use newgrp to launch nova-compute in a new context

stack.sh

@@ -389,9 +389,9 @@ fi
 # so send the start command by forcing text into the window.
 # Only run the services specified in ``ENABLED_SERVICES``
 
-NL=`echo -ne '\015'`
+# our screen helper to launch a service in a hidden named screen
-
 function screen_it {
+    NL=`echo -ne '\015'`
     if [[ "$ENABLED_SERVICES" =~ "$1" ]]; then
         screen -S nova -X screen -t $1
         screen -S nova -p $1 -X stuff "$2$NL"
@@ -402,10 +402,13 @@ screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.con
 screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf"
 screen_it key "$KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF"
 screen_it n-api "$NOVA_DIR/bin/nova-api"
-# launch nova-compute with a new bash, since user won't be a member of libvirtd 
+# Launching nova-compute should be as simple as running ``nova-compute`` but 
-# group in the current shell context (due to how linux works).  
+# have to do a little more than that in our script.  Since we add the group 
-# TODO: newgrp might work instead...
+# ``libvirtd`` to our user in this script, when nova-compute is run it is
-screen_it n-cpu "bash -c $NOVA_DIR/bin/nova-compute"
+# within the context of our original shell (so our groups won't be updated). 
+# We can send the command nova-compute to the ``newgrp`` command to execute
+# in a specific context.
+screen_it n-cpu "echo $NOVA_DIR/bin/nova-compute | newgrp libvirtd"
 screen_it n-net "$NOVA_DIR/bin/nova-network"
 screen_it n-sch "$NOVA_DIR/bin/nova-scheduler"
 # nova-vncproxy binds a privileged port, and so needs sudo