diff --git a/docker/nova/nova-base/Dockerfile.j2 b/docker/nova/nova-base/Dockerfile.j2 index e34f3f228d..1d09ec199a 100644 --- a/docker/nova/nova-base/Dockerfile.j2 +++ b/docker/nova/nova-base/Dockerfile.j2 @@ -45,7 +45,8 @@ RUN apt-get install -y --no-install-recommends \ ADD nova-base-archive /nova-base-source RUN ln -s nova-base-source/* nova \ - && useradd --user-group --home-dir /var/lib/nova nova \ + && useradd --user-group --create-home --home-dir /var/lib/nova nova \ + && chmod 755 /var/lib/nova \ && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /nova \ && mkdir -p /etc/nova /var/lib/nova \ && cp -r /nova/etc/nova/* /etc/nova/ \ diff --git a/docker/nova/nova-compute/Dockerfile.j2 b/docker/nova/nova-compute/Dockerfile.j2 index 48337e9da4..7be99a12c7 100644 --- a/docker/nova/nova-compute/Dockerfile.j2 +++ b/docker/nova/nova-compute/Dockerfile.j2 @@ -55,11 +55,8 @@ RUN /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements {% endif %} -COPY nova_compute_sudoers /etc/sudoers.d/nova_compute_sudoers COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start RUN chmod 755 /usr/local/bin/kolla_nova_extend_start \ - && chmod 750 /etc/sudoers.d \ - && chmod 440 /etc/sudoers.d/nova_compute_sudoers \ && rm -f /etc/machine-id {{ include_footer }} diff --git a/docker/nova/nova-compute/extend_start.sh b/docker/nova/nova-compute/extend_start.sh index efe531ff95..76226cd905 100644 --- a/docker/nova/nova-compute/extend_start.sh +++ b/docker/nova/nova-compute/extend_start.sh @@ -3,11 +3,6 @@ # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases # of the KOLLA_BOOTSTRAP variable being set, including empty. if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then - sudo chown nova: /var/lib/nova/ mkdir -p /var/lib/nova/instances - # Only update permissions if permissions need to be updated - if [[ $(stat -c %U:%G /var/lib/nova/instances) != "nova:nova" ]]; then - sudo chown nova: /var/lib/nova/instances - fi exit 0 fi diff --git a/docker/nova/nova-compute/nova_compute_sudoers b/docker/nova/nova-compute/nova_compute_sudoers deleted file mode 100644 index a7fb7b864e..0000000000 --- a/docker/nova/nova-compute/nova_compute_sudoers +++ /dev/null @@ -1 +0,0 @@ -%kolla ALL=(root) NOPASSWD: /usr/bin/chown nova\: /var/lib/nova/, /bin/chown nova\: /var/lib/nova/ diff --git a/docker/nova/nova-libvirt/Dockerfile.j2 b/docker/nova/nova-libvirt/Dockerfile.j2 index 028d4635a0..d639408a6f 100644 --- a/docker/nova/nova-libvirt/Dockerfile.j2 +++ b/docker/nova/nova-libvirt/Dockerfile.j2 @@ -1,4 +1,4 @@ -FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }} +FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }} MAINTAINER {{ maintainer }} {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %} @@ -11,7 +11,9 @@ RUN yum -y install \ libvirt-daemon-config-nwfilter \ libvirt-daemon-driver-lxc \ ceph-common \ - && yum clean all + && yum clean all \ + && usermod -a -G nova qemu + {% elif base_distro in ['ubuntu', 'debian'] %} @@ -27,12 +29,12 @@ RUN apt-get install -y --no-install-recommends \ && apt-get clean \ && mkdir -p /etc/ceph \ && rm /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/autostart/default.xml \ - && sed -i 's|.*stdio_handler.*|stdio_handler = "file"|' /etc/libvirt/qemu.conf + && sed -i 's|.*stdio_handler.*|stdio_handler = "file"|' /etc/libvirt/qemu.conf \ + && usermod -a -G libvirtd nova {% endif %} COPY extend_start.sh /usr/local/bin/kolla_extend_start -RUN chmod 755 /usr/local/bin/kolla_extend_start \ - && useradd --user-group nova +RUN chmod 755 /usr/local/bin/kolla_extend_start {{ include_footer }}