Browse code
Fix nova compute failing to start on openSUSE 12.3
The syntax of polkit authorization rules is different now. Using the same code
as for Fedora 18 now.
Change-Id: I4f66d8fc65c90a309aab478a4df35c77c7669314
Ralf Haferkamp authored on 2013/04/12 19:39:58Showing 1 changed files
| ... | ... |
@@ -296,22 +296,8 @@ EOF |
| 296 | 296 |
|
| 297 | 297 |
|
| 298 | 298 |
|
| 299 |
- if is_fedora; then |
|
| 300 |
- # Starting with fedora 18 enable stack-user to virsh -c qemu:///system |
|
| 301 |
- # by creating a policy-kit rule for stack-user |
|
| 302 |
- if [[ "$os_RELEASE" -ge "18" ]]; then |
|
| 303 |
- rules_dir=/etc/polkit-1/rules.d |
|
| 304 |
- sudo mkdir -p $rules_dir |
|
| 305 |
- sudo bash -c "cat <<EOF > $rules_dir/50-libvirt-$STACK_USER.rules |
|
| 306 |
-polkit.addRule(function(action, subject) {
|
|
| 307 |
- if (action.id == 'org.libvirt.unix.manage' && |
|
| 308 |
- subject.user == '"$STACK_USER"') {
|
|
| 309 |
- return polkit.Result.YES; |
|
| 310 |
- } |
|
| 311 |
-}); |
|
| 312 |
-EOF" |
|
| 313 |
- unset rules_dir |
|
| 314 |
- else |
|
| 299 |
+ if is_fedora || is_suse; then |
|
| 300 |
+ if is_fedora && [[ "$os_RELEASE" -le "17" ]]; then |
|
| 315 | 301 |
sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
| 316 | 302 |
[libvirt Management Access] |
| 317 | 303 |
Identity=unix-group:libvirtd |
| ... | ... |
@@ -320,11 +306,11 @@ ResultAny=yes |
| 320 | 320 |
ResultInactive=yes |
| 321 | 321 |
ResultActive=yes |
| 322 | 322 |
EOF' |
| 323 |
- fi |
|
| 324 |
- elif is_suse; then |
|
| 325 |
- # Work around the fact that polkit-default-privs overrules pklas |
|
| 326 |
- # with 'unix-group:$group'. |
|
| 327 |
- sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
| 323 |
+ elif is_suse && [[ $os_RELEASE = 12.2 || "$os_VENDOR" = "SUSE LINUX" ]]; then |
|
| 324 |
+ # openSUSE < 12.3 or SLE |
|
| 325 |
+ # Work around the fact that polkit-default-privs overrules pklas |
|
| 326 |
+ # with 'unix-group:$group'. |
|
| 327 |
+ sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
| 328 | 328 |
[libvirt Management Access] |
| 329 | 329 |
Identity=unix-user:$USER |
| 330 | 330 |
Action=org.libvirt.unix.manage |
| ... | ... |
@@ -332,6 +318,22 @@ ResultAny=yes |
| 332 | 332 |
ResultInactive=yes |
| 333 | 333 |
ResultActive=yes |
| 334 | 334 |
EOF" |
| 335 |
+ else |
|
| 336 |
+ # Starting with fedora 18 and opensuse-12.3 enable stack-user to |
|
| 337 |
+ # virsh -c qemu:///system by creating a policy-kit rule for |
|
| 338 |
+ # stack-user using the new Javascript syntax |
|
| 339 |
+ rules_dir=/etc/polkit-1/rules.d |
|
| 340 |
+ sudo mkdir -p $rules_dir |
|
| 341 |
+ sudo bash -c "cat <<EOF > $rules_dir/50-libvirt-$STACK_USER.rules |
|
| 342 |
+polkit.addRule(function(action, subject) {
|
|
| 343 |
+ if (action.id == 'org.libvirt.unix.manage' && |
|
| 344 |
+ subject.user == '"$STACK_USER"') {
|
|
| 345 |
+ return polkit.Result.YES; |
|
| 346 |
+ } |
|
| 347 |
+}); |
|
| 348 |
+EOF" |
|
| 349 |
+ unset rules_dir |
|
| 350 |
+ fi |
|
| 335 | 351 |
fi |
| 336 | 352 |
|
| 337 | 353 |
# The user that nova runs as needs to be member of **libvirtd** group otherwise |