Don't manage the nova uid/gid if nova_{user,group}_id is undef

Any user modification before standard system package creates the user is wrong. Usecase of patch adding the user is also broken as there are several other options: provide user before whole class nova, have user id enforced by package or as most humans do accept that in multi host enviroments there are 3 layers - user, group and netgroup. In all cases nova puppet module should never touch the user as it's provided by package on all supported systems, but for backwards compatibility the management of user is disabled if nova_group_id is undef or if nova_user_id is undef. Closes-Bug: rhbz#1115946 Change-Id: If22b27f5fb78ba6821f4d6e8c275f8b80c70dd59
2014-07-03 15:37:59 +02:00
parent 3b06593f8b
commit d850c3ceb4
5 changed files with 42 additions and 26 deletions
--- a/manifests/compute/libvirt.pp
+++ b/manifests/compute/libvirt.pp
@@ -105,7 +105,7 @@ class nova::compute::libvirt (
    package { "nova-compute-${libvirt_virt_type_real}":
      ensure  => present,
      before  => Package['nova-compute'],
-      require => User['nova'],
+      require => Package['nova-common'],
    }
  }

--- a/manifests/consoleauth.pp
+++ b/manifests/consoleauth.pp
@@ -33,7 +33,7 @@ class nova::consoleauth(
    package_name   => $::nova::params::consoleauth_package_name,
    service_name   => $::nova::params::consoleauth_service_name,
    ensure_package => $ensure_package,
-    require        => User['nova'],
+    require        => Package['nova-common'],
  }

 }
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -200,14 +200,22 @@
 #   (optional) Create the nova user with the specified gid.
 #   Changing to a new uid after specifying a different uid previously,
 #   or using this option after the nova account already exists will break
-#   the ownership of all files/dirs owned by nova.
+#   the ownership of all files/dirs owned by nova. It is strongly encouraged
+#   not to use this option and instead create user before nova class or
+#   for network shares create netgroup into which you'll put nova on all the
+#   nodes. If undef no user will be created and user creation will standardly
+#   happen in nova-common package.
 #   Defaults to undef.
 #
 # [*nova_group_id*]
 #   (optional) Create the nova user with the specified gid.
 #   Changing to a new uid after specifying a different uid previously,
 #   or using this option after the nova account already exists will break
-#   the ownership of all files/dirs owned by nova.
+#   the ownership of all files/dirs owned by nova. It is strongly encouraged
+#   not to use this option and instead create group before nova class or for
+#   network shares create netgroup into which you'll put nova on all the
+#   nodes. If undef no user or group will be created and creation will
+#   happen in nova-common package.
 #   Defaults to undef.
 #
 # [*nova_public_key*]
@@ -359,22 +367,29 @@ class nova(
    }
  }

-  group { 'nova':
-    ensure  => present,
-    system  => true,
-    gid     => $nova_group_id,
-    before  => User['nova'],
+  if $nova_group_id {
+    warning('The nova_group_id will be deprecated, please create group manually')
+    group { 'nova':
+      ensure  => present,
+      system  => true,
+      gid     => $nova_group_id,
+      before  => Package['nova-common'],
+    }
  }
-
-  user { 'nova':
-    ensure     => present,
-    system     => true,
-    groups     => 'nova',
-    home       => '/var/lib/nova',
-    managehome => false,
-    shell      => $nova_shell,
-    uid        => $nova_user_id,
-    gid        => $nova_group_id,
+  if $nova_user_id {
+    warning('The nova_user_id will be deprecated, please create user manually')
+    user { 'nova':
+      ensure     => present,
+      system     => true,
+      groups     => 'nova',
+      home       => '/var/lib/nova',
+      managehome => false,
+      shell      => $nova_shell,
+      uid        => $nova_user_id,
+      gid        => $nova_group_id,
+      before     => Package['nova-common'],
+      require    => Group['nova'],
+    }
  }

  if $nova_public_key or $nova_private_key {
@@ -465,7 +480,7 @@ class nova(
  package { 'nova-common':
    ensure  => $ensure_package,
    name    => $::nova::params::common_package_name,
-    require => [Package['python-nova'], Anchor['nova-start'], User['nova']]
+    require => [Package['python-nova'], Anchor['nova-start']]
  }

  file { '/etc/nova/nova.conf':
--- a/manifests/objectstore.pp
+++ b/manifests/objectstore.pp
@@ -35,7 +35,7 @@ class nova::objectstore(
    package_name   => $::nova::params::objectstore_package_name,
    service_name   => $::nova::params::objectstore_service_name,
    ensure_package => $ensure_package,
-    require        => User['nova'],
+    require        => Package['nova-common'],
  }

  nova_config {
--- a/spec/classes/nova_init_spec.rb
+++ b/spec/classes/nova_init_spec.rb
@@ -22,13 +22,13 @@ describe 'nova' do
        )
      end

-      it 'creates user and group' do
-        should contain_group('nova').with(
+      it 'does not create user and group' do
+        should_not contain_group('nova').with(
          :ensure  => 'present',
          :system  => true,
          :before  => 'User[nova]'
        )
-        should contain_user('nova').with(
+        should_not contain_user('nova').with(
          :ensure     => 'present',
          :system     => true,
          :groups     => 'nova',
@@ -143,7 +143,7 @@ describe 'nova' do
          :ensure  => 'present',
          :system  => true,
          :gid     => '499',
-          :before  => 'User[nova]'
+          :before  => 'Package[nova-common]'
        )
        should contain_user('nova').with(
          :ensure     => 'present',
@@ -153,7 +153,8 @@ describe 'nova' do
          :managehome => false,
          :shell      => '/bin/bash',
          :uid        => '499',
-          :gid        => '499'
+          :gid        => '499',
+          :require    => 'Group[nova]'
        )
      end