8 Commits

Author SHA1 Message Date
Al Bailey
4341591423 Ensure barbican user and group exist during installation
The barbican user and group were missing from the setup files.

Adding it ensures consistent uid/gid values across nodes, where
filesystems may be shared.

Adding it also ensures uid/gid exists when barbican is installed.
This will fix sanity issues due to arbitrary rpm ordering during
initial system installation.

openstack-barbican-common has a scriptlet that sets up
barbican user and group if they do not exist, through
shadow-utils.

The shadow-utils requirement is set for openstack-barbican
rather than openstack-barbican-common or python-barbican.

Alternatively the src rpm could be patched, but this would add
source code patching debt, and still not resolve the filesystem
consistency issue.

Change-Id: I67b7c292e4a3356335df6619648284e028625fe6
Closes-Bug: 1849671
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
2019-10-24 13:49:43 -05:00
Andy Ning
bcad30be63 Remove login shell and unneeded openstack users
To enhance system security, the following unused openstack users
are removed from host:
murano
rabbitmq
glance
cinder
nfv
heat
panko
gnocchi
aodh
magnum

And the following openstack users' login shell are disabled:
ceilometer
keystone

Change-Id: Ie6a0937f9194e24ce188403561f87c2069747ccd
Closes-Bug: 1837446
Signed-off-by: Andy Ning <andy.ning@windriver.com>
2019-07-30 12:07:12 -04:00
Angie Wang
f10485b4d5 Fix the helm-upload failure on controller-1
The user "www" is used to upload charts by using
helm-upload cmd. The root cause for the helm-upload
failure is the uid and gid of user "www" do not match
the uid and gid on controller-0.

Currently, www is created on controller-0 during ansible
configuration and the uid is set to "1877" explicitly.
On controller-1, it's created in puppet manifest but
it doesn't set the uid.

This commit is to add the user "www" in setup package so
that it's created after each node installation and it
makes sure the uid and gid are consistent on each node.

Change-Id: I59f2b379eedc4edf206916798d9837f97917ef7a
Closes-Bug: 1833603
Signed-off-by: Angie Wang <angie.wang@windriver.com>
2019-06-28 15:14:02 -04:00
Tao Liu
7ef6d4e330 Align the keystone uids with upstream
Update the keystone user uid and gid to align it with
upstream. This is required by distributed cloud system
where the keystone container mounts the platform fernet
key repo.

Change-Id: Ide8935d8f6baf5796cde57e2ccc2ae8d9cf1b8ea
Story: 2004766
Task: 34152
Signed-off-by: Tao Liu <tao.liu@windriver.com>
2019-06-17 12:07:53 -04:00
zhipengl
0599e8e58e Refactor patches for setup package
Use setup-config package to package config files for setup package.
Merge all passwd, group, uidgid patches to one patch.

Deployment test and ping test between VMs pass
Config and service files check pass.

Story: 2003768
Task: 27592

Change-Id: I98da90695c8184261279b27b4ede63fd7951babf
Signed-off-by: zhipengl <zhipengs.liu@intel.com>
2018-11-30 08:41:36 +08:00
slin14
cb67fa8330 rebase setup patch to CentOS7.5
Story: 2003389
Task: 24485

Change-Id: I04645b69e0e86e70cf168fbfe6c118af2cb961a3
Signed-off-by: slin14 <shuicheng.lin@intel.com>
2018-08-27 18:52:57 +08:00
Angie Wang
27f421a078 Integrate gnocchi for OpenStack Telemetry
This is part of feature integrating gnocchi as metric storage backend
because of the deprecation of ceilometer metering backend.
With gnocchi integrated, ceilometer api and collector processes are
removed, ceilometer agent nofitication and polling processes
are still running to collect and normalise data from other openstack
services. Ceilometer notification agent also has the responsiblity
to send samples to gnocchi backend through its gnocchi publisher and
events to panko backend.
Two gnocchi processes are introduced, gnocchi api is REST API service
and gnocchi metricd is for metric computing and gnocchi CLI is
supported to query measures/metric from gnocchi backend. Ceilometer
service and user still need to be registered in keystone, but stop
creating endpoints. Gnocchi is a seperate user/service in keystone and
run on active controller licensing on port 8041

Changes in this commit:
- add uid gid for telemetry services
- remove the oslo cache configuration
- fix puppet gnocchi warning
- remove ceilometer and add gnocchi logs in syslog

Story: 2002825
Task: 22871
Depends-On: https://review.openstack.org/587279

Change-Id: I3294927c676bee771e719bb581e00266f161ec86
Signed-off-by: Don Penney <don.penney@windriver.com>
Signed-off-by: Jack Ding <jack.ding@windriver.com>
2018-07-31 08:59:40 -04:00
Dean Troyer
3cd12006bb StarlingX open source release updates
Signed-off-by: Dean Troyer <dtroyer@gmail.com>
2018-05-31 07:36:35 -07:00