Browse code
Fixes nova-compute failing to start on Fedora 18
Fixes bug #1086784
Adds a rule to the policy-kit allowing the stack user to manage libvirt
Change-Id: I6e9c0106c932f5f5f5c5c18ff79ac81a050c4599
Sunil Thaha authored on 2013/01/21 16:00:50Showing 1 changed files
| ... | ... |
@@ -247,11 +247,25 @@ EOF |
| 247 | 247 |
LIBVIRT_DAEMON=libvirtd |
| 248 | 248 |
fi |
| 249 | 249 |
|
| 250 |
- # For distributions using polkit to authorize access to libvirt, |
|
| 251 |
- # configure polkit accordingly. |
|
| 252 |
- # Based on http://wiki.libvirt.org/page/SSHPolicyKitSetup |
|
| 250 |
+ |
|
| 251 |
+ |
|
| 253 | 252 |
if is_fedora; then |
| 254 |
- sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
| 253 |
+ # Starting with fedora 18 enable stack-user to virsh -c qemu:///system |
|
| 254 |
+ # by creating a policy-kit rule for stack-user |
|
| 255 |
+ if [[ "$os_RELEASE" -ge "18" ]]; then |
|
| 256 |
+ rules_dir=/etc/polkit-1/rules.d |
|
| 257 |
+ sudo mkdir -p $rules_dir |
|
| 258 |
+ sudo bash -c "cat <<EOF > $rules_dir/50-libvirt-$STACK_USER.rules |
|
| 259 |
+polkit.addRule(function(action, subject) {
|
|
| 260 |
+ if (action.id == 'org.libvirt.unix.manage' && |
|
| 261 |
+ subject.user == '"$STACK_USER"') {
|
|
| 262 |
+ return polkit.Result.YES; |
|
| 263 |
+ } |
|
| 264 |
+}); |
|
| 265 |
+EOF" |
|
| 266 |
+ unset rules_dir |
|
| 267 |
+ else |
|
| 268 |
+ sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
|
| 255 | 269 |
[libvirt Management Access] |
| 256 | 270 |
Identity=unix-group:libvirtd |
| 257 | 271 |
Action=org.libvirt.unix.manage |
| ... | ... |
@@ -259,6 +273,7 @@ ResultAny=yes |
| 259 | 259 |
ResultInactive=yes |
| 260 | 260 |
ResultActive=yes |
| 261 | 261 |
EOF' |
| 262 |
+ fi |
|
| 262 | 263 |
elif is_suse; then |
| 263 | 264 |
# Work around the fact that polkit-default-privs overrules pklas |
| 264 | 265 |
# with 'unix-group:$group'. |