Browse code
Merge "Make use of STACK_USER instead of relying on USER"
Jenkins authored on 2013/11/22 22:47:12Showing 7 changed files
- lib/apache
- lib/ceilometer
- lib/cinder
- lib/neutron
- lib/nova
- lib/nova_plugins/hypervisor-libvirt
- lib/swift
| ... | ... |
@@ -4,6 +4,10 @@ |
| 4 | 4 |
# Dependencies: |
| 5 | 5 |
# |
| 6 | 6 |
# - ``functions`` file |
| 7 |
+# -``STACK_USER`` must be defined |
|
| 8 |
+ |
|
| 9 |
+# lib/apache exports the following functions: |
|
| 10 |
+# |
|
| 7 | 11 |
# - is_apache_enabled_service |
| 8 | 12 |
# - install_apache_wsgi |
| 9 | 13 |
# - config_apache_wsgi |
| ... | ... |
@@ -19,7 +23,7 @@ set +o xtrace |
| 19 | 19 |
|
| 20 | 20 |
# Allow overriding the default Apache user and group, default to |
| 21 | 21 |
# current user and his default group. |
| 22 |
-APACHE_USER=${APACHE_USER:-$USER}
|
|
| 22 |
+APACHE_USER=${APACHE_USER:-$STACK_USER}
|
|
| 23 | 23 |
APACHE_GROUP=${APACHE_GROUP:-$(id -gn $APACHE_USER)}
|
| 24 | 24 |
|
| 25 | 25 |
|
| ... | ... |
@@ -67,10 +67,10 @@ function configure_ceilometer() {
|
| 67 | 67 |
setup_develop $CEILOMETER_DIR |
| 68 | 68 |
|
| 69 | 69 |
[ ! -d $CEILOMETER_CONF_DIR ] && sudo mkdir -m 755 -p $CEILOMETER_CONF_DIR |
| 70 |
- sudo chown $USER $CEILOMETER_CONF_DIR |
|
| 70 |
+ sudo chown $STACK_USER $CEILOMETER_CONF_DIR |
|
| 71 | 71 |
|
| 72 | 72 |
[ ! -d $CEILOMETER_API_LOG_DIR ] && sudo mkdir -m 755 -p $CEILOMETER_API_LOG_DIR |
| 73 |
- sudo chown $USER $CEILOMETER_API_LOG_DIR |
|
| 73 |
+ sudo chown $STACK_USER $CEILOMETER_API_LOG_DIR |
|
| 74 | 74 |
|
| 75 | 75 |
iniset_rpc_backend ceilometer $CEILOMETER_CONF DEFAULT |
| 76 | 76 |
|
| ... | ... |
@@ -199,7 +199,7 @@ function configure_cinder() {
|
| 199 | 199 |
fi |
| 200 | 200 |
|
| 201 | 201 |
TEMPFILE=`mktemp` |
| 202 |
- echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_CINDER_SUDOER_CMD" >$TEMPFILE |
|
| 202 |
+ echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_CINDER_SUDOER_CMD" >$TEMPFILE |
|
| 203 | 203 |
chmod 0440 $TEMPFILE |
| 204 | 204 |
sudo chown root:root $TEMPFILE |
| 205 | 205 |
sudo mv $TEMPFILE /etc/sudoers.d/cinder-rootwrap |
| ... | ... |
@@ -4,6 +4,7 @@ |
| 4 | 4 |
# Dependencies: |
| 5 | 5 |
# ``functions`` file |
| 6 | 6 |
# ``DEST`` must be defined |
| 7 |
+# ``STACK_USER`` must be defined |
|
| 7 | 8 |
|
| 8 | 9 |
# ``stack.sh`` calls the entry points in this order: |
| 9 | 10 |
# |
| ... | ... |
@@ -730,7 +731,7 @@ function _neutron_setup_rootwrap() {
|
| 730 | 730 |
|
| 731 | 731 |
# Set up the rootwrap sudoers for neutron |
| 732 | 732 |
TEMPFILE=`mktemp` |
| 733 |
- echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE |
|
| 733 |
+ echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE |
|
| 734 | 734 |
chmod 0440 $TEMPFILE |
| 735 | 735 |
sudo chown root:root $TEMPFILE |
| 736 | 736 |
sudo mv $TEMPFILE /etc/sudoers.d/neutron-rootwrap |
| ... | ... |
@@ -195,7 +195,7 @@ function configure_nova_rootwrap() {
|
| 195 | 195 |
|
| 196 | 196 |
# Set up the rootwrap sudoers for nova |
| 197 | 197 |
TEMPFILE=`mktemp` |
| 198 |
- echo "$USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE |
|
| 198 |
+ echo "$STACK_USER ALL=(root) NOPASSWD: $ROOTWRAP_SUDOER_CMD" >$TEMPFILE |
|
| 199 | 199 |
chmod 0440 $TEMPFILE |
| 200 | 200 |
sudo chown root:root $TEMPFILE |
| 201 | 201 |
sudo mv $TEMPFILE /etc/sudoers.d/nova-rootwrap |
| ... | ... |
@@ -7,6 +7,7 @@ |
| 7 | 7 |
# Dependencies: |
| 8 | 8 |
# ``functions`` file |
| 9 | 9 |
# ``nova`` configuration |
| 10 |
+# ``STACK_USER`` has to be defined |
|
| 10 | 11 |
|
| 11 | 12 |
# install_nova_hypervisor - install any external requirements |
| 12 | 13 |
# configure_nova_hypervisor - make configuration changes, including those to other services |
| ... | ... |
@@ -68,7 +69,7 @@ EOF" |
| 68 | 68 |
# with 'unix-group:$group'. |
| 69 | 69 |
sudo bash -c "cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla |
| 70 | 70 |
[libvirt Management Access] |
| 71 |
-Identity=unix-user:$USER |
|
| 71 |
+Identity=unix-user:$STACK_USER |
|
| 72 | 72 |
Action=org.libvirt.unix.manage |
| 73 | 73 |
ResultAny=yes |
| 74 | 74 |
ResultInactive=yes |
| ... | ... |
@@ -225,7 +225,7 @@ function configure_swift() {
|
| 225 | 225 |
swift-init --run-dir=${SWIFT_DATA_DIR}/run all stop || true
|
| 226 | 226 |
|
| 227 | 227 |
sudo mkdir -p ${SWIFT_CONF_DIR}/{object,container,account}-server
|
| 228 |
- sudo chown -R $USER: ${SWIFT_CONF_DIR}
|
|
| 228 |
+ sudo chown -R ${STACK_USER}: ${SWIFT_CONF_DIR}
|
|
| 229 | 229 |
|
| 230 | 230 |
if [[ "$SWIFT_CONF_DIR" != "/etc/swift" ]]; then |
| 231 | 231 |
# Some swift tools are hard-coded to use ``/etc/swift`` and are apparently not going to be fixed. |
| ... | ... |
@@ -238,7 +238,7 @@ function configure_swift() {
|
| 238 | 238 |
# setup) we configure it with our version of rsync. |
| 239 | 239 |
sed -e " |
| 240 | 240 |
s/%GROUP%/${USER_GROUP}/;
|
| 241 |
- s/%USER%/$USER/; |
|
| 241 |
+ s/%USER%/${STACK_USER}/;
|
|
| 242 | 242 |
s,%SWIFT_DATA_DIR%,$SWIFT_DATA_DIR,; |
| 243 | 243 |
" $FILES/swift/rsyncd.conf | sudo tee /etc/rsyncd.conf |
| 244 | 244 |
# rsyncd.conf just prepared for 4 nodes |
| ... | ... |
@@ -252,7 +252,7 @@ function configure_swift() {
|
| 252 | 252 |
cp ${SWIFT_DIR}/etc/proxy-server.conf-sample ${SWIFT_CONFIG_PROXY_SERVER}
|
| 253 | 253 |
|
| 254 | 254 |
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user
|
| 255 |
- iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${USER}
|
|
| 255 |
+ iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT user ${STACK_USER}
|
|
| 256 | 256 |
|
| 257 | 257 |
iniuncomment ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir
|
| 258 | 258 |
iniset ${SWIFT_CONFIG_PROXY_SERVER} DEFAULT swift_dir ${SWIFT_CONF_DIR}
|
| ... | ... |
@@ -348,7 +348,7 @@ EOF |
| 348 | 348 |
node_path=${SWIFT_DATA_DIR}/${node_number}
|
| 349 | 349 |
|
| 350 | 350 |
iniuncomment ${swift_node_config} DEFAULT user
|
| 351 |
- iniset ${swift_node_config} DEFAULT user ${USER}
|
|
| 351 |
+ iniset ${swift_node_config} DEFAULT user ${STACK_USER}
|
|
| 352 | 352 |
|
| 353 | 353 |
iniuncomment ${swift_node_config} DEFAULT bind_port
|
| 354 | 354 |
iniset ${swift_node_config} DEFAULT bind_port ${bind_port}
|
| ... | ... |
@@ -419,7 +419,7 @@ EOF |
| 419 | 419 |
swift_log_dir=${SWIFT_DATA_DIR}/logs
|
| 420 | 420 |
rm -rf ${swift_log_dir}
|
| 421 | 421 |
mkdir -p ${swift_log_dir}/hourly
|
| 422 |
- sudo chown -R $USER:adm ${swift_log_dir}
|
|
| 422 |
+ sudo chown -R ${STACK_USER}:adm ${swift_log_dir}
|
|
| 423 | 423 |
sed "s,%SWIFT_LOGDIR%,${swift_log_dir}," $FILES/swift/rsyslog.conf | sudo \
|
| 424 | 424 |
tee /etc/rsyslog.d/10-swift.conf |
| 425 | 425 |
if is_apache_enabled_service swift; then |
| ... | ... |
@@ -434,9 +434,9 @@ function create_swift_disk() {
|
| 434 | 434 |
# First do a bit of setup by creating the directories and |
| 435 | 435 |
# changing the permissions so we can run it as our user. |
| 436 | 436 |
|
| 437 |
- USER_GROUP=$(id -g) |
|
| 437 |
+ USER_GROUP=$(id -g ${STACK_USER})
|
|
| 438 | 438 |
sudo mkdir -p ${SWIFT_DATA_DIR}/{drives,cache,run,logs}
|
| 439 |
- sudo chown -R $USER:${USER_GROUP} ${SWIFT_DATA_DIR}
|
|
| 439 |
+ sudo chown -R ${STACK_USER}:${USER_GROUP} ${SWIFT_DATA_DIR}
|
|
| 440 | 440 |
|
| 441 | 441 |
# Create a loopback disk and format it to XFS. |
| 442 | 442 |
if [[ -e ${SWIFT_DISK_IMAGE} ]]; then
|
| ... | ... |
@@ -448,7 +448,7 @@ function create_swift_disk() {
|
| 448 | 448 |
|
| 449 | 449 |
mkdir -p ${SWIFT_DATA_DIR}/drives/images
|
| 450 | 450 |
sudo touch ${SWIFT_DISK_IMAGE}
|
| 451 |
- sudo chown $USER: ${SWIFT_DISK_IMAGE}
|
|
| 451 |
+ sudo chown ${STACK_USER}: ${SWIFT_DISK_IMAGE}
|
|
| 452 | 452 |
|
| 453 | 453 |
truncate -s ${SWIFT_LOOPBACK_DISK_SIZE} ${SWIFT_DISK_IMAGE}
|
| 454 | 454 |
|
| ... | ... |
@@ -471,9 +471,9 @@ function create_swift_disk() {
|
| 471 | 471 |
node_device=${node}/sdb1
|
| 472 | 472 |
[[ -d $node ]] && continue |
| 473 | 473 |
[[ -d $drive ]] && continue |
| 474 |
- sudo install -o ${USER} -g $USER_GROUP -d $drive
|
|
| 475 |
- sudo install -o ${USER} -g $USER_GROUP -d $node_device
|
|
| 476 |
- sudo chown -R $USER: ${node}
|
|
| 474 |
+ sudo install -o ${STACK_USER} -g $USER_GROUP -d $drive
|
|
| 475 |
+ sudo install -o ${STACK_USER} -g $USER_GROUP -d $node_device
|
|
| 476 |
+ sudo chown -R ${STACK_USER}: ${node}
|
|
| 477 | 477 |
done |
| 478 | 478 |
} |
| 479 | 479 |
# create_swift_accounts() - Set up standard swift accounts and extra |