devstack/tools/create-stack-user.sh

55 lines
1.7 KiB
Bash
Raw Normal View History

#!/usr/bin/env bash
# **create-stack-user.sh**
# Create a user account suitable for running DevStack
# - create a group named $STACK_USER if it does not exist
# - create a user named $STACK_USER if it does not exist
#
# - home is $DEST
#
# - configure sudo for $STACK_USER
# ``stack.sh`` was never intended to run as root. It had a hack to do what is
# now in this script and re-launch itself, but that hack was less than perfect
# and it was time for this nonsense to stop. Run this script as root to create
# the user and configure sudo.
set -o errexit
# Keep track of the DevStack directory
TOP_DIR=$(cd $(dirname "$0")/.. && pwd)
# Import common functions
source $TOP_DIR/functions
# Determine what system we are running on. This provides ``os_VENDOR``,
Only use lsb_release for distro tags The existing GetOSVersion has a lot of unused code which is wrong in several ways - the only path tested in upstream CI is with lsb_release, because it's pre-installed on all nodes - the /etc/redhat-release checking probably still works, but is unnecessary - If using lsb_release, os_UPDATE has never actually been set. - the /etc/SuSE-release branch checking is broken if the lsb package is actually installed. lsb checking does not set os_UPDATE but yet the SuSE DISTRO setting relies on this to set a patch level (and so does some of the rpm tags). SuSE 11 is up to update 3, but the rpm matching is stuck hard-coded to update 2. I'm guessing installation is actually broken there. - the debian checking branch is broken. The VERSION tags have been removed and were not supposed to be relied on anyway (see notes in [1]) This simplifies things: - remove OSX checking (moved here after discussions in I31d0fdd30928ecc8d959a95838b1d3affd28ac6f) - only use the output of lsb_release. - A small best-effort check to pre-install lsb packages if not detected (that avoids chicken-egg-problem of package-install wrappers relying on os_* flags). - The unset os_UPDATE is removed. It's only previous use was for setting separate suse versions in the DISTRO element for matching during package installs (since removed) - DISTRO setting is modified to use the parts of os_RELEASE it wants. Per-above, this is the correct place to parse out specifics. - Call out the is_* functions, which are a better way to detect platforms - Export the variables as read-only, since they shouldn't be reset [1] http://sources.debian.net/src/base-files/7.5/debian/changelog/ Change-Id: I46a2c36d95327087085df07cb797eb91249a893c
2014-08-27 16:15:32 +10:00
# ``os_RELEASE``, ``os_PACKAGE``, ``os_CODENAME``
# and ``DISTRO``
GetDistro
# Needed to get ``ENABLED_SERVICES`` and ``STACK_USER``
source $TOP_DIR/stackrc
# Give the non-root user the ability to run as **root** via ``sudo``
is_package_installed sudo || install_package sudo
[[ -z "$STACK_USER" ]] && die "STACK_USER is not set. Exiting."
if ! getent group $STACK_USER >/dev/null; then
echo "Creating a group called $STACK_USER"
groupadd $STACK_USER
fi
if ! getent passwd $STACK_USER >/dev/null; then
echo "Creating a user called $STACK_USER"
useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
fi
echo "Giving stack user passwordless sudo privileges"
# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
echo "#includedir /etc/sudoers.d" >> /etc/sudoers
( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
> /etc/sudoers.d/50_stack_sh )