Added the ability to manage the nova uid/gid.

Added the ability to manage the nova user and group ids. This is necessary for users who want to use live migration on NFS, where the nova uid and gid must be the same on all systems. Change-Id: I8958c5081afa7ffa73b59fb9a30b63ca725fcc66
2014-02-25 10:05:52 -08:00
parent 7dd266c5a1
commit f854ca4e49
5 changed files with 71 additions and 23 deletions
--- a/manifests/compute/libvirt.pp
+++ b/manifests/compute/libvirt.pp
@@ -105,6 +105,7 @@ class nova::compute::libvirt (
    package { "nova-compute-${libvirt_virt_type_real}":
      ensure  => present,
      before  => Package['nova-compute'],
+      require => User['nova'],
    }
  }

--- a/manifests/consoleauth.pp
+++ b/manifests/consoleauth.pp
@@ -33,6 +33,7 @@ class nova::consoleauth(
    package_name   => $::nova::params::consoleauth_package_name,
    service_name   => $::nova::params::consoleauth_service_name,
    ensure_package => $ensure_package,
+    require        => User['nova'],
  }

 }
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -153,6 +153,20 @@
 #   (optional) Syslog facility to receive log lines.
 #   Defaults to 'LOG_USER'
 #
+# [*nova_user_id*]
+#   (optional) Create the nova user with the specified gid.
+#   Changing to a new uid after specifying a different uid previously,
+#   or using this option after the nova account already exists will break
+#   the ownership of all files/dirs owned by nova.
+#   Defaults to undef.
+#
+# [*nova_group_id*]
+#   (optional) Create the nova user with the specified gid.
+#   Changing to a new uid after specifying a different uid previously,
+#   or using this option after the nova account already exists will break
+#   the ownership of all files/dirs owned by nova.
+#   Defaults to undef.
+#
 class nova(
  $ensure_package           = 'present',
  $database_connection      = false,
@@ -188,6 +202,8 @@ class nova(
  $periodic_interval        = '60',
  $report_interval          = '10',
  $rootwrap_config          = '/etc/nova/rootwrap.conf',
+  $nova_user_id             = undef,
+  $nova_group_id            = undef,
  # deprecated in folsom
  #$root_helper = $::nova::params::root_helper,
  $monitoring_notifications = false,
@@ -206,6 +222,24 @@ class nova(
    warning('The nova_cluster_id parameter is deprecated and has no effect.')
  }

+  group { 'nova':
+    ensure  => present,
+    system  => true,
+    gid     => $nova_group_id,
+    before  => User['nova'],
+  }
+
+  user { 'nova':
+    ensure     => present,
+    system     => true,
+    groups     => 'nova',
+    home       => '/var/lib/nova',
+    managehome => false,
+    shell      => '/bin/false',
+    uid        => $nova_user_id,
+    gid        => $nova_group_id,
+  }
+
  # all nova_config resources should be applied
  # after the nova common package
  # before the file resource for nova.conf is managed
@@ -245,19 +279,7 @@ class nova(
  package { 'nova-common':
    ensure  => $ensure_package,
    name    => $::nova::params::common_package_name,
-    require => [Package['python-nova'], Anchor['nova-start']]
-  }
-
-  group { 'nova':
-    ensure  => present,
-    system  => true,
-    require => Package['nova-common'],
-  }
-  user { 'nova':
-    ensure  => present,
-    gid     => 'nova',
-    system  => true,
-    require => Package['nova-common'],
+    require => [Package['python-nova'], Anchor['nova-start'], User['nova']]
  }

  file { '/etc/nova/nova.conf':
--- a/manifests/objectstore.pp
+++ b/manifests/objectstore.pp
@@ -35,6 +35,7 @@ class nova::objectstore(
    package_name   => $::nova::params::objectstore_package_name,
    service_name   => $::nova::params::objectstore_service_name,
    ensure_package => $ensure_package,
+    require        => User['nova'],
  }

  nova_config {
--- a/spec/classes/nova_init_spec.rb
+++ b/spec/classes/nova_init_spec.rb
@@ -26,13 +26,15 @@ describe 'nova' do
        should contain_group('nova').with(
          :ensure  => 'present',
          :system  => true,
-          :require => 'Package[nova-common]'
+          :before  => 'User[nova]'
        )
        should contain_user('nova').with(
          :ensure     => 'present',
-          :gid     => 'nova',
          :system     => true,
-          :require => 'Package[nova-common]'
+          :groups     => 'nova',
+          :home       => '/var/lib/nova',
+          :managehome => false,
+          :shell      => '/bin/false'
        )
      end

@@ -125,7 +127,28 @@ describe 'nova' do
          :ensure_package           => '2012.1.1-15.el6',
          :monitoring_notifications => true,
          :memcached_servers        => ['memcached01:11211', 'memcached02:11211'],
-          :install_utilities        => false }
+          :install_utilities        => false,
+          :nova_user_id             => '499',
+          :nova_group_id            => '499' }
+      end
+
+      it 'creates user and group' do
+        should contain_group('nova').with(
+          :ensure  => 'present',
+          :system  => true,
+          :gid     => '499',
+          :before  => 'User[nova]'
+        )
+        should contain_user('nova').with(
+          :ensure     => 'present',
+          :system     => true,
+          :groups     => 'nova',
+          :home       => '/var/lib/nova',
+          :managehome => false,
+          :shell      => '/bin/false',
+          :uid        => '499',
+          :gid        => '499'
+        )
      end

      it 'installs packages' do