[MediaWiki-commits] [Gerrit] operations/puppet[production]: openstack: nova/compute/server.pp manage nova shell

Thu, 14 Dec 2017 11:02:55 -0800 

Rush has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/398312 )

Change subject: openstack: nova/compute/server.pp manage nova shell
......................................................................

openstack: nova/compute/server.pp manage nova shell

nova-common installs the nova user and several places
throughout the code set sane nova ownership permissions
so using a native User resources becomes complicated
without moving it higher up in the process and having
logic to pick a shell for the user post nova-common.
Instead set the shell using usermod in the only place
we want it it not to be /bin/false.

Change-Id: I319dfb77a5b82bad4c93ba2b10c40b3e91fe79f6
---
M modules/openstack/manifests/nova/compute/service.pp
1 file changed, 18 insertions(+), 1 deletion(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/12/398312/1

diff --git a/modules/openstack/manifests/nova/compute/service.pp 
b/modules/openstack/manifests/nova/compute/service.pp
index 9829b07..89ca132 100644
--- a/modules/openstack/manifests/nova/compute/service.pp
+++ b/modules/openstack/manifests/nova/compute/service.pp
@@ -44,6 +44,23 @@
         require => Package['qemu-system'],
     }
 
+    # use exec to set the shell to not shadow the manage
+    # the user for the package which causes Puppet
+    # to see the user as a dependency anywhere the
+    # nova user is used to ensure good permission
+    exec {'set_shell_for_nova':
+        command     => '/usr/sbin/usermod -c "shell set for online operations" 
-s /bin/bash nova',
+        unless      => '/bin/grep "nova:" /etc/passwd | /bin/grep 
":\/bin\/bash"',
+        logoutput   => true,
+        require     => Package['nova-compute'],
+    }
+
+    ssh::userkey { 'nova':
+        content => secret('ssh/nova/nova.pub'),
+        require => Exec['set_shell_for_nova'],
+    }
+
+
     # nova-compute adds the user with /bin/false
     # but resize, live migration, etc
     # need the nova use to have a real shell, as it uses ssh.
@@ -112,7 +129,7 @@
         owner   => 'nova',
         group   => 'nova',
         mode    => '0700',
-        require => User['nova'],
+        require   => Package['nova-compute'],
     }
 
     file { '/var/lib/nova/.ssh/id_rsa':

-- 
To view, visit https://gerrit.wikimedia.org/r/398312
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I319dfb77a5b82bad4c93ba2b10c40b3e91fe79f6
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Rush <r...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to