diff options
author | sdake <sdake@redhat.com> | 2013-03-12 21:50:58 -0700 |
---|---|---|
committer | sdake <sdake@redhat.com> | 2013-03-14 09:51:59 -0700 |
commit | ac8b8f9c42911529aab585413bbd7344bd754dad (patch) | |
tree | c415c0a24cc729b5c09829165db2148bb58d388a | |
parent | 5862514aef704409e5d4463827953e06ced207b6 (diff) | |
download | heat-ac8b8f9c42911529aab585413bbd7344bd754dad.tar.gz |
Allow per-deployment configuration of user id
Previously user ids of new instances were limited to ec2-user.
This patch adds a new configuration option to be placed in
/etc/heat/heat-engine.conf called "default_instance_user" which
allows the default of ec2-user to be overriden.
Note for reviewers that runcmd does not work properly. It was
actually running after the loguserdata.py script finished execution.
Fixes: Bug #1101347
Change-Id: Ica2dbe63d9dcbce8bb8de298eba452c34ab173d9
-rw-r--r-- | MANIFEST.in | 1 | ||||
-rw-r--r-- | heat/cloudinit/boothook.sh | 7 | ||||
-rw-r--r-- | heat/cloudinit/config | 6 | ||||
-rw-r--r-- | heat/common/config.py | 3 | ||||
-rw-r--r-- | heat/engine/resources/instance.py | 7 |
5 files changed, 18 insertions, 6 deletions
diff --git a/MANIFEST.in b/MANIFEST.in index 77b8604e5..299e22fab 100644 --- a/MANIFEST.in +++ b/MANIFEST.in @@ -9,6 +9,7 @@ include babel.cfg install.sh run_tests.sh tox.ini uninstall.sh graft templates include heat/versioninfo include heat/cloudinit/config +include heat/cloudinit/boothook.sh include heat/cloudinit/loguserdata.py include heat/cloudinit/part-handler.py include heat/db/sqlalchemy/migrate_repo/migrate.cfg diff --git a/heat/cloudinit/boothook.sh b/heat/cloudinit/boothook.sh new file mode 100644 index 000000000..f7d46a7f5 --- /dev/null +++ b/heat/cloudinit/boothook.sh @@ -0,0 +1,7 @@ +#!/bin/bash +setenforce 0 +useradd -m @INSTANCE_USER@ +echo -e '@INSTANCE_USER@\tALL=(ALL)\tNOPASSWD: ALL' >> /etc/sudoers + +# Do not remove - the cloud boothook should always return success +exit 0 diff --git a/heat/cloudinit/config b/heat/cloudinit/config index b392f3ee7..bd363f89b 100644 --- a/heat/cloudinit/config +++ b/heat/cloudinit/config @@ -1,7 +1,4 @@ -runcmd: - - setenforce 0 > /dev/null 2>&1 || true - -user: ec2-user +user: @INSTANCE_USER@ cloud_config_modules: - locale @@ -9,7 +6,6 @@ cloud_config_modules: - timezone - update_etc_hosts - update_hostname - - runcmd # Capture all subprocess output into a logfile # Useful for troubleshooting cloud-init issues diff --git a/heat/common/config.py b/heat/common/config.py index e84fc7496..cd23d8db1 100644 --- a/heat/common/config.py +++ b/heat/common/config.py @@ -95,6 +95,9 @@ db_opts = [ help='timeout before idle sql connections are reaped')] engine_opts = [ + cfg.StrOpt('instance_user', + default='ec2-user', + help='The default user for new instances'), cfg.StrOpt('instance_driver', default='heat.engine.nova', help='Driver to use for controlling instances'), diff --git a/heat/engine/resources/instance.py b/heat/engine/resources/instance.py index 5e068cbdf..d35ce8906 100644 --- a/heat/engine/resources/instance.py +++ b/heat/engine/resources/instance.py @@ -171,9 +171,14 @@ class Instance(resource.Resource): return msg def read_cloudinit_file(fn): - return pkgutil.get_data('heat', 'cloudinit/%s' % fn) + data = pkgutil.get_data('heat', 'cloudinit/%s' % fn) + data = data.replace('@INSTANCE_USER@', + cfg.CONF.instance_user) + return data attachments = [(read_cloudinit_file('config'), 'cloud-config'), + (read_cloudinit_file('boothook.sh'), 'boothook.sh', + 'cloud-boothook'), (read_cloudinit_file('part-handler.py'), 'part-handler.py'), (userdata, 'cfn-userdata', 'x-cfninitdata'), |