Allow per-deployment configuration of user id

Previously user ids of new instances were limited to ec2-user.
This patch adds a new configuration option to be placed in
/etc/heat/heat-engine.conf called "default_instance_user" which
allows the default of ec2-user to be overriden.

Note for reviewers that runcmd does not work properly.  It was
actually running after the loguserdata.py script finished execution.

Fixes: Bug #1101347
Change-Id: Ica2dbe63d9dcbce8bb8de298eba452c34ab173d9

5 files changed, 18 insertions, 6 deletions

diff --git a/MANIFEST.in b/MANIFEST.in
index 77b8604e5..299e22fab 100644
--- a/MANIFEST.in
+++ b/MANIFEST.in
@@ -9,6 +9,7 @@ include babel.cfg install.sh run_tests.sh tox.ini uninstall.sh
 graft templates
 include heat/versioninfo
 include heat/cloudinit/config
+include heat/cloudinit/boothook.sh
 include heat/cloudinit/loguserdata.py
 include heat/cloudinit/part-handler.py
 include heat/db/sqlalchemy/migrate_repo/migrate.cfg
diff --git a/heat/cloudinit/boothook.sh b/heat/cloudinit/boothook.sh
new file mode 100644
index 000000000..f7d46a7f5
--- /dev/null
+++ b/heat/cloudinit/boothook.sh
@@ -0,0 +1,7 @@
+#!/bin/bash
+setenforce 0
+useradd -m @INSTANCE_USER@
+echo -e '@INSTANCE_USER@\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers
+
+# Do not remove - the cloud boothook should always return success
+exit 0
diff --git a/heat/cloudinit/config b/heat/cloudinit/config
index b392f3ee7..bd363f89b 100644
--- a/heat/cloudinit/config
+++ b/heat/cloudinit/config
@@ -1,7 +1,4 @@
-runcmd:
- - setenforce 0 > /dev/null 2>&1 || true
-
-user: ec2-user
+user: @INSTANCE_USER@
 
 cloud_config_modules:
  - locale
@@ -9,7 +6,6 @@ cloud_config_modules:
  - timezone
  - update_etc_hosts
  - update_hostname
- - runcmd
 
 # Capture all subprocess output into a logfile
 # Useful for troubleshooting cloud-init issues
diff --git a/heat/common/config.py b/heat/common/config.py
index e84fc7496..cd23d8db1 100644
--- a/heat/common/config.py
+++ b/heat/common/config.py
@@ -95,6 +95,9 @@ db_opts = [
                help='timeout before idle sql connections are reaped')]
 
 engine_opts = [
+    cfg.StrOpt('instance_user',
+               default='ec2-user',
+               help='The default user for new instances'),
     cfg.StrOpt('instance_driver',
                default='heat.engine.nova',
                help='Driver to use for controlling instances'),
diff --git a/heat/engine/resources/instance.py b/heat/engine/resources/instance.py
index 5e068cbdf..d35ce8906 100644
--- a/heat/engine/resources/instance.py
+++ b/heat/engine/resources/instance.py
@@ -171,9 +171,14 @@ class Instance(resource.Resource):
                 return msg
 
             def read_cloudinit_file(fn):
-                return pkgutil.get_data('heat', 'cloudinit/%s' % fn)
+                data = pkgutil.get_data('heat', 'cloudinit/%s' % fn)
+                data = data.replace('@INSTANCE_USER@',
+                                    cfg.CONF.instance_user)
+                return data
 
             attachments = [(read_cloudinit_file('config'), 'cloud-config'),
+                           (read_cloudinit_file('boothook.sh'), 'boothook.sh',
+                            'cloud-boothook'),
                            (read_cloudinit_file('part-handler.py'),
                             'part-handler.py'),
                            (userdata, 'cfn-userdata', 'x-cfninitdata'),