Fix "sudo: sorry, you must have a tty to run sudo"

On many systems the requiretty sudoers option is turned on by default.
With "requiretty" option the sudo ensures the user have real tty access.

Just several "su" variant has an option for skipping the new session creation step.

Only one session can posses a tty, so after a "su -c" the sudo will not
work.

We will use sudo instead of su, when we create the stack account.

This change adds new variable the STACK_USER for
 service username.

Change-Id: I1b3fbd903686884e74a5a22d82c0c0890e1be03c

lib/baremetal

@@ -200,14 +200,14 @@ function configure_baremetal_nova_dirs() {
     sudo mkdir -p /tftpboot
     sudo mkdir -p /tftpboot/pxelinux.cfg
     sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
-    sudo chown -R `whoami`:libvirtd /tftpboot
+    sudo chown -R $STACK_USER:libvirtd /tftpboot
 
     # ensure $NOVA_STATE_PATH/baremetal is prepared
     sudo mkdir -p $NOVA_STATE_PATH/baremetal
     sudo mkdir -p $NOVA_STATE_PATH/baremetal/console
     sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq
     sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host
-    sudo chown -R `whoami` $NOVA_STATE_PATH/baremetal
+    sudo chown -R $STACK_USER $NOVA_STATE_PATH/baremetal
 
     # ensure dnsmasq is installed but not running
     # because baremetal driver will reconfigure and restart this as needed

lib/ceilometer

@@ -9,6 +9,7 @@
 # - OS_AUTH_URL for auth in api
 # - DEST set to the destination directory
 # - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
+# - STACK_USER service user
 
 # stack.sh
 # ---------
@@ -94,7 +95,7 @@ function configure_ceilometer() {
 function init_ceilometer() {
     # Create cache dir
     sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR
-    sudo chown `whoami` $CEILOMETER_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $CEILOMETER_AUTH_CACHE_DIR
     rm -f $CEILOMETER_AUTH_CACHE_DIR/*
 }
 

lib/cinder

@@ -3,7 +3,7 @@
 
 # Dependencies:
 # - functions
-# - DEST, DATA_DIR must be defined
+# - DEST, DATA_DIR, STACK_USER must be defined
 # SERVICE_{TENANT_NAME|PASSWORD} must be defined
 # ``KEYSTONE_TOKEN_FORMAT`` must be defined
 
@@ -110,7 +110,7 @@ function configure_cinder() {
     if [[ ! -d $CINDER_CONF_DIR ]]; then
         sudo mkdir -p $CINDER_CONF_DIR
     fi
-    sudo chown `whoami` $CINDER_CONF_DIR
+    sudo chown $STACK_USER $CINDER_CONF_DIR
 
     cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR
 
@@ -295,7 +295,7 @@ function init_cinder() {
 
     # Create cache dir
     sudo mkdir -p $CINDER_AUTH_CACHE_DIR
-    sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $CINDER_AUTH_CACHE_DIR
     rm -f $CINDER_AUTH_CACHE_DIR/*
 }
 

lib/glance

@@ -3,7 +3,7 @@
 
 # Dependencies:
 # ``functions`` file
-# ``DEST``, ``DATA_DIR`` must be defined
+# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
 # ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
 # ``SERVICE_HOST``
 # ``KEYSTONE_TOKEN_FORMAT`` must be defined
@@ -75,7 +75,7 @@ function configure_glance() {
     if [[ ! -d $GLANCE_CONF_DIR ]]; then
         sudo mkdir -p $GLANCE_CONF_DIR
     fi
-    sudo chown `whoami` $GLANCE_CONF_DIR
+    sudo chown $STACK_USER $GLANCE_CONF_DIR
 
     # Copy over our glance configurations and update them
     cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
@@ -158,10 +158,10 @@ function init_glance() {
 
     # Create cache dir
     sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
-    sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
+    sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/api
     rm -f $GLANCE_AUTH_CACHE_DIR/api/*
     sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
-    sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
+    sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/registry
     rm -f $GLANCE_AUTH_CACHE_DIR/registry/*
 }
 

lib/heat

@@ -49,7 +49,7 @@ function configure_heat() {
     if [[ ! -d $HEAT_CONF_DIR ]]; then
         sudo mkdir -p $HEAT_CONF_DIR
     fi
-    sudo chown `whoami` $HEAT_CONF_DIR
+    sudo chown $STACK_USER $HEAT_CONF_DIR
 
     HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$SERVICE_HOST}
     HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}

lib/keystone

@@ -7,6 +7,7 @@
 # ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
 # ``SERVICE_TOKEN``
 # ``S3_SERVICE_PORT`` (template backend only)
+# ``STACK_USER``
 
 # ``stack.sh`` calls the entry points in this order:
 #
@@ -79,7 +80,7 @@ function configure_keystone() {
     if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
         sudo mkdir -p $KEYSTONE_CONF_DIR
     fi
-    sudo chown `whoami` $KEYSTONE_CONF_DIR
+    sudo chown $STACK_USER $KEYSTONE_CONF_DIR
 
     if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
         cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
@@ -261,7 +262,7 @@ function init_keystone() {
 
         # Create cache dir
         sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
-        sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR
+        sudo chown $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
         rm -f $KEYSTONE_AUTH_CACHE_DIR/*
     fi
 }

lib/nova

@@ -3,7 +3,7 @@
 
 # Dependencies:
 # ``functions`` file
-# ``DEST``, ``DATA_DIR`` must be defined
+# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
 # ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
 # ``LIBVIRT_TYPE`` must be defined
 # ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
@@ -149,7 +149,7 @@ function configure_nova() {
     if [[ ! -d $NOVA_CONF_DIR ]]; then
         sudo mkdir -p $NOVA_CONF_DIR
     fi
-    sudo chown `whoami` $NOVA_CONF_DIR
+    sudo chown $STACK_USER $NOVA_CONF_DIR
 
     cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
 
@@ -277,7 +277,7 @@ EOF"
         if ! getent group libvirtd >/dev/null; then
             sudo groupadd libvirtd
         fi
-        add_user_to_group `whoami` libvirtd
+        add_user_to_group $STACK_USER libvirtd
 
         # libvirt detects various settings on startup, as we potentially changed
         # the system configuration (modules, filesystems), we need to restart
@@ -297,7 +297,7 @@ EOF"
         if [ -L /dev/disk/by-label/nova-instances ]; then
             if ! mount -n | grep -q $NOVA_INSTANCES_PATH; then
                 sudo mount -L nova-instances $NOVA_INSTANCES_PATH
-                sudo chown -R `whoami` $NOVA_INSTANCES_PATH
+                sudo chown -R $STACK_USER $NOVA_INSTANCES_PATH
             fi
         fi
 
@@ -474,13 +474,13 @@ function init_nova() {
 
     # Create cache dir
     sudo mkdir -p $NOVA_AUTH_CACHE_DIR
-    sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $NOVA_AUTH_CACHE_DIR
     rm -f $NOVA_AUTH_CACHE_DIR/*
 
     # Create the keys folder
     sudo mkdir -p ${NOVA_STATE_PATH}/keys
     # make sure we own NOVA_STATE_PATH and all subdirs
-    sudo chown -R `whoami` ${NOVA_STATE_PATH}
+    sudo chown -R $STACK_USER ${NOVA_STATE_PATH}
 }
 
 # install_novaclient() - Collect source and prepare

lib/quantum

@@ -388,7 +388,7 @@ function _configure_quantum_common() {
     if [[ ! -d $QUANTUM_CONF_DIR ]]; then
         sudo mkdir -p $QUANTUM_CONF_DIR
     fi
-    sudo chown `whoami` $QUANTUM_CONF_DIR
+    sudo chown $STACK_USER $QUANTUM_CONF_DIR
 
     cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF
 
@@ -730,7 +730,7 @@ function _quantum_setup_keystone() {
     iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
     # Create cache dir
     sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
-    sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $QUANTUM_AUTH_CACHE_DIR
     rm -f $QUANTUM_AUTH_CACHE_DIR/*
 }
 

lib/ryu

@@ -27,7 +27,7 @@ function init_ryu() {
     if [[ ! -d $RYU_CONF_DIR ]]; then
         sudo mkdir -p $RYU_CONF_DIR
     fi
-    sudo chown `whoami` $RYU_CONF_DIR
+    sudo chown $STACK_USER $RYU_CONF_DIR
     RYU_CONF=$RYU_CONF_DIR/ryu.conf
     sudo rm -rf $RYU_CONF
 

lib/swift

@@ -4,6 +4,7 @@
 # Dependencies:
 # ``functions`` file
 # ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined
+# ``STACK_USER`` must be defined
 # ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined
 # ``lib/keystone`` file
 # ``stack.sh`` calls the entry points in this order:
@@ -333,7 +334,7 @@ function init_swift() {
 
     # Create cache dir
     sudo mkdir -p $SWIFT_AUTH_CACHE_DIR
-    sudo chown `whoami` $SWIFT_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $SWIFT_AUTH_CACHE_DIR
     rm -f $SWIFT_AUTH_CACHE_DIR/*
 }
 

stack.sh

@@ -177,40 +177,43 @@ VERBOSE=$(trueorfalse True $VERBOSE)
 # sudo privileges and runs as that user.
 
 if [[ $EUID -eq 0 ]]; then
+    STACK_USER=$DEFAULT_STACK_USER
     ROOTSLEEP=${ROOTSLEEP:-10}
     echo "You are running this script as root."
-    echo "In $ROOTSLEEP seconds, we will create a user 'stack' and run as that user"
+    echo "In $ROOTSLEEP seconds, we will create a user '$STACK_USER' and run as that user"
     sleep $ROOTSLEEP
 
     # Give the non-root user the ability to run as **root** via ``sudo``
     is_package_installed sudo || install_package sudo
-    if ! getent group stack >/dev/null; then
-        echo "Creating a group called stack"
-        groupadd stack
+    if ! getent group $STACK_USER >/dev/null; then
+        echo "Creating a group called $STACK_USER"
+        groupadd $STACK_USER
     fi
-    if ! getent passwd stack >/dev/null; then
-        echo "Creating a user called stack"
-        useradd -g stack -s /bin/bash -d $DEST -m stack
+    if ! getent passwd $STACK_USER >/dev/null; then
+        echo "Creating a user called $STACK_USER"
+        useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
     fi
 
     echo "Giving stack user passwordless sudo privileges"
     # UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
     grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
         echo "#includedir /etc/sudoers.d" >> /etc/sudoers
-    ( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \
+    ( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
         > /etc/sudoers.d/50_stack_sh )
 
-    echo "Copying files to stack user"
+    echo "Copying files to $STACK_USER user"
     STACK_DIR="$DEST/${TOP_DIR##*/}"
     cp -r -f -T "$TOP_DIR" "$STACK_DIR"
-    chown -R stack "$STACK_DIR"
+    chown -R $STACK_USER "$STACK_DIR"
+    cd "$STACK_DIR"
     if [[ "$SHELL_AFTER_RUN" != "no" ]]; then
-        exec su -c "set -e; cd $STACK_DIR; bash stack.sh; bash" stack
+        exec sudo -u $STACK_USER  bash -l -c "set -e; bash stack.sh; bash"
     else
-        exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack
+        exec sudo -u $STACK_USER bash -l -c "set -e; source stack.sh"
     fi
     exit 1
 else
+    STACK_USER=`whoami`
     # We're not **root**, make sure ``sudo`` is available
     is_package_installed sudo || die "Sudo is required.  Re-run stack.sh as root ONE TIME ONLY to set up sudo."
 
@@ -220,10 +223,10 @@ else
 
     # Set up devstack sudoers
     TEMPFILE=`mktemp`
-    echo "`whoami` ALL=(root) NOPASSWD:ALL" >$TEMPFILE
+    echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
     # Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
     # see them by forcing PATH
-    echo "Defaults:`whoami` secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
+    echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
     chmod 0440 $TEMPFILE
     sudo chown root:root $TEMPFILE
     sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
@@ -235,7 +238,7 @@ fi
 # Create the destination directory and ensure it is writable by the user
 sudo mkdir -p $DEST
 if [ ! -w $DEST ]; then
-    sudo chown `whoami` $DEST
+    sudo chown $STACK_USER $DEST
 fi
 
 # Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
@@ -251,7 +254,7 @@ ERROR_ON_CLONE=`trueorfalse False $ERROR_ON_CLONE`
 # Destination path for service data
 DATA_DIR=${DATA_DIR:-${DEST}/data}
 sudo mkdir -p $DATA_DIR
-sudo chown `whoami` $DATA_DIR
+sudo chown $STACK_USER $DATA_DIR
 
 
 # Common Configuration

stackrc

@@ -12,6 +12,9 @@ DATA_DIR=${DEST}/data
 # Select the default database
 DATABASE_TYPE=mysql
 
+# Default stack user
+DEFAULT_STACK_USER=stack
+
 # Specify which services to launch.  These generally correspond to
 # screen tabs. To change the default list, use the ``enable_service`` and
 # ``disable_service`` functions in ``localrc``.

tools/build_ramdisk.sh

@@ -125,17 +125,17 @@ if [ ! -r $DEV_FILE ]; then
     # Create a stack user that is a member of the libvirtd group so that stack
     # is able to interact with libvirt.
     chroot $MNTDIR groupadd libvirtd
-    chroot $MNTDIR useradd stack -s /bin/bash -d $DEST -G libvirtd
+    chroot $MNTDIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd
     mkdir -p $MNTDIR/$DEST
-    chroot $MNTDIR chown stack $DEST
+    chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST
 
     # A simple password - pass
-    echo stack:pass | chroot $MNTDIR chpasswd
+    echo $DEFAULT_STACK_USER:pass | chroot $MNTDIR chpasswd
     echo root:$ROOT_PASSWORD | chroot $MNTDIR chpasswd
 
     # And has sudo ability (in the future this should be limited to only what
     # stack requires)
-    echo "stack ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers
+    echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers
 
     umount $MNTDIR
     rmdir $MNTDIR
@@ -187,7 +187,7 @@ git_clone $OPENSTACKX_REPO $DEST/openstackx $OPENSTACKX_BRANCH
 # Use this version of devstack
 rm -rf $MNTDIR/$DEST/devstack
 cp -pr $CWD $MNTDIR/$DEST/devstack
-chroot $MNTDIR chown -R stack $DEST/devstack
+chroot $MNTDIR chown -R $DEFAULT_STACK_USER $DEST/devstack
 
 # Configure host network for DHCP
 mkdir -p $MNTDIR/etc/network
@@ -225,7 +225,7 @@ EOF
 
 # Make the run.sh executable
 chmod 755 $RUN_SH
-chroot $MNTDIR chown stack $DEST/run.sh
+chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST/run.sh
 
 umount $MNTDIR
 rmdir $MNTDIR

tools/build_uec.sh

@@ -207,11 +207,11 @@ ROOTSLEEP=0
 `cat $TOP_DIR/localrc`
 LOCAL_EOF
 fi
-useradd -U -G sudo -s /bin/bash -d /opt/stack -m stack
-echo stack:pass | chpasswd
+useradd -U -G sudo -s /bin/bash -d /opt/stack -m $DEFAULT_STACK_USER
+echo $DEFAULT_STACK_USER:pass | chpasswd
 mkdir -p /opt/stack/.ssh
 echo "$PUB_KEY" > /opt/stack/.ssh/authorized_keys
-chown -R stack /opt/stack
+chown -R $DEFAULT_STACK_USER /opt/stack
 chmod 700 /opt/stack/.ssh
 chmod 600 /opt/stack/.ssh/authorized_keys
 
@@ -224,7 +224,7 @@ fi
 
 # Run stack.sh
 cat >> $vm_dir/uec/user-data<<EOF
-su -c "cd /opt/stack/devstack && ./stack.sh" stack
+sudo -u $DEFAULT_STACK_USER bash -l -c "cd /opt/stack/devstack && ./stack.sh"
 EOF
 
 # (re)start a metadata service

tools/copy_dev_environment_to_uec.sh

@@ -18,6 +18,9 @@ TOP_DIR=$(cd $TOOLS_DIR/..; pwd)
 # Change dir to top of devstack
 cd $TOP_DIR
 
+# Source params
+source ./stackrc
+
 # Echo usage
 usage() {
     echo "Add stack user and keys"
@@ -43,13 +46,13 @@ mkdir -p $STAGING_DIR/$DEST
 # Create a stack user that is a member of the libvirtd group so that stack
 # is able to interact with libvirt.
 chroot $STAGING_DIR groupadd libvirtd || true
-chroot $STAGING_DIR useradd stack -s /bin/bash -d $DEST -G libvirtd || true
+chroot $STAGING_DIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd || true
 
 # Add a simple password - pass
-echo stack:pass | chroot $STAGING_DIR chpasswd
+echo $DEFAULT_STACK_USER:pass | chroot $STAGING_DIR chpasswd
 
 # Configure sudo
-( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \
+( umask 226 && echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD:ALL" \
     > $STAGING_DIR/etc/sudoers.d/50_stack_sh )
 
 # Copy over your ssh keys and env if desired
@@ -64,7 +67,7 @@ rm -rf $STAGING_DIR/$DEST/devstack
 cp_it . $STAGING_DIR/$DEST/devstack
 
 # Give stack ownership over $DEST so it may do the work needed
-chroot $STAGING_DIR chown -R stack $DEST
+chroot $STAGING_DIR chown -R $DEFAULT_STACK_USER $DEST
 
 # Unmount
 umount $STAGING_DIR

tools/xen/build_xva.sh

@@ -65,8 +65,8 @@ cd $TOP_DIR
 cat <<EOF >$STAGING_DIR/etc/rc.local
 # network restart required for getting the right gateway
 /etc/init.d/networking restart
-chown -R stack /opt/stack
-su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" stack
+chown -R $DEFAULT_STACK_USER /opt/stack
+su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" $DEFAULT_STACK_USER
 exit 0
 EOF
 

tools/xen/prepare_guest.sh

@@ -19,6 +19,7 @@ GUEST_PASSWORD=${GUEST_PASSWORD:-secrete}
 STAGING_DIR=${STAGING_DIR:-stage}
 DO_TGZ=${DO_TGZ:-1}
 XS_TOOLS_PATH=${XS_TOOLS_PATH:-"/root/xs-tools.deb"}
+STACK_USER=${STACK_USER:-stack}
 
 # Install basics
 chroot $STAGING_DIR apt-get update
@@ -46,12 +47,12 @@ rm -f $STAGING_DIR/etc/localtime
 
 # Add stack user
 chroot $STAGING_DIR groupadd libvirtd
-chroot $STAGING_DIR useradd stack -s /bin/bash -d /opt/stack -G libvirtd
-echo stack:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd
-echo "stack ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers
+chroot $STAGING_DIR useradd $STACK_USER -s /bin/bash -d /opt/stack -G libvirtd
+echo $STACK_USER:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd
+echo "$STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers
 
 # Give ownership of /opt/stack to stack user
-chroot $STAGING_DIR chown -R stack /opt/stack
+chroot $STAGING_DIR chown -R $STACK_USER /opt/stack
 
 # Make our ip address hostnames look nice at the command prompt
 echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $STAGING_DIR/opt/stack/.bashrc