From d850c3ceb4d2101078a75385d52c69b3a352776b Mon Sep 17 00:00:00 2001 From: Lukas Bezdicka Date: Thu, 3 Jul 2014 15:37:59 +0200 Subject: [PATCH] Don't manage the nova uid/gid if nova_{user,group}_id is undef Any user modification before standard system package creates the user is wrong. Usecase of patch adding the user is also broken as there are several other options: provide user before whole class nova, have user id enforced by package or as most humans do accept that in multi host enviroments there are 3 layers - user, group and netgroup. In all cases nova puppet module should never touch the user as it's provided by package on all supported systems, but for backwards compatibility the management of user is disabled if nova_group_id is undef or if nova_user_id is undef. Closes-Bug: rhbz#1115946 Change-Id: If22b27f5fb78ba6821f4d6e8c275f8b80c70dd59 --- manifests/compute/libvirt.pp | 2 +- manifests/consoleauth.pp | 2 +- manifests/init.pp | 51 ++++++++++++++++++++++------------ manifests/objectstore.pp | 2 +- spec/classes/nova_init_spec.rb | 11 ++++---- 5 files changed, 42 insertions(+), 26 deletions(-) diff --git a/manifests/compute/libvirt.pp b/manifests/compute/libvirt.pp index 5fd9f40fa..83073da9d 100644 --- a/manifests/compute/libvirt.pp +++ b/manifests/compute/libvirt.pp @@ -105,7 +105,7 @@ class nova::compute::libvirt ( package { "nova-compute-${libvirt_virt_type_real}": ensure => present, before => Package['nova-compute'], - require => User['nova'], + require => Package['nova-common'], } } diff --git a/manifests/consoleauth.pp b/manifests/consoleauth.pp index 953e7120a..4813b36b6 100644 --- a/manifests/consoleauth.pp +++ b/manifests/consoleauth.pp @@ -33,7 +33,7 @@ class nova::consoleauth( package_name => $::nova::params::consoleauth_package_name, service_name => $::nova::params::consoleauth_service_name, ensure_package => $ensure_package, - require => User['nova'], + require => Package['nova-common'], } } diff --git a/manifests/init.pp b/manifests/init.pp index 153d9bac8..91520dbbe 100644 --- a/manifests/init.pp +++ b/manifests/init.pp @@ -200,14 +200,22 @@ # (optional) Create the nova user with the specified gid. # Changing to a new uid after specifying a different uid previously, # or using this option after the nova account already exists will break -# the ownership of all files/dirs owned by nova. +# the ownership of all files/dirs owned by nova. It is strongly encouraged +# not to use this option and instead create user before nova class or +# for network shares create netgroup into which you'll put nova on all the +# nodes. If undef no user will be created and user creation will standardly +# happen in nova-common package. # Defaults to undef. # # [*nova_group_id*] # (optional) Create the nova user with the specified gid. # Changing to a new uid after specifying a different uid previously, # or using this option after the nova account already exists will break -# the ownership of all files/dirs owned by nova. +# the ownership of all files/dirs owned by nova. It is strongly encouraged +# not to use this option and instead create group before nova class or for +# network shares create netgroup into which you'll put nova on all the +# nodes. If undef no user or group will be created and creation will +# happen in nova-common package. # Defaults to undef. # # [*nova_public_key*] @@ -359,22 +367,29 @@ class nova( } } - group { 'nova': - ensure => present, - system => true, - gid => $nova_group_id, - before => User['nova'], + if $nova_group_id { + warning('The nova_group_id will be deprecated, please create group manually') + group { 'nova': + ensure => present, + system => true, + gid => $nova_group_id, + before => Package['nova-common'], + } } - - user { 'nova': - ensure => present, - system => true, - groups => 'nova', - home => '/var/lib/nova', - managehome => false, - shell => $nova_shell, - uid => $nova_user_id, - gid => $nova_group_id, + if $nova_user_id { + warning('The nova_user_id will be deprecated, please create user manually') + user { 'nova': + ensure => present, + system => true, + groups => 'nova', + home => '/var/lib/nova', + managehome => false, + shell => $nova_shell, + uid => $nova_user_id, + gid => $nova_group_id, + before => Package['nova-common'], + require => Group['nova'], + } } if $nova_public_key or $nova_private_key { @@ -465,7 +480,7 @@ class nova( package { 'nova-common': ensure => $ensure_package, name => $::nova::params::common_package_name, - require => [Package['python-nova'], Anchor['nova-start'], User['nova']] + require => [Package['python-nova'], Anchor['nova-start']] } file { '/etc/nova/nova.conf': diff --git a/manifests/objectstore.pp b/manifests/objectstore.pp index d8b6359e3..466be81db 100644 --- a/manifests/objectstore.pp +++ b/manifests/objectstore.pp @@ -35,7 +35,7 @@ class nova::objectstore( package_name => $::nova::params::objectstore_package_name, service_name => $::nova::params::objectstore_service_name, ensure_package => $ensure_package, - require => User['nova'], + require => Package['nova-common'], } nova_config { diff --git a/spec/classes/nova_init_spec.rb b/spec/classes/nova_init_spec.rb index f516192cc..f7ec80a38 100644 --- a/spec/classes/nova_init_spec.rb +++ b/spec/classes/nova_init_spec.rb @@ -22,13 +22,13 @@ describe 'nova' do ) end - it 'creates user and group' do - should contain_group('nova').with( + it 'does not create user and group' do + should_not contain_group('nova').with( :ensure => 'present', :system => true, :before => 'User[nova]' ) - should contain_user('nova').with( + should_not contain_user('nova').with( :ensure => 'present', :system => true, :groups => 'nova', @@ -143,7 +143,7 @@ describe 'nova' do :ensure => 'present', :system => true, :gid => '499', - :before => 'User[nova]' + :before => 'Package[nova-common]' ) should contain_user('nova').with( :ensure => 'present', @@ -153,7 +153,8 @@ describe 'nova' do :managehome => false, :shell => '/bin/bash', :uid => '499', - :gid => '499' + :gid => '499', + :require => 'Group[nova]' ) end