Don't manage the nova uid/gid if nova_{user,group}_id is undef

Any user modification before standard system package creates the
user is wrong. Usecase of patch adding the user is also broken as
there are several other options: provide user before whole class
nova, have user id enforced by package or as most humans do accept
that in multi host enviroments there are 3 layers - user, group and
netgroup. In all cases nova puppet module should never touch the
user as it's provided by package on all supported systems, but for
backwards compatibility the management of user is disabled if
nova_group_id is undef or if nova_user_id is undef.

Closes-Bug: rhbz#1115946
Change-Id: If22b27f5fb78ba6821f4d6e8c275f8b80c70dd59
This commit is contained in:
Lukas Bezdicka
2014-07-03 15:37:59 +02:00
parent 3b06593f8b
commit d850c3ceb4
5 changed files with 42 additions and 26 deletions

View File

@@ -105,7 +105,7 @@ class nova::compute::libvirt (
package { "nova-compute-${libvirt_virt_type_real}":
ensure => present,
before => Package['nova-compute'],
require => User['nova'],
require => Package['nova-common'],
}
}

View File

@@ -33,7 +33,7 @@ class nova::consoleauth(
package_name => $::nova::params::consoleauth_package_name,
service_name => $::nova::params::consoleauth_service_name,
ensure_package => $ensure_package,
require => User['nova'],
require => Package['nova-common'],
}
}

View File

@@ -200,14 +200,22 @@
# (optional) Create the nova user with the specified gid.
# Changing to a new uid after specifying a different uid previously,
# or using this option after the nova account already exists will break
# the ownership of all files/dirs owned by nova.
# the ownership of all files/dirs owned by nova. It is strongly encouraged
# not to use this option and instead create user before nova class or
# for network shares create netgroup into which you'll put nova on all the
# nodes. If undef no user will be created and user creation will standardly
# happen in nova-common package.
# Defaults to undef.
#
# [*nova_group_id*]
# (optional) Create the nova user with the specified gid.
# Changing to a new uid after specifying a different uid previously,
# or using this option after the nova account already exists will break
# the ownership of all files/dirs owned by nova.
# the ownership of all files/dirs owned by nova. It is strongly encouraged
# not to use this option and instead create group before nova class or for
# network shares create netgroup into which you'll put nova on all the
# nodes. If undef no user or group will be created and creation will
# happen in nova-common package.
# Defaults to undef.
#
# [*nova_public_key*]
@@ -359,22 +367,29 @@ class nova(
}
}
group { 'nova':
ensure => present,
system => true,
gid => $nova_group_id,
before => User['nova'],
if $nova_group_id {
warning('The nova_group_id will be deprecated, please create group manually')
group { 'nova':
ensure => present,
system => true,
gid => $nova_group_id,
before => Package['nova-common'],
}
}
user { 'nova':
ensure => present,
system => true,
groups => 'nova',
home => '/var/lib/nova',
managehome => false,
shell => $nova_shell,
uid => $nova_user_id,
gid => $nova_group_id,
if $nova_user_id {
warning('The nova_user_id will be deprecated, please create user manually')
user { 'nova':
ensure => present,
system => true,
groups => 'nova',
home => '/var/lib/nova',
managehome => false,
shell => $nova_shell,
uid => $nova_user_id,
gid => $nova_group_id,
before => Package['nova-common'],
require => Group['nova'],
}
}
if $nova_public_key or $nova_private_key {
@@ -465,7 +480,7 @@ class nova(
package { 'nova-common':
ensure => $ensure_package,
name => $::nova::params::common_package_name,
require => [Package['python-nova'], Anchor['nova-start'], User['nova']]
require => [Package['python-nova'], Anchor['nova-start']]
}
file { '/etc/nova/nova.conf':

View File

@@ -35,7 +35,7 @@ class nova::objectstore(
package_name => $::nova::params::objectstore_package_name,
service_name => $::nova::params::objectstore_service_name,
ensure_package => $ensure_package,
require => User['nova'],
require => Package['nova-common'],
}
nova_config {

View File

@@ -22,13 +22,13 @@ describe 'nova' do
)
end
it 'creates user and group' do
should contain_group('nova').with(
it 'does not create user and group' do
should_not contain_group('nova').with(
:ensure => 'present',
:system => true,
:before => 'User[nova]'
)
should contain_user('nova').with(
should_not contain_user('nova').with(
:ensure => 'present',
:system => true,
:groups => 'nova',
@@ -143,7 +143,7 @@ describe 'nova' do
:ensure => 'present',
:system => true,
:gid => '499',
:before => 'User[nova]'
:before => 'Package[nova-common]'
)
should contain_user('nova').with(
:ensure => 'present',
@@ -153,7 +153,8 @@ describe 'nova' do
:managehome => false,
:shell => '/bin/bash',
:uid => '499',
:gid => '499'
:gid => '499',
:require => 'Group[nova]'
)
end