The barbican user and group were missing from the setup files.
Adding it ensures consistent uid/gid values across nodes, where
filesystems may be shared.
Adding it also ensures uid/gid exists when barbican is installed.
This will fix sanity issues due to arbitrary rpm ordering during
initial system installation.
openstack-barbican-common has a scriptlet that sets up
barbican user and group if they do not exist, through
shadow-utils.
The shadow-utils requirement is set for openstack-barbican
rather than openstack-barbican-common or python-barbican.
Alternatively the src rpm could be patched, but this would add
source code patching debt, and still not resolve the filesystem
consistency issue.
Change-Id: I67b7c292e4a3356335df6619648284e028625fe6
Closes-Bug: 1849671
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
To enhance system security, the following unused openstack users
are removed from host:
murano
rabbitmq
glance
cinder
nfv
heat
panko
gnocchi
aodh
magnum
And the following openstack users' login shell are disabled:
ceilometer
keystone
Change-Id: Ie6a0937f9194e24ce188403561f87c2069747ccd
Closes-Bug: 1837446
Signed-off-by: Andy Ning <andy.ning@windriver.com>
The user "www" is used to upload charts by using
helm-upload cmd. The root cause for the helm-upload
failure is the uid and gid of user "www" do not match
the uid and gid on controller-0.
Currently, www is created on controller-0 during ansible
configuration and the uid is set to "1877" explicitly.
On controller-1, it's created in puppet manifest but
it doesn't set the uid.
This commit is to add the user "www" in setup package so
that it's created after each node installation and it
makes sure the uid and gid are consistent on each node.
Change-Id: I59f2b379eedc4edf206916798d9837f97917ef7a
Closes-Bug: 1833603
Signed-off-by: Angie Wang <angie.wang@windriver.com>
Update the keystone user uid and gid to align it with
upstream. This is required by distributed cloud system
where the keystone container mounts the platform fernet
key repo.
Change-Id: Ide8935d8f6baf5796cde57e2ccc2ae8d9cf1b8ea
Story: 2004766
Task: 34152
Signed-off-by: Tao Liu <tao.liu@windriver.com>
Use setup-config package to package config files for setup package.
Merge all passwd, group, uidgid patches to one patch.
Deployment test and ping test between VMs pass
Config and service files check pass.
Story: 2003768
Task: 27592
Change-Id: I98da90695c8184261279b27b4ede63fd7951babf
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
This is part of feature integrating gnocchi as metric storage backend
because of the deprecation of ceilometer metering backend.
With gnocchi integrated, ceilometer api and collector processes are
removed, ceilometer agent nofitication and polling processes
are still running to collect and normalise data from other openstack
services. Ceilometer notification agent also has the responsiblity
to send samples to gnocchi backend through its gnocchi publisher and
events to panko backend.
Two gnocchi processes are introduced, gnocchi api is REST API service
and gnocchi metricd is for metric computing and gnocchi CLI is
supported to query measures/metric from gnocchi backend. Ceilometer
service and user still need to be registered in keystone, but stop
creating endpoints. Gnocchi is a seperate user/service in keystone and
run on active controller licensing on port 8041
Changes in this commit:
- add uid gid for telemetry services
- remove the oslo cache configuration
- fix puppet gnocchi warning
- remove ceilometer and add gnocchi logs in syslog
Story: 2002825
Task: 22871
Depends-On: https://review.openstack.org/587279
Change-Id: I3294927c676bee771e719bb581e00266f161ec86
Signed-off-by: Don Penney <don.penney@windriver.com>
Signed-off-by: Jack Ding <jack.ding@windriver.com>