Browse code
Fix "sudo: sorry, you must have a tty to run sudo"
On many systems the requiretty sudoers option is turned on by default.
With "requiretty" option the sudo ensures the user have real tty access.
Just several "su" variant has an option for skipping the new session creation step.
Only one session can posses a tty, so after a "su -c" the sudo will not
work.
We will use sudo instead of su, when we create the stack account.
This change adds new variable the STACK_USER for
service username.
Change-Id: I1b3fbd903686884e74a5a22d82c0c0890e1be03c
Attila Fazekas authored on 2013/01/07 06:40:09Showing 17 changed files
- lib/baremetal
- lib/ceilometer
- lib/cinder
- lib/glance
- lib/heat
- lib/keystone
- lib/nova
- lib/quantum
- lib/ryu
- lib/swift
- stack.sh
- stackrc
- tools/build_ramdisk.sh
- tools/build_uec.sh
- tools/copy_dev_environment_to_uec.sh
- tools/xen/build_xva.sh
- tools/xen/prepare_guest.sh
| ... | ... |
@@ -200,14 +200,14 @@ function configure_baremetal_nova_dirs() {
|
| 200 | 200 |
sudo mkdir -p /tftpboot |
| 201 | 201 |
sudo mkdir -p /tftpboot/pxelinux.cfg |
| 202 | 202 |
sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot/ |
| 203 |
- sudo chown -R `whoami`:libvirtd /tftpboot |
|
| 203 |
+ sudo chown -R $STACK_USER:libvirtd /tftpboot |
|
| 204 | 204 |
|
| 205 | 205 |
# ensure $NOVA_STATE_PATH/baremetal is prepared |
| 206 | 206 |
sudo mkdir -p $NOVA_STATE_PATH/baremetal |
| 207 | 207 |
sudo mkdir -p $NOVA_STATE_PATH/baremetal/console |
| 208 | 208 |
sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq |
| 209 | 209 |
sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host |
| 210 |
- sudo chown -R `whoami` $NOVA_STATE_PATH/baremetal |
|
| 210 |
+ sudo chown -R $STACK_USER $NOVA_STATE_PATH/baremetal |
|
| 211 | 211 |
|
| 212 | 212 |
# ensure dnsmasq is installed but not running |
| 213 | 213 |
# because baremetal driver will reconfigure and restart this as needed |
| ... | ... |
@@ -9,6 +9,7 @@ |
| 9 | 9 |
# - OS_AUTH_URL for auth in api |
| 10 | 10 |
# - DEST set to the destination directory |
| 11 | 11 |
# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api |
| 12 |
+# - STACK_USER service user |
|
| 12 | 13 |
|
| 13 | 14 |
# stack.sh |
| 14 | 15 |
# --------- |
| ... | ... |
@@ -94,7 +95,7 @@ function configure_ceilometer() {
|
| 94 | 94 |
function init_ceilometer() {
|
| 95 | 95 |
# Create cache dir |
| 96 | 96 |
sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR |
| 97 |
- sudo chown `whoami` $CEILOMETER_AUTH_CACHE_DIR |
|
| 97 |
+ sudo chown $STACK_USER $CEILOMETER_AUTH_CACHE_DIR |
|
| 98 | 98 |
rm -f $CEILOMETER_AUTH_CACHE_DIR/* |
| 99 | 99 |
} |
| 100 | 100 |
|
| ... | ... |
@@ -3,7 +3,7 @@ |
| 3 | 3 |
|
| 4 | 4 |
# Dependencies: |
| 5 | 5 |
# - functions |
| 6 |
-# - DEST, DATA_DIR must be defined |
|
| 6 |
+# - DEST, DATA_DIR, STACK_USER must be defined |
|
| 7 | 7 |
# SERVICE_{TENANT_NAME|PASSWORD} must be defined
|
| 8 | 8 |
# ``KEYSTONE_TOKEN_FORMAT`` must be defined |
| 9 | 9 |
|
| ... | ... |
@@ -110,7 +110,7 @@ function configure_cinder() {
|
| 110 | 110 |
if [[ ! -d $CINDER_CONF_DIR ]]; then |
| 111 | 111 |
sudo mkdir -p $CINDER_CONF_DIR |
| 112 | 112 |
fi |
| 113 |
- sudo chown `whoami` $CINDER_CONF_DIR |
|
| 113 |
+ sudo chown $STACK_USER $CINDER_CONF_DIR |
|
| 114 | 114 |
|
| 115 | 115 |
cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR |
| 116 | 116 |
|
| ... | ... |
@@ -295,7 +295,7 @@ function init_cinder() {
|
| 295 | 295 |
|
| 296 | 296 |
# Create cache dir |
| 297 | 297 |
sudo mkdir -p $CINDER_AUTH_CACHE_DIR |
| 298 |
- sudo chown `whoami` $CINDER_AUTH_CACHE_DIR |
|
| 298 |
+ sudo chown $STACK_USER $CINDER_AUTH_CACHE_DIR |
|
| 299 | 299 |
rm -f $CINDER_AUTH_CACHE_DIR/* |
| 300 | 300 |
} |
| 301 | 301 |
|
| ... | ... |
@@ -3,7 +3,7 @@ |
| 3 | 3 |
|
| 4 | 4 |
# Dependencies: |
| 5 | 5 |
# ``functions`` file |
| 6 |
-# ``DEST``, ``DATA_DIR`` must be defined |
|
| 6 |
+# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined |
|
| 7 | 7 |
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
|
| 8 | 8 |
# ``SERVICE_HOST`` |
| 9 | 9 |
# ``KEYSTONE_TOKEN_FORMAT`` must be defined |
| ... | ... |
@@ -75,7 +75,7 @@ function configure_glance() {
|
| 75 | 75 |
if [[ ! -d $GLANCE_CONF_DIR ]]; then |
| 76 | 76 |
sudo mkdir -p $GLANCE_CONF_DIR |
| 77 | 77 |
fi |
| 78 |
- sudo chown `whoami` $GLANCE_CONF_DIR |
|
| 78 |
+ sudo chown $STACK_USER $GLANCE_CONF_DIR |
|
| 79 | 79 |
|
| 80 | 80 |
# Copy over our glance configurations and update them |
| 81 | 81 |
cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF |
| ... | ... |
@@ -158,10 +158,10 @@ function init_glance() {
|
| 158 | 158 |
|
| 159 | 159 |
# Create cache dir |
| 160 | 160 |
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api |
| 161 |
- sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api |
|
| 161 |
+ sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/api |
|
| 162 | 162 |
rm -f $GLANCE_AUTH_CACHE_DIR/api/* |
| 163 | 163 |
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry |
| 164 |
- sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry |
|
| 164 |
+ sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/registry |
|
| 165 | 165 |
rm -f $GLANCE_AUTH_CACHE_DIR/registry/* |
| 166 | 166 |
} |
| 167 | 167 |
|
| ... | ... |
@@ -49,7 +49,7 @@ function configure_heat() {
|
| 49 | 49 |
if [[ ! -d $HEAT_CONF_DIR ]]; then |
| 50 | 50 |
sudo mkdir -p $HEAT_CONF_DIR |
| 51 | 51 |
fi |
| 52 |
- sudo chown `whoami` $HEAT_CONF_DIR |
|
| 52 |
+ sudo chown $STACK_USER $HEAT_CONF_DIR |
|
| 53 | 53 |
|
| 54 | 54 |
HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$SERVICE_HOST}
|
| 55 | 55 |
HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}
|
| ... | ... |
@@ -7,6 +7,7 @@ |
| 7 | 7 |
# ``SERVICE_HOST``, ``SERVICE_PROTOCOL`` |
| 8 | 8 |
# ``SERVICE_TOKEN`` |
| 9 | 9 |
# ``S3_SERVICE_PORT`` (template backend only) |
| 10 |
+# ``STACK_USER`` |
|
| 10 | 11 |
|
| 11 | 12 |
# ``stack.sh`` calls the entry points in this order: |
| 12 | 13 |
# |
| ... | ... |
@@ -79,7 +80,7 @@ function configure_keystone() {
|
| 79 | 79 |
if [[ ! -d $KEYSTONE_CONF_DIR ]]; then |
| 80 | 80 |
sudo mkdir -p $KEYSTONE_CONF_DIR |
| 81 | 81 |
fi |
| 82 |
- sudo chown `whoami` $KEYSTONE_CONF_DIR |
|
| 82 |
+ sudo chown $STACK_USER $KEYSTONE_CONF_DIR |
|
| 83 | 83 |
|
| 84 | 84 |
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then |
| 85 | 85 |
cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF |
| ... | ... |
@@ -261,7 +262,7 @@ function init_keystone() {
|
| 261 | 261 |
|
| 262 | 262 |
# Create cache dir |
| 263 | 263 |
sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR |
| 264 |
- sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR |
|
| 264 |
+ sudo chown $STACK_USER $KEYSTONE_AUTH_CACHE_DIR |
|
| 265 | 265 |
rm -f $KEYSTONE_AUTH_CACHE_DIR/* |
| 266 | 266 |
fi |
| 267 | 267 |
} |
| ... | ... |
@@ -3,7 +3,7 @@ |
| 3 | 3 |
|
| 4 | 4 |
# Dependencies: |
| 5 | 5 |
# ``functions`` file |
| 6 |
-# ``DEST``, ``DATA_DIR`` must be defined |
|
| 6 |
+# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined |
|
| 7 | 7 |
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
|
| 8 | 8 |
# ``LIBVIRT_TYPE`` must be defined |
| 9 | 9 |
# ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined |
| ... | ... |
@@ -149,7 +149,7 @@ function configure_nova() {
|
| 149 | 149 |
if [[ ! -d $NOVA_CONF_DIR ]]; then |
| 150 | 150 |
sudo mkdir -p $NOVA_CONF_DIR |
| 151 | 151 |
fi |
| 152 |
- sudo chown `whoami` $NOVA_CONF_DIR |
|
| 152 |
+ sudo chown $STACK_USER $NOVA_CONF_DIR |
|
| 153 | 153 |
|
| 154 | 154 |
cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR |
| 155 | 155 |
|
| ... | ... |
@@ -277,7 +277,7 @@ EOF" |
| 277 | 277 |
if ! getent group libvirtd >/dev/null; then |
| 278 | 278 |
sudo groupadd libvirtd |
| 279 | 279 |
fi |
| 280 |
- add_user_to_group `whoami` libvirtd |
|
| 280 |
+ add_user_to_group $STACK_USER libvirtd |
|
| 281 | 281 |
|
| 282 | 282 |
# libvirt detects various settings on startup, as we potentially changed |
| 283 | 283 |
# the system configuration (modules, filesystems), we need to restart |
| ... | ... |
@@ -297,7 +297,7 @@ EOF" |
| 297 | 297 |
if [ -L /dev/disk/by-label/nova-instances ]; then |
| 298 | 298 |
if ! mount -n | grep -q $NOVA_INSTANCES_PATH; then |
| 299 | 299 |
sudo mount -L nova-instances $NOVA_INSTANCES_PATH |
| 300 |
- sudo chown -R `whoami` $NOVA_INSTANCES_PATH |
|
| 300 |
+ sudo chown -R $STACK_USER $NOVA_INSTANCES_PATH |
|
| 301 | 301 |
fi |
| 302 | 302 |
fi |
| 303 | 303 |
|
| ... | ... |
@@ -474,13 +474,13 @@ function init_nova() {
|
| 474 | 474 |
|
| 475 | 475 |
# Create cache dir |
| 476 | 476 |
sudo mkdir -p $NOVA_AUTH_CACHE_DIR |
| 477 |
- sudo chown `whoami` $NOVA_AUTH_CACHE_DIR |
|
| 477 |
+ sudo chown $STACK_USER $NOVA_AUTH_CACHE_DIR |
|
| 478 | 478 |
rm -f $NOVA_AUTH_CACHE_DIR/* |
| 479 | 479 |
|
| 480 | 480 |
# Create the keys folder |
| 481 | 481 |
sudo mkdir -p ${NOVA_STATE_PATH}/keys
|
| 482 | 482 |
# make sure we own NOVA_STATE_PATH and all subdirs |
| 483 |
- sudo chown -R `whoami` ${NOVA_STATE_PATH}
|
|
| 483 |
+ sudo chown -R $STACK_USER ${NOVA_STATE_PATH}
|
|
| 484 | 484 |
} |
| 485 | 485 |
|
| 486 | 486 |
# install_novaclient() - Collect source and prepare |
| ... | ... |
@@ -388,7 +388,7 @@ function _configure_quantum_common() {
|
| 388 | 388 |
if [[ ! -d $QUANTUM_CONF_DIR ]]; then |
| 389 | 389 |
sudo mkdir -p $QUANTUM_CONF_DIR |
| 390 | 390 |
fi |
| 391 |
- sudo chown `whoami` $QUANTUM_CONF_DIR |
|
| 391 |
+ sudo chown $STACK_USER $QUANTUM_CONF_DIR |
|
| 392 | 392 |
|
| 393 | 393 |
cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF |
| 394 | 394 |
|
| ... | ... |
@@ -730,7 +730,7 @@ function _quantum_setup_keystone() {
|
| 730 | 730 |
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR |
| 731 | 731 |
# Create cache dir |
| 732 | 732 |
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR |
| 733 |
- sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR |
|
| 733 |
+ sudo chown $STACK_USER $QUANTUM_AUTH_CACHE_DIR |
|
| 734 | 734 |
rm -f $QUANTUM_AUTH_CACHE_DIR/* |
| 735 | 735 |
} |
| 736 | 736 |
|
| ... | ... |
@@ -4,6 +4,7 @@ |
| 4 | 4 |
# Dependencies: |
| 5 | 5 |
# ``functions`` file |
| 6 | 6 |
# ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined |
| 7 |
+# ``STACK_USER`` must be defined |
|
| 7 | 8 |
# ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined |
| 8 | 9 |
# ``lib/keystone`` file |
| 9 | 10 |
# ``stack.sh`` calls the entry points in this order: |
| ... | ... |
@@ -333,7 +334,7 @@ function init_swift() {
|
| 333 | 333 |
|
| 334 | 334 |
# Create cache dir |
| 335 | 335 |
sudo mkdir -p $SWIFT_AUTH_CACHE_DIR |
| 336 |
- sudo chown `whoami` $SWIFT_AUTH_CACHE_DIR |
|
| 336 |
+ sudo chown $STACK_USER $SWIFT_AUTH_CACHE_DIR |
|
| 337 | 337 |
rm -f $SWIFT_AUTH_CACHE_DIR/* |
| 338 | 338 |
} |
| 339 | 339 |
|
| ... | ... |
@@ -177,40 +177,43 @@ VERBOSE=$(trueorfalse True $VERBOSE) |
| 177 | 177 |
# sudo privileges and runs as that user. |
| 178 | 178 |
|
| 179 | 179 |
if [[ $EUID -eq 0 ]]; then |
| 180 |
+ STACK_USER=$DEFAULT_STACK_USER |
|
| 180 | 181 |
ROOTSLEEP=${ROOTSLEEP:-10}
|
| 181 | 182 |
echo "You are running this script as root." |
| 182 |
- echo "In $ROOTSLEEP seconds, we will create a user 'stack' and run as that user" |
|
| 183 |
+ echo "In $ROOTSLEEP seconds, we will create a user '$STACK_USER' and run as that user" |
|
| 183 | 184 |
sleep $ROOTSLEEP |
| 184 | 185 |
|
| 185 | 186 |
# Give the non-root user the ability to run as **root** via ``sudo`` |
| 186 | 187 |
is_package_installed sudo || install_package sudo |
| 187 |
- if ! getent group stack >/dev/null; then |
|
| 188 |
- echo "Creating a group called stack" |
|
| 189 |
- groupadd stack |
|
| 188 |
+ if ! getent group $STACK_USER >/dev/null; then |
|
| 189 |
+ echo "Creating a group called $STACK_USER" |
|
| 190 |
+ groupadd $STACK_USER |
|
| 190 | 191 |
fi |
| 191 |
- if ! getent passwd stack >/dev/null; then |
|
| 192 |
- echo "Creating a user called stack" |
|
| 193 |
- useradd -g stack -s /bin/bash -d $DEST -m stack |
|
| 192 |
+ if ! getent passwd $STACK_USER >/dev/null; then |
|
| 193 |
+ echo "Creating a user called $STACK_USER" |
|
| 194 |
+ useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER |
|
| 194 | 195 |
fi |
| 195 | 196 |
|
| 196 | 197 |
echo "Giving stack user passwordless sudo privileges" |
| 197 | 198 |
# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one |
| 198 | 199 |
grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers || |
| 199 | 200 |
echo "#includedir /etc/sudoers.d" >> /etc/sudoers |
| 200 |
- ( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \ |
|
| 201 |
+ ( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \ |
|
| 201 | 202 |
> /etc/sudoers.d/50_stack_sh ) |
| 202 | 203 |
|
| 203 |
- echo "Copying files to stack user" |
|
| 204 |
+ echo "Copying files to $STACK_USER user" |
|
| 204 | 205 |
STACK_DIR="$DEST/${TOP_DIR##*/}"
|
| 205 | 206 |
cp -r -f -T "$TOP_DIR" "$STACK_DIR" |
| 206 |
- chown -R stack "$STACK_DIR" |
|
| 207 |
+ chown -R $STACK_USER "$STACK_DIR" |
|
| 208 |
+ cd "$STACK_DIR" |
|
| 207 | 209 |
if [[ "$SHELL_AFTER_RUN" != "no" ]]; then |
| 208 |
- exec su -c "set -e; cd $STACK_DIR; bash stack.sh; bash" stack |
|
| 210 |
+ exec sudo -u $STACK_USER bash -l -c "set -e; bash stack.sh; bash" |
|
| 209 | 211 |
else |
| 210 |
- exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack |
|
| 212 |
+ exec sudo -u $STACK_USER bash -l -c "set -e; source stack.sh" |
|
| 211 | 213 |
fi |
| 212 | 214 |
exit 1 |
| 213 | 215 |
else |
| 216 |
+ STACK_USER=`whoami` |
|
| 214 | 217 |
# We're not **root**, make sure ``sudo`` is available |
| 215 | 218 |
is_package_installed sudo || die "Sudo is required. Re-run stack.sh as root ONE TIME ONLY to set up sudo." |
| 216 | 219 |
|
| ... | ... |
@@ -220,10 +223,10 @@ else |
| 220 | 220 |
|
| 221 | 221 |
# Set up devstack sudoers |
| 222 | 222 |
TEMPFILE=`mktemp` |
| 223 |
- echo "`whoami` ALL=(root) NOPASSWD:ALL" >$TEMPFILE |
|
| 223 |
+ echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE |
|
| 224 | 224 |
# Some binaries might be under /sbin or /usr/sbin, so make sure sudo will |
| 225 | 225 |
# see them by forcing PATH |
| 226 |
- echo "Defaults:`whoami` secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE |
|
| 226 |
+ echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE |
|
| 227 | 227 |
chmod 0440 $TEMPFILE |
| 228 | 228 |
sudo chown root:root $TEMPFILE |
| 229 | 229 |
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh |
| ... | ... |
@@ -235,7 +238,7 @@ fi |
| 235 | 235 |
# Create the destination directory and ensure it is writable by the user |
| 236 | 236 |
sudo mkdir -p $DEST |
| 237 | 237 |
if [ ! -w $DEST ]; then |
| 238 |
- sudo chown `whoami` $DEST |
|
| 238 |
+ sudo chown $STACK_USER $DEST |
|
| 239 | 239 |
fi |
| 240 | 240 |
|
| 241 | 241 |
# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without |
| ... | ... |
@@ -251,7 +254,7 @@ ERROR_ON_CLONE=`trueorfalse False $ERROR_ON_CLONE` |
| 251 | 251 |
# Destination path for service data |
| 252 | 252 |
DATA_DIR=${DATA_DIR:-${DEST}/data}
|
| 253 | 253 |
sudo mkdir -p $DATA_DIR |
| 254 |
-sudo chown `whoami` $DATA_DIR |
|
| 254 |
+sudo chown $STACK_USER $DATA_DIR |
|
| 255 | 255 |
|
| 256 | 256 |
|
| 257 | 257 |
# Common Configuration |
| ... | ... |
@@ -12,6 +12,9 @@ DATA_DIR=${DEST}/data
|
| 12 | 12 |
# Select the default database |
| 13 | 13 |
DATABASE_TYPE=mysql |
| 14 | 14 |
|
| 15 |
+# Default stack user |
|
| 16 |
+DEFAULT_STACK_USER=stack |
|
| 17 |
+ |
|
| 15 | 18 |
# Specify which services to launch. These generally correspond to |
| 16 | 19 |
# screen tabs. To change the default list, use the ``enable_service`` and |
| 17 | 20 |
# ``disable_service`` functions in ``localrc``. |
| ... | ... |
@@ -125,17 +125,17 @@ if [ ! -r $DEV_FILE ]; then |
| 125 | 125 |
# Create a stack user that is a member of the libvirtd group so that stack |
| 126 | 126 |
# is able to interact with libvirt. |
| 127 | 127 |
chroot $MNTDIR groupadd libvirtd |
| 128 |
- chroot $MNTDIR useradd stack -s /bin/bash -d $DEST -G libvirtd |
|
| 128 |
+ chroot $MNTDIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd |
|
| 129 | 129 |
mkdir -p $MNTDIR/$DEST |
| 130 |
- chroot $MNTDIR chown stack $DEST |
|
| 130 |
+ chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST |
|
| 131 | 131 |
|
| 132 | 132 |
# A simple password - pass |
| 133 |
- echo stack:pass | chroot $MNTDIR chpasswd |
|
| 133 |
+ echo $DEFAULT_STACK_USER:pass | chroot $MNTDIR chpasswd |
|
| 134 | 134 |
echo root:$ROOT_PASSWORD | chroot $MNTDIR chpasswd |
| 135 | 135 |
|
| 136 | 136 |
# And has sudo ability (in the future this should be limited to only what |
| 137 | 137 |
# stack requires) |
| 138 |
- echo "stack ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers |
|
| 138 |
+ echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers |
|
| 139 | 139 |
|
| 140 | 140 |
umount $MNTDIR |
| 141 | 141 |
rmdir $MNTDIR |
| ... | ... |
@@ -187,7 +187,7 @@ git_clone $OPENSTACKX_REPO $DEST/openstackx $OPENSTACKX_BRANCH |
| 187 | 187 |
# Use this version of devstack |
| 188 | 188 |
rm -rf $MNTDIR/$DEST/devstack |
| 189 | 189 |
cp -pr $CWD $MNTDIR/$DEST/devstack |
| 190 |
-chroot $MNTDIR chown -R stack $DEST/devstack |
|
| 190 |
+chroot $MNTDIR chown -R $DEFAULT_STACK_USER $DEST/devstack |
|
| 191 | 191 |
|
| 192 | 192 |
# Configure host network for DHCP |
| 193 | 193 |
mkdir -p $MNTDIR/etc/network |
| ... | ... |
@@ -225,7 +225,7 @@ EOF |
| 225 | 225 |
|
| 226 | 226 |
# Make the run.sh executable |
| 227 | 227 |
chmod 755 $RUN_SH |
| 228 |
-chroot $MNTDIR chown stack $DEST/run.sh |
|
| 228 |
+chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST/run.sh |
|
| 229 | 229 |
|
| 230 | 230 |
umount $MNTDIR |
| 231 | 231 |
rmdir $MNTDIR |
| ... | ... |
@@ -207,11 +207,11 @@ ROOTSLEEP=0 |
| 207 | 207 |
`cat $TOP_DIR/localrc` |
| 208 | 208 |
LOCAL_EOF |
| 209 | 209 |
fi |
| 210 |
-useradd -U -G sudo -s /bin/bash -d /opt/stack -m stack |
|
| 211 |
-echo stack:pass | chpasswd |
|
| 210 |
+useradd -U -G sudo -s /bin/bash -d /opt/stack -m $DEFAULT_STACK_USER |
|
| 211 |
+echo $DEFAULT_STACK_USER:pass | chpasswd |
|
| 212 | 212 |
mkdir -p /opt/stack/.ssh |
| 213 | 213 |
echo "$PUB_KEY" > /opt/stack/.ssh/authorized_keys |
| 214 |
-chown -R stack /opt/stack |
|
| 214 |
+chown -R $DEFAULT_STACK_USER /opt/stack |
|
| 215 | 215 |
chmod 700 /opt/stack/.ssh |
| 216 | 216 |
chmod 600 /opt/stack/.ssh/authorized_keys |
| 217 | 217 |
|
| ... | ... |
@@ -224,7 +224,7 @@ fi |
| 224 | 224 |
|
| 225 | 225 |
# Run stack.sh |
| 226 | 226 |
cat >> $vm_dir/uec/user-data<<EOF |
| 227 |
-su -c "cd /opt/stack/devstack && ./stack.sh" stack |
|
| 227 |
+sudo -u $DEFAULT_STACK_USER bash -l -c "cd /opt/stack/devstack && ./stack.sh" |
|
| 228 | 228 |
EOF |
| 229 | 229 |
|
| 230 | 230 |
# (re)start a metadata service |
| ... | ... |
@@ -18,6 +18,9 @@ TOP_DIR=$(cd $TOOLS_DIR/..; pwd) |
| 18 | 18 |
# Change dir to top of devstack |
| 19 | 19 |
cd $TOP_DIR |
| 20 | 20 |
|
| 21 |
+# Source params |
|
| 22 |
+source ./stackrc |
|
| 23 |
+ |
|
| 21 | 24 |
# Echo usage |
| 22 | 25 |
usage() {
|
| 23 | 26 |
echo "Add stack user and keys" |
| ... | ... |
@@ -43,13 +46,13 @@ mkdir -p $STAGING_DIR/$DEST |
| 43 | 43 |
# Create a stack user that is a member of the libvirtd group so that stack |
| 44 | 44 |
# is able to interact with libvirt. |
| 45 | 45 |
chroot $STAGING_DIR groupadd libvirtd || true |
| 46 |
-chroot $STAGING_DIR useradd stack -s /bin/bash -d $DEST -G libvirtd || true |
|
| 46 |
+chroot $STAGING_DIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd || true |
|
| 47 | 47 |
|
| 48 | 48 |
# Add a simple password - pass |
| 49 |
-echo stack:pass | chroot $STAGING_DIR chpasswd |
|
| 49 |
+echo $DEFAULT_STACK_USER:pass | chroot $STAGING_DIR chpasswd |
|
| 50 | 50 |
|
| 51 | 51 |
# Configure sudo |
| 52 |
-( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \ |
|
| 52 |
+( umask 226 && echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD:ALL" \ |
|
| 53 | 53 |
> $STAGING_DIR/etc/sudoers.d/50_stack_sh ) |
| 54 | 54 |
|
| 55 | 55 |
# Copy over your ssh keys and env if desired |
| ... | ... |
@@ -64,7 +67,7 @@ rm -rf $STAGING_DIR/$DEST/devstack |
| 64 | 64 |
cp_it . $STAGING_DIR/$DEST/devstack |
| 65 | 65 |
|
| 66 | 66 |
# Give stack ownership over $DEST so it may do the work needed |
| 67 |
-chroot $STAGING_DIR chown -R stack $DEST |
|
| 67 |
+chroot $STAGING_DIR chown -R $DEFAULT_STACK_USER $DEST |
|
| 68 | 68 |
|
| 69 | 69 |
# Unmount |
| 70 | 70 |
umount $STAGING_DIR |
| ... | ... |
@@ -65,8 +65,8 @@ cd $TOP_DIR |
| 65 | 65 |
cat <<EOF >$STAGING_DIR/etc/rc.local |
| 66 | 66 |
# network restart required for getting the right gateway |
| 67 | 67 |
/etc/init.d/networking restart |
| 68 |
-chown -R stack /opt/stack |
|
| 69 |
-su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" stack |
|
| 68 |
+chown -R $DEFAULT_STACK_USER /opt/stack |
|
| 69 |
+su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" $DEFAULT_STACK_USER |
|
| 70 | 70 |
exit 0 |
| 71 | 71 |
EOF |
| 72 | 72 |
|
| ... | ... |
@@ -19,6 +19,7 @@ GUEST_PASSWORD=${GUEST_PASSWORD:-secrete}
|
| 19 | 19 |
STAGING_DIR=${STAGING_DIR:-stage}
|
| 20 | 20 |
DO_TGZ=${DO_TGZ:-1}
|
| 21 | 21 |
XS_TOOLS_PATH=${XS_TOOLS_PATH:-"/root/xs-tools.deb"}
|
| 22 |
+STACK_USER=${STACK_USER:-stack}
|
|
| 22 | 23 |
|
| 23 | 24 |
# Install basics |
| 24 | 25 |
chroot $STAGING_DIR apt-get update |
| ... | ... |
@@ -46,12 +47,12 @@ rm -f $STAGING_DIR/etc/localtime |
| 46 | 46 |
|
| 47 | 47 |
# Add stack user |
| 48 | 48 |
chroot $STAGING_DIR groupadd libvirtd |
| 49 |
-chroot $STAGING_DIR useradd stack -s /bin/bash -d /opt/stack -G libvirtd |
|
| 50 |
-echo stack:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd |
|
| 51 |
-echo "stack ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers |
|
| 49 |
+chroot $STAGING_DIR useradd $STACK_USER -s /bin/bash -d /opt/stack -G libvirtd |
|
| 50 |
+echo $STACK_USER:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd |
|
| 51 |
+echo "$STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers |
|
| 52 | 52 |
|
| 53 | 53 |
# Give ownership of /opt/stack to stack user |
| 54 |
-chroot $STAGING_DIR chown -R stack /opt/stack |
|
| 54 |
+chroot $STAGING_DIR chown -R $STACK_USER /opt/stack |
|
| 55 | 55 |
|
| 56 | 56 |
# Make our ip address hostnames look nice at the command prompt |
| 57 | 57 |
echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $STAGING_DIR/opt/stack/.bashrc
|