From 91b8d13edad4d21bfd5b67219347f934728ee462 Mon Sep 17 00:00:00 2001
From: Attila Fazekas <afazekas@redhat.com>
Date: Sun, 6 Jan 2013 22:40:09 +0100
Subject: [PATCH] Fix "sudo: sorry, you must have a tty to run sudo"

On many systems the requiretty sudoers option is turned on by default.
With "requiretty" option the sudo ensures the user have real tty access.

Just several "su" variant has an option for skipping the new session creation step.

Only one session can posses a tty, so after a "su -c" the sudo will not
work.

We will use sudo instead of su, when we create the stack account.

This change adds new variable the STACK_USER for
 service username.

Change-Id: I1b3fbd903686884e74a5a22d82c0c0890e1be03c
---
 lib/baremetal                        |  4 ++--
 lib/ceilometer                       |  3 ++-
 lib/cinder                           |  6 ++---
 lib/glance                           |  8 +++----
 lib/heat                             |  2 +-
 lib/keystone                         |  5 ++--
 lib/nova                             | 12 +++++-----
 lib/quantum                          |  4 ++--
 lib/ryu                              |  2 +-
 lib/swift                            |  3 ++-
 stack.sh                             | 35 +++++++++++++++-------------
 stackrc                              |  3 +++
 tools/build_ramdisk.sh               | 12 +++++-----
 tools/build_uec.sh                   |  8 +++----
 tools/copy_dev_environment_to_uec.sh | 11 +++++----
 tools/xen/build_xva.sh               |  4 ++--
 tools/xen/prepare_guest.sh           |  9 +++----
 17 files changed, 72 insertions(+), 59 deletions(-)

diff --git a/lib/baremetal b/lib/baremetal
index 112fd6d9ba..3cc24291c5 100644
--- a/lib/baremetal
+++ b/lib/baremetal
@@ -200,14 +200,14 @@ function configure_baremetal_nova_dirs() {
     sudo mkdir -p /tftpboot
     sudo mkdir -p /tftpboot/pxelinux.cfg
     sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
-    sudo chown -R `whoami`:libvirtd /tftpboot
+    sudo chown -R $STACK_USER:libvirtd /tftpboot
 
     # ensure $NOVA_STATE_PATH/baremetal is prepared
     sudo mkdir -p $NOVA_STATE_PATH/baremetal
     sudo mkdir -p $NOVA_STATE_PATH/baremetal/console
     sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq
     sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host
-    sudo chown -R `whoami` $NOVA_STATE_PATH/baremetal
+    sudo chown -R $STACK_USER $NOVA_STATE_PATH/baremetal
 
     # ensure dnsmasq is installed but not running
     # because baremetal driver will reconfigure and restart this as needed
diff --git a/lib/ceilometer b/lib/ceilometer
index 749e785c66..0fae397355 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -9,6 +9,7 @@
 # - OS_AUTH_URL for auth in api
 # - DEST set to the destination directory
 # - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
+# - STACK_USER service user
 
 # stack.sh
 # ---------
@@ -94,7 +95,7 @@ function configure_ceilometer() {
 function init_ceilometer() {
     # Create cache dir
     sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR
-    sudo chown `whoami` $CEILOMETER_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $CEILOMETER_AUTH_CACHE_DIR
     rm -f $CEILOMETER_AUTH_CACHE_DIR/*
 }
 
diff --git a/lib/cinder b/lib/cinder
index 4aaea5d071..cbeb1d7a5e 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -3,7 +3,7 @@
 
 # Dependencies:
 # - functions
-# - DEST, DATA_DIR must be defined
+# - DEST, DATA_DIR, STACK_USER must be defined
 # SERVICE_{TENANT_NAME|PASSWORD} must be defined
 # ``KEYSTONE_TOKEN_FORMAT`` must be defined
 
@@ -110,7 +110,7 @@ function configure_cinder() {
     if [[ ! -d $CINDER_CONF_DIR ]]; then
         sudo mkdir -p $CINDER_CONF_DIR
     fi
-    sudo chown `whoami` $CINDER_CONF_DIR
+    sudo chown $STACK_USER $CINDER_CONF_DIR
 
     cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR
 
@@ -295,7 +295,7 @@ function init_cinder() {
 
     # Create cache dir
     sudo mkdir -p $CINDER_AUTH_CACHE_DIR
-    sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $CINDER_AUTH_CACHE_DIR
     rm -f $CINDER_AUTH_CACHE_DIR/*
 }
 
diff --git a/lib/glance b/lib/glance
index dff247a537..1c56a67553 100644
--- a/lib/glance
+++ b/lib/glance
@@ -3,7 +3,7 @@
 
 # Dependencies:
 # ``functions`` file
-# ``DEST``, ``DATA_DIR`` must be defined
+# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
 # ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
 # ``SERVICE_HOST``
 # ``KEYSTONE_TOKEN_FORMAT`` must be defined
@@ -75,7 +75,7 @@ function configure_glance() {
     if [[ ! -d $GLANCE_CONF_DIR ]]; then
         sudo mkdir -p $GLANCE_CONF_DIR
     fi
-    sudo chown `whoami` $GLANCE_CONF_DIR
+    sudo chown $STACK_USER $GLANCE_CONF_DIR
 
     # Copy over our glance configurations and update them
     cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
@@ -158,10 +158,10 @@ function init_glance() {
 
     # Create cache dir
     sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
-    sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
+    sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/api
     rm -f $GLANCE_AUTH_CACHE_DIR/api/*
     sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
-    sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
+    sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/registry
     rm -f $GLANCE_AUTH_CACHE_DIR/registry/*
 }
 
diff --git a/lib/heat b/lib/heat
index a6f72862c0..89bd44f0bf 100644
--- a/lib/heat
+++ b/lib/heat
@@ -49,7 +49,7 @@ function configure_heat() {
     if [[ ! -d $HEAT_CONF_DIR ]]; then
         sudo mkdir -p $HEAT_CONF_DIR
     fi
-    sudo chown `whoami` $HEAT_CONF_DIR
+    sudo chown $STACK_USER $HEAT_CONF_DIR
 
     HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$SERVICE_HOST}
     HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}
diff --git a/lib/keystone b/lib/keystone
index 34f3372392..7a70cc41c8 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -7,6 +7,7 @@
 # ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
 # ``SERVICE_TOKEN``
 # ``S3_SERVICE_PORT`` (template backend only)
+# ``STACK_USER``
 
 # ``stack.sh`` calls the entry points in this order:
 #
@@ -79,7 +80,7 @@ function configure_keystone() {
     if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
         sudo mkdir -p $KEYSTONE_CONF_DIR
     fi
-    sudo chown `whoami` $KEYSTONE_CONF_DIR
+    sudo chown $STACK_USER $KEYSTONE_CONF_DIR
 
     if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
         cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
@@ -261,7 +262,7 @@ function init_keystone() {
 
         # Create cache dir
         sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
-        sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR
+        sudo chown $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
         rm -f $KEYSTONE_AUTH_CACHE_DIR/*
     fi
 }
diff --git a/lib/nova b/lib/nova
index 781cc0972f..9803acbfe6 100644
--- a/lib/nova
+++ b/lib/nova
@@ -3,7 +3,7 @@
 
 # Dependencies:
 # ``functions`` file
-# ``DEST``, ``DATA_DIR`` must be defined
+# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
 # ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
 # ``LIBVIRT_TYPE`` must be defined
 # ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
@@ -149,7 +149,7 @@ function configure_nova() {
     if [[ ! -d $NOVA_CONF_DIR ]]; then
         sudo mkdir -p $NOVA_CONF_DIR
     fi
-    sudo chown `whoami` $NOVA_CONF_DIR
+    sudo chown $STACK_USER $NOVA_CONF_DIR
 
     cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
 
@@ -277,7 +277,7 @@ EOF"
         if ! getent group libvirtd >/dev/null; then
             sudo groupadd libvirtd
         fi
-        add_user_to_group `whoami` libvirtd
+        add_user_to_group $STACK_USER libvirtd
 
         # libvirt detects various settings on startup, as we potentially changed
         # the system configuration (modules, filesystems), we need to restart
@@ -297,7 +297,7 @@ EOF"
         if [ -L /dev/disk/by-label/nova-instances ]; then
             if ! mount -n | grep -q $NOVA_INSTANCES_PATH; then
                 sudo mount -L nova-instances $NOVA_INSTANCES_PATH
-                sudo chown -R `whoami` $NOVA_INSTANCES_PATH
+                sudo chown -R $STACK_USER $NOVA_INSTANCES_PATH
             fi
         fi
 
@@ -474,13 +474,13 @@ function init_nova() {
 
     # Create cache dir
     sudo mkdir -p $NOVA_AUTH_CACHE_DIR
-    sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $NOVA_AUTH_CACHE_DIR
     rm -f $NOVA_AUTH_CACHE_DIR/*
 
     # Create the keys folder
     sudo mkdir -p ${NOVA_STATE_PATH}/keys
     # make sure we own NOVA_STATE_PATH and all subdirs
-    sudo chown -R `whoami` ${NOVA_STATE_PATH}
+    sudo chown -R $STACK_USER ${NOVA_STATE_PATH}
 }
 
 # install_novaclient() - Collect source and prepare
diff --git a/lib/quantum b/lib/quantum
index f74eead689..f081d9b6b4 100644
--- a/lib/quantum
+++ b/lib/quantum
@@ -388,7 +388,7 @@ function _configure_quantum_common() {
     if [[ ! -d $QUANTUM_CONF_DIR ]]; then
         sudo mkdir -p $QUANTUM_CONF_DIR
     fi
-    sudo chown `whoami` $QUANTUM_CONF_DIR
+    sudo chown $STACK_USER $QUANTUM_CONF_DIR
 
     cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF
 
@@ -730,7 +730,7 @@ function _quantum_setup_keystone() {
     iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
     # Create cache dir
     sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
-    sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $QUANTUM_AUTH_CACHE_DIR
     rm -f $QUANTUM_AUTH_CACHE_DIR/*
 }
 
diff --git a/lib/ryu b/lib/ryu
index ac3462bbd0..1292313ed8 100644
--- a/lib/ryu
+++ b/lib/ryu
@@ -27,7 +27,7 @@ function init_ryu() {
     if [[ ! -d $RYU_CONF_DIR ]]; then
         sudo mkdir -p $RYU_CONF_DIR
     fi
-    sudo chown `whoami` $RYU_CONF_DIR
+    sudo chown $STACK_USER $RYU_CONF_DIR
     RYU_CONF=$RYU_CONF_DIR/ryu.conf
     sudo rm -rf $RYU_CONF
 
diff --git a/lib/swift b/lib/swift
index b418eda863..46c6eb2059 100644
--- a/lib/swift
+++ b/lib/swift
@@ -4,6 +4,7 @@
 # Dependencies:
 # ``functions`` file
 # ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined
+# ``STACK_USER`` must be defined
 # ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined
 # ``lib/keystone`` file
 # ``stack.sh`` calls the entry points in this order:
@@ -333,7 +334,7 @@ function init_swift() {
 
     # Create cache dir
     sudo mkdir -p $SWIFT_AUTH_CACHE_DIR
-    sudo chown `whoami` $SWIFT_AUTH_CACHE_DIR
+    sudo chown $STACK_USER $SWIFT_AUTH_CACHE_DIR
     rm -f $SWIFT_AUTH_CACHE_DIR/*
 }
 
diff --git a/stack.sh b/stack.sh
index da6235313b..9b084bee67 100755
--- a/stack.sh
+++ b/stack.sh
@@ -177,40 +177,43 @@ VERBOSE=$(trueorfalse True $VERBOSE)
 # sudo privileges and runs as that user.
 
 if [[ $EUID -eq 0 ]]; then
+    STACK_USER=$DEFAULT_STACK_USER
     ROOTSLEEP=${ROOTSLEEP:-10}
     echo "You are running this script as root."
-    echo "In $ROOTSLEEP seconds, we will create a user 'stack' and run as that user"
+    echo "In $ROOTSLEEP seconds, we will create a user '$STACK_USER' and run as that user"
     sleep $ROOTSLEEP
 
     # Give the non-root user the ability to run as **root** via ``sudo``
     is_package_installed sudo || install_package sudo
-    if ! getent group stack >/dev/null; then
-        echo "Creating a group called stack"
-        groupadd stack
+    if ! getent group $STACK_USER >/dev/null; then
+        echo "Creating a group called $STACK_USER"
+        groupadd $STACK_USER
     fi
-    if ! getent passwd stack >/dev/null; then
-        echo "Creating a user called stack"
-        useradd -g stack -s /bin/bash -d $DEST -m stack
+    if ! getent passwd $STACK_USER >/dev/null; then
+        echo "Creating a user called $STACK_USER"
+        useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
     fi
 
     echo "Giving stack user passwordless sudo privileges"
     # UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
     grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
         echo "#includedir /etc/sudoers.d" >> /etc/sudoers
-    ( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \
+    ( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
         > /etc/sudoers.d/50_stack_sh )
 
-    echo "Copying files to stack user"
+    echo "Copying files to $STACK_USER user"
     STACK_DIR="$DEST/${TOP_DIR##*/}"
     cp -r -f -T "$TOP_DIR" "$STACK_DIR"
-    chown -R stack "$STACK_DIR"
+    chown -R $STACK_USER "$STACK_DIR"
+    cd "$STACK_DIR"
     if [[ "$SHELL_AFTER_RUN" != "no" ]]; then
-        exec su -c "set -e; cd $STACK_DIR; bash stack.sh; bash" stack
+        exec sudo -u $STACK_USER  bash -l -c "set -e; bash stack.sh; bash"
     else
-        exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack
+        exec sudo -u $STACK_USER bash -l -c "set -e; source stack.sh"
     fi
     exit 1
 else
+    STACK_USER=`whoami`
     # We're not **root**, make sure ``sudo`` is available
     is_package_installed sudo || die "Sudo is required.  Re-run stack.sh as root ONE TIME ONLY to set up sudo."
 
@@ -220,10 +223,10 @@ else
 
     # Set up devstack sudoers
     TEMPFILE=`mktemp`
-    echo "`whoami` ALL=(root) NOPASSWD:ALL" >$TEMPFILE
+    echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
     # Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
     # see them by forcing PATH
-    echo "Defaults:`whoami` secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
+    echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
     chmod 0440 $TEMPFILE
     sudo chown root:root $TEMPFILE
     sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
@@ -235,7 +238,7 @@ fi
 # Create the destination directory and ensure it is writable by the user
 sudo mkdir -p $DEST
 if [ ! -w $DEST ]; then
-    sudo chown `whoami` $DEST
+    sudo chown $STACK_USER $DEST
 fi
 
 # Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
@@ -251,7 +254,7 @@ ERROR_ON_CLONE=`trueorfalse False $ERROR_ON_CLONE`
 # Destination path for service data
 DATA_DIR=${DATA_DIR:-${DEST}/data}
 sudo mkdir -p $DATA_DIR
-sudo chown `whoami` $DATA_DIR
+sudo chown $STACK_USER $DATA_DIR
 
 
 # Common Configuration
diff --git a/stackrc b/stackrc
index 4e03a2f461..96f0ee581f 100644
--- a/stackrc
+++ b/stackrc
@@ -12,6 +12,9 @@ DATA_DIR=${DEST}/data
 # Select the default database
 DATABASE_TYPE=mysql
 
+# Default stack user
+DEFAULT_STACK_USER=stack
+
 # Specify which services to launch.  These generally correspond to
 # screen tabs. To change the default list, use the ``enable_service`` and
 # ``disable_service`` functions in ``localrc``.
diff --git a/tools/build_ramdisk.sh b/tools/build_ramdisk.sh
index 5ff05b08e0..cfcca51fb5 100755
--- a/tools/build_ramdisk.sh
+++ b/tools/build_ramdisk.sh
@@ -125,17 +125,17 @@ if [ ! -r $DEV_FILE ]; then
     # Create a stack user that is a member of the libvirtd group so that stack
     # is able to interact with libvirt.
     chroot $MNTDIR groupadd libvirtd
-    chroot $MNTDIR useradd stack -s /bin/bash -d $DEST -G libvirtd
+    chroot $MNTDIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd
     mkdir -p $MNTDIR/$DEST
-    chroot $MNTDIR chown stack $DEST
+    chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST
 
     # A simple password - pass
-    echo stack:pass | chroot $MNTDIR chpasswd
+    echo $DEFAULT_STACK_USER:pass | chroot $MNTDIR chpasswd
     echo root:$ROOT_PASSWORD | chroot $MNTDIR chpasswd
 
     # And has sudo ability (in the future this should be limited to only what
     # stack requires)
-    echo "stack ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers
+    echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers
 
     umount $MNTDIR
     rmdir $MNTDIR
@@ -187,7 +187,7 @@ git_clone $OPENSTACKX_REPO $DEST/openstackx $OPENSTACKX_BRANCH
 # Use this version of devstack
 rm -rf $MNTDIR/$DEST/devstack
 cp -pr $CWD $MNTDIR/$DEST/devstack
-chroot $MNTDIR chown -R stack $DEST/devstack
+chroot $MNTDIR chown -R $DEFAULT_STACK_USER $DEST/devstack
 
 # Configure host network for DHCP
 mkdir -p $MNTDIR/etc/network
@@ -225,7 +225,7 @@ EOF
 
 # Make the run.sh executable
 chmod 755 $RUN_SH
-chroot $MNTDIR chown stack $DEST/run.sh
+chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST/run.sh
 
 umount $MNTDIR
 rmdir $MNTDIR
diff --git a/tools/build_uec.sh b/tools/build_uec.sh
index 58c5425810..5748b39020 100755
--- a/tools/build_uec.sh
+++ b/tools/build_uec.sh
@@ -207,11 +207,11 @@ ROOTSLEEP=0
 `cat $TOP_DIR/localrc`
 LOCAL_EOF
 fi
-useradd -U -G sudo -s /bin/bash -d /opt/stack -m stack
-echo stack:pass | chpasswd
+useradd -U -G sudo -s /bin/bash -d /opt/stack -m $DEFAULT_STACK_USER
+echo $DEFAULT_STACK_USER:pass | chpasswd
 mkdir -p /opt/stack/.ssh
 echo "$PUB_KEY" > /opt/stack/.ssh/authorized_keys
-chown -R stack /opt/stack
+chown -R $DEFAULT_STACK_USER /opt/stack
 chmod 700 /opt/stack/.ssh
 chmod 600 /opt/stack/.ssh/authorized_keys
 
@@ -224,7 +224,7 @@ fi
 
 # Run stack.sh
 cat >> $vm_dir/uec/user-data<<EOF
-su -c "cd /opt/stack/devstack && ./stack.sh" stack
+sudo -u $DEFAULT_STACK_USER bash -l -c "cd /opt/stack/devstack && ./stack.sh"
 EOF
 
 # (re)start a metadata service
diff --git a/tools/copy_dev_environment_to_uec.sh b/tools/copy_dev_environment_to_uec.sh
index 683a0d6a55..add4ff6ca5 100755
--- a/tools/copy_dev_environment_to_uec.sh
+++ b/tools/copy_dev_environment_to_uec.sh
@@ -18,6 +18,9 @@ TOP_DIR=$(cd $TOOLS_DIR/..; pwd)
 # Change dir to top of devstack
 cd $TOP_DIR
 
+# Source params
+source ./stackrc
+
 # Echo usage
 usage() {
     echo "Add stack user and keys"
@@ -43,13 +46,13 @@ mkdir -p $STAGING_DIR/$DEST
 # Create a stack user that is a member of the libvirtd group so that stack
 # is able to interact with libvirt.
 chroot $STAGING_DIR groupadd libvirtd || true
-chroot $STAGING_DIR useradd stack -s /bin/bash -d $DEST -G libvirtd || true
+chroot $STAGING_DIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd || true
 
 # Add a simple password - pass
-echo stack:pass | chroot $STAGING_DIR chpasswd
+echo $DEFAULT_STACK_USER:pass | chroot $STAGING_DIR chpasswd
 
 # Configure sudo
-( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \
+( umask 226 && echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD:ALL" \
     > $STAGING_DIR/etc/sudoers.d/50_stack_sh )
 
 # Copy over your ssh keys and env if desired
@@ -64,7 +67,7 @@ rm -rf $STAGING_DIR/$DEST/devstack
 cp_it . $STAGING_DIR/$DEST/devstack
 
 # Give stack ownership over $DEST so it may do the work needed
-chroot $STAGING_DIR chown -R stack $DEST
+chroot $STAGING_DIR chown -R $DEFAULT_STACK_USER $DEST
 
 # Unmount
 umount $STAGING_DIR
diff --git a/tools/xen/build_xva.sh b/tools/xen/build_xva.sh
index c359c55806..f3f166fe69 100755
--- a/tools/xen/build_xva.sh
+++ b/tools/xen/build_xva.sh
@@ -65,8 +65,8 @@ cd $TOP_DIR
 cat <<EOF >$STAGING_DIR/etc/rc.local
 # network restart required for getting the right gateway
 /etc/init.d/networking restart
-chown -R stack /opt/stack
-su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" stack
+chown -R $DEFAULT_STACK_USER /opt/stack
+su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" $DEFAULT_STACK_USER
 exit 0
 EOF
 
diff --git a/tools/xen/prepare_guest.sh b/tools/xen/prepare_guest.sh
index 4aa4554f8f..fe52445424 100755
--- a/tools/xen/prepare_guest.sh
+++ b/tools/xen/prepare_guest.sh
@@ -19,6 +19,7 @@ GUEST_PASSWORD=${GUEST_PASSWORD:-secrete}
 STAGING_DIR=${STAGING_DIR:-stage}
 DO_TGZ=${DO_TGZ:-1}
 XS_TOOLS_PATH=${XS_TOOLS_PATH:-"/root/xs-tools.deb"}
+STACK_USER=${STACK_USER:-stack}
 
 # Install basics
 chroot $STAGING_DIR apt-get update
@@ -46,12 +47,12 @@ rm -f $STAGING_DIR/etc/localtime
 
 # Add stack user
 chroot $STAGING_DIR groupadd libvirtd
-chroot $STAGING_DIR useradd stack -s /bin/bash -d /opt/stack -G libvirtd
-echo stack:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd
-echo "stack ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers
+chroot $STAGING_DIR useradd $STACK_USER -s /bin/bash -d /opt/stack -G libvirtd
+echo $STACK_USER:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd
+echo "$STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers
 
 # Give ownership of /opt/stack to stack user
-chroot $STAGING_DIR chown -R stack /opt/stack
+chroot $STAGING_DIR chown -R $STACK_USER /opt/stack
 
 # Make our ip address hostnames look nice at the command prompt
 echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $STAGING_DIR/opt/stack/.bashrc