redis 42460 42460 /run/redis kolla'
_SUPPORTED_USERS['swift']='swift 42445 42445 /var/lib/swift kolla'
_SUPPORTED_USERS['tempest']='tempest 42480 42480 /var/lib/tempest kolla'
_SUPPORTED_USERS['zaqar']='zaqar 42452 42452 /var/lib/zaqar kolla'

for _USER_TO_CREATE in $_USERS_TO_CREATE; do
# Initialize computed args
_EXTRA_GROUPS_ARG=
_EXTRA_PERMS=
_HOME_ARGS=

_NAME=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $1 }')
_UID=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $2 }')
_GID=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $3 }')
_HOME_DIR=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $4 }')
_EXTRA_GROUPS=$(echo ${_SUPPORTED_USERS[$_USER_TO_CREATE]} | awk '{ print $5 }')

# User was not found, we fail
if [[ "$_NAME" != "$_USER_TO_CREATE" ]]; then
echo "User ${_USER_TO_CREATE} was not found in the supported list"
exit 1
fi

if [[ ! -z $_EXTRA_GROUPS ]]; then
_EXTRA_GROUPS_ARG="--groups $_EXTRA_GROUPS"
fi

# Some users don't need a home directory
if [[ -z $_HOME_DIR ]]; then
_HOME_ARGS="-M"
else
_HOME_ARGS="-m --home $_HOME_DIR"
fi

if id -g $_NAME 2>/dev/null; then
_GROUPADD_CMD="groupmod --gid $_GID $_NAME"
else
_GROUPADD_CMD="groupadd --gid $_GID $_NAME"
fi

if id $_NAME 2>/dev/null; then
# -M argument doesn't exist with usermod
if [[ -z $_HOME_DIR ]]; then
_HOME_ARGS=
# usermod doesn't guaranty the home directory permissions (best effort)
else
_EXTRA_PERMS="&& mkdir -p $_HOME_DIR && chown -R $_UID:$_GID $_HOME_DIR"
fi
# --append only exists with usermod
[ ! -z $_EXTRA_GROUPS_ARG ] && _EXTRA_GROUPS_ARG="--append $_EXTRA_GROUPS_ARG"
_USERADD_CMD="usermod ${_HOME_ARGS} --gid $_GID --uid $_UID ${_EXTRA_GROUPS_ARG} $_NAME ${_EXTRA_PERMS}"
else
_USERADD_CMD="useradd -l ${_HOME_ARGS} --shell /usr/sbin/nologin --uid $_UID --gid $_GID ${_EXTRA_GROUPS_ARG} $_NAME"
fi
eval $_GROUPADD_CMD
eval $_USERADD_CMD
done

+ 3
- 1
container-images/tcib/base/base.yaml View File

@@ -12,7 +12,9 @@ tcib_actions:
crudini --set /etc/dnf/dnf.conf main plugins 1 &&
crudini --set /etc/dnf/dnf.conf main skip_missing_names_on_install False &&
crudini --set /etc/dnf/dnf.conf main tsflags nodocs
- run: groupadd --force --gid 42400 kolla && useradd -l -M --shell /usr/sbin/nologin --uid 42400 --gid 42400 kolla
- copy: /usr/share/tripleo-common/container-images/kolla/base/uid_gid_manage.sh /usr/local/bin/uid_gid_manage
- run: chmod 755 /usr/local/bin/uid_gid_manage
- run: bash /usr/local/bin/uid_gid_manage kolla hugetlbfs libvirt qemu
- run: touch /usr/local/bin/kolla_extend_start && chmod 755 /usr/local/bin/kolla_extend_start
- copy: /usr/share/tripleo-common/container-images/kolla/base/set_configs.py /usr/local/bin/kolla_set_configs
- run: chmod 755 /usr/local/bin/kolla_set_configs


+ 2
- 2
container-images/tcib/base/collectd/collectd.yaml View File

@@ -1,4 +1,5 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage collectd
- run: >-
if [ '{{ tcib_distro }}' == 'rhel' ]; then
{% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}
@@ -6,8 +7,7 @@ tcib_actions:
- run: if [ "{{ tcib_distro }}" == "rhel" ]; then dnf -y install {{ tcib_packages['rhel'] | join(' ') }}; fi
- run: if [ "$(uname -m)" == "x86_64" ]; then dnf -y install {{ tcib_packages['x86_64'] | join(' ') }}; fi
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: mkdir -p /var/lib/collectd && useradd -d /var/lib/collectd -l -M --shell /usr/sbin/nologin collectd && chown collectd:collectd /var/lib/collectd
- run: chown -R collectd /var/lib/collectd && chown -R collectd /etc/collectd* && chown -R collectd /var/run/
- run: chown -R collectd:collectd /etc/collectd* /var/run/
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/collectd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:


+ 1
- 0
container-images/tcib/base/etcd/etcd.yaml View File

@@ -1,4 +1,5 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/etcd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:


+ 1
- 1
container-images/tcib/base/mariadb/mariadb.yaml View File

@@ -1,10 +1,10 @@
tcib_actions:
- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/local/bin/kolla_security_reset" > /etc/sudoers.d/security_reset && chmod 640 /etc/sudoers.d/security_reset'
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/extend_start.sh /usr/local/bin/kolla_extend_start
- run: chmod 755 /usr/local/bin/kolla_extend_start
- run: usermod -a -G kolla {{ tcib_user }}
- copy: /usr/share/tripleo-common/container-images/kolla/mariadb/security_reset.expect /usr/local/bin/kolla_security_reset
- run: chmod 755 /usr/local/bin/kolla_security_reset
- run: rm -rf /var/lib/mysql/* /etc/my.cnf.d/mariadb-server.cnf /etc/my.cnf.d/auth_gssapi.cnf


+ 1
- 2
container-images/tcib/base/memcached/memcached.yaml View File

@@ -1,7 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf install -y {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla {{ tcib_user }}
- run: mkdir -p /run/memcache && chown -R memcached:memcached /run/memcache
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/memcached /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:


+ 1
- 1
container-images/tcib/base/os/aodh-base/aodh-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage aodh
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla aodh
tcib_packages:
common:
- openstack-aodh-common

+ 1
- 1
container-images/tcib/base/os/barbican-base/barbican-base.yaml View File

@@ -1,7 +1,7 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage nfast barbican
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: 'echo "%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R barbican /var/lib/barbican/, /bin/chown -R barbican /var/lib/barbican/" > /etc/sudoers.d/barbican_sudoers && chmod 640 /etc/sudoers.d/barbican_sudoers'
- run: usermod -a -G kolla barbican
tcib_packages:
common:
- openstack-barbican-common

+ 1
- 1
container-images/tcib/base/os/ceilometer-base/ceilometer-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage ceilometer
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla ceilometer
tcib_packages:
common:
- openstack-ceilometer-common


+ 1
- 1
container-images/tcib/base/os/cinder-base/cinder-base.yaml View File

@@ -1,7 +1,7 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage cinder
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla cinder
tcib_packages:
common:
- ceph-common


+ 1
- 1
container-images/tcib/base/os/designate-base/designate-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage designate
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla designate
tcib_packages:
common:
- openstack-designate-common


+ 1
- 1
container-images/tcib/base/os/glance-api/glance-api.yaml View File

@@ -1,7 +1,7 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla {{ tcib_user }}
- copy: /usr/share/tripleo-common/container-images/kolla/glance-api/extend_start.sh /usr/local/bin/kolla_extend_start
- run: chmod 755 /usr/local/bin/kolla_extend_start
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/glance-api /openstack/healthcheck && chmod a+rx /openstack/healthcheck


+ 1
- 1
container-images/tcib/base/os/gnocchi-base/gnocchi-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage gnocchi
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla gnocchi
tcib_packages:
common:
- gnocchi-common

+ 1
- 1
container-images/tcib/base/os/heat-base/heat-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage heat
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla heat
- run: sed -i -r 's,^(Listen 80),#\1,' /etc/httpd/conf/httpd.conf && sed -i -r 's,^(Listen 443),#\1,' /etc/httpd/conf.d/ssl.conf
tcib_packages:
common:


+ 1
- 1
container-images/tcib/base/os/ironic-base/ironic-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage ironic
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla ironic
tcib_packages:
common:
- openstack-ironic-common

+ 1
- 1
container-images/tcib/base/os/ironic-base/ironic-inspector/ironic-inspector.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla {{ tcib_user }}
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/ironic-inspector /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:


+ 1
- 1
container-images/tcib/base/os/keystone/keystone.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage keystone
- run: dnf module -y enable mod_auth_openidc && dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla keystone
- run: mkdir -p /var/www/cgi-bin/keystone && chown -R keystone /var/www/cgi-bin/keystone
- copy: /usr/share/tripleo-common/container-images/kolla/keystone/extend_start.sh /usr/local/bin/kolla_extend_start
- run: chmod 755 /usr/local/bin/kolla_extend_start


+ 1
- 1
container-images/tcib/base/os/manila-base/manila-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage manila
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla manila
tcib_packages:
common:
- openstack-manila

+ 1
- 1
container-images/tcib/base/os/mistral-base/mistral-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage mistral
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla mistral
tcib_packages:
common:
- openstack-mistral-common


+ 1
- 1
container-images/tcib/base/os/neutron-base/neutron-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage neutron
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla neutron
- copy: /usr/share/tripleo-common/container-images/kolla/neutron-base/neutron_sudoers /etc/sudoers.d/neutron_sudoers
- run: chmod 440 /etc/sudoers.d/neutron_sudoers
# TODO(emilien) add support for tripleo-common being installed from source


+ 1
- 1
container-images/tcib/base/os/nova-base/nova-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage nova
- run: mkdir -p /etc/ssh && touch /etc/ssh/ssh_known_host
- run: dnf install -y {{ tcib_packages | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla nova
tcib_packages:
- openstack-nova-common

+ 2
- 0
container-images/tcib/base/os/nova-base/nova-compute-ironic/nova-compute-ironic.yaml View File

@@ -1,6 +1,8 @@
tcib_actions:
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
# this need to happen after installing nova-compute because the distgit does usermod to add libvirt/qemu groups
- run: bash /usr/local/bin/uid_gid_manage nova
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-ironic /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:


+ 2
- 0
container-images/tcib/base/os/nova-base/nova-compute/nova-compute.yaml View File

@@ -1,6 +1,8 @@
tcib_actions:
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
# this need to happen after installing nova-compute because the distgit does usermod to add libvirt/qemu groups
- run: bash /usr/local/bin/uid_gid_manage nova
- run: rm -f /etc/machine-id
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/nova-compute /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:


+ 1
- 1
container-images/tcib/base/os/novajoin-base/novajoin-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage novajoin
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla novajoin
tcib_packages:
common:
- python3-novajoin

+ 1
- 1
container-images/tcib/base/os/octavia-base/octavia-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage octavia
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla octavia
tcib_packages:
common:
- openstack-octavia-common

+ 1
- 1
container-images/tcib/base/os/swift-base/swift-base.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage swift
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla swift
- copy: /usr/share/tripleo-common/container-images/kolla/swift-base/swift-rootwrap /usr/bin/swift-rootwrap
- copy: /usr/share/tripleo-common/container-images/kolla/swift-base/swift-sudoers /etc/sudoers.d/swift-sudoers
- run: chmod 755 /usr/bin/swift-rootwrap && chmod 440 /etc/sudoers.d/swift-sudoers


+ 1
- 2
container-images/tcib/base/os/tempest/tempest.yaml View File

@@ -1,7 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: groupadd --force --gid 42480 tempest && useradd -l -M --shell /usr/sbin/nologin --uid 42480 --gid 42480 tempest
- run: usermod -a -G kolla tempest
tcib_packages:
common:
- iputils


+ 1
- 1
container-images/tcib/base/qdrouterd/qdrouterd.yaml View File

@@ -1,6 +1,6 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod -a -G kolla qdrouterd && mkdir -p /var/lib/qdrouterd && chown -R qdrouterd /var/lib/qdrouterd
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/qdrouterd /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:
common:


+ 1
- 1
container-images/tcib/base/rabbitmq/rabbitmq.yaml View File

@@ -1,8 +1,8 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: dnf -y install {{ tcib_packages['common'] | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- copy: /usr/share/tripleo-common/container-images/kolla/rabbitmq/extend_start.sh /usr/local/bin/kolla_extend_start
- run: chmod 755 /usr/local/bin/kolla_extend_start
- run: usermod -a -G kolla {{ tcib_user }}
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/rabbitmq /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_gather_files: '{{ lookup(''fileglob'', ''/usr/share/tripleo-common/container-images/kolla/rabbitmq/*'', wantlist=True) }}'
tcib_packages:


+ 1
- 1
container-images/tcib/base/redis/redis.yaml View File

@@ -1,7 +1,7 @@
tcib_actions:
- run: bash /usr/local/bin/uid_gid_manage {{ tcib_user }}
- run: if [ '{{ tcib_distro }}' == 'rhel' ]; then {% for item in tcib_packages.modules %}{% set key, value = (item.items() | list).0 %}dnf module -y {{ key }} {{ value }}; {% endfor %}fi
- run: dnf -y install {{ tcib_packages.common | join(' ') }} && dnf clean all && rm -rf /var/cache/dnf
- run: usermod --append --home /run/redis --groups kolla redis && mkdir -p /run/redis && chown -R redis /run/redis
- run: mkdir /etc/libqb
- run: ln -s /usr/share/openstack-tripleo-common/healthcheck/redis /openstack/healthcheck && chmod a+rx /openstack/healthcheck
tcib_packages:


Loading…
Cancel
Save