From ad1461f46d730ed0393ffcb16b866ed2e0f34943 Mon Sep 17 00:00:00 2001
From: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Date: Fri, 8 Apr 2016 23:42:59 +0800
Subject: [PATCH] Fix the qemu has nova permission in nova instances folder

Fix the permission issue on different distro
* In CentOS, add the qemu to nova group in CentOS
* In Ubuntu, add the nova to libvirtd group

Co-Authored-By: Steven Dake <stdake@cisco.com>
Change-Id: I1f4f9ce29abf0d788965fe94d8918b10a7169a75
Closes-Bug: #1568012
---
 docker/nova/nova-base/Dockerfile.j2           |  3 ++-
 docker/nova/nova-compute/Dockerfile.j2        |  3 ---
 docker/nova/nova-compute/extend_start.sh      |  5 -----
 docker/nova/nova-compute/nova_compute_sudoers |  1 -
 docker/nova/nova-libvirt/Dockerfile.j2        | 12 +++++++-----
 5 files changed, 9 insertions(+), 15 deletions(-)
 delete mode 100644 docker/nova/nova-compute/nova_compute_sudoers

diff --git a/docker/nova/nova-base/Dockerfile.j2 b/docker/nova/nova-base/Dockerfile.j2
index e34f3f228d..1d09ec199a 100644
--- a/docker/nova/nova-base/Dockerfile.j2
+++ b/docker/nova/nova-base/Dockerfile.j2
@@ -45,7 +45,8 @@ RUN apt-get install -y --no-install-recommends \
 
 ADD nova-base-archive /nova-base-source
 RUN ln -s nova-base-source/* nova \
-    && useradd --user-group --home-dir /var/lib/nova nova \
+    && useradd --user-group --create-home --home-dir /var/lib/nova nova \
+    && chmod 755 /var/lib/nova \
     && /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements/upper-constraints.txt /nova \
     && mkdir -p /etc/nova /var/lib/nova \
     && cp -r /nova/etc/nova/* /etc/nova/ \
diff --git a/docker/nova/nova-compute/Dockerfile.j2 b/docker/nova/nova-compute/Dockerfile.j2
index 48337e9da4..7be99a12c7 100644
--- a/docker/nova/nova-compute/Dockerfile.j2
+++ b/docker/nova/nova-compute/Dockerfile.j2
@@ -55,11 +55,8 @@ RUN /var/lib/kolla/venv/bin/pip --no-cache-dir install --upgrade -c requirements
 
 {% endif %}
 
-COPY nova_compute_sudoers /etc/sudoers.d/nova_compute_sudoers
 COPY extend_start.sh /usr/local/bin/kolla_nova_extend_start
 RUN chmod 755 /usr/local/bin/kolla_nova_extend_start \
-    && chmod 750 /etc/sudoers.d \
-    && chmod 440 /etc/sudoers.d/nova_compute_sudoers \
     && rm -f /etc/machine-id
 
 {{ include_footer }}
diff --git a/docker/nova/nova-compute/extend_start.sh b/docker/nova/nova-compute/extend_start.sh
index efe531ff95..76226cd905 100644
--- a/docker/nova/nova-compute/extend_start.sh
+++ b/docker/nova/nova-compute/extend_start.sh
@@ -3,11 +3,6 @@
 # Bootstrap and exit if KOLLA_BOOTSTRAP variable is set. This catches all cases
 # of the KOLLA_BOOTSTRAP variable being set, including empty.
 if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then
-    sudo chown nova: /var/lib/nova/
     mkdir -p /var/lib/nova/instances
-    # Only update permissions if permissions need to be updated
-    if [[ $(stat -c %U:%G /var/lib/nova/instances) != "nova:nova" ]]; then
-        sudo chown nova: /var/lib/nova/instances
-    fi
     exit 0
 fi
diff --git a/docker/nova/nova-compute/nova_compute_sudoers b/docker/nova/nova-compute/nova_compute_sudoers
deleted file mode 100644
index a7fb7b864e..0000000000
--- a/docker/nova/nova-compute/nova_compute_sudoers
+++ /dev/null
@@ -1 +0,0 @@
-%kolla ALL=(root) NOPASSWD: /usr/bin/chown nova\: /var/lib/nova/, /bin/chown nova\: /var/lib/nova/
diff --git a/docker/nova/nova-libvirt/Dockerfile.j2 b/docker/nova/nova-libvirt/Dockerfile.j2
index 028d4635a0..d639408a6f 100644
--- a/docker/nova/nova-libvirt/Dockerfile.j2
+++ b/docker/nova/nova-libvirt/Dockerfile.j2
@@ -1,4 +1,4 @@
-FROM {{ namespace }}/{{ image_prefix }}base:{{ tag }}
+FROM {{ namespace }}/{{ image_prefix }}nova-base:{{ tag }}
 MAINTAINER {{ maintainer }}
 
 {% if base_distro in ['centos', 'fedora', 'oraclelinux', 'rhel'] %}
@@ -11,7 +11,9 @@ RUN yum -y install \
         libvirt-daemon-config-nwfilter \
         libvirt-daemon-driver-lxc \
         ceph-common \
-    && yum clean all
+    && yum clean all \
+    && usermod -a -G nova qemu
+
 
 {% elif base_distro in ['ubuntu', 'debian'] %}
 
@@ -27,12 +29,12 @@ RUN apt-get install -y --no-install-recommends \
     && apt-get clean \
     && mkdir -p /etc/ceph \
     && rm /etc/libvirt/qemu/networks/default.xml /etc/libvirt/qemu/networks/autostart/default.xml \
-    && sed -i 's|.*stdio_handler.*|stdio_handler = "file"|' /etc/libvirt/qemu.conf
+    && sed -i 's|.*stdio_handler.*|stdio_handler = "file"|' /etc/libvirt/qemu.conf \
+    && usermod -a -G libvirtd nova
 
 {% endif %}
 
 COPY extend_start.sh /usr/local/bin/kolla_extend_start
-RUN chmod 755 /usr/local/bin/kolla_extend_start \
-    && useradd --user-group nova
+RUN chmod 755 /usr/local/bin/kolla_extend_start
 
 {{ include_footer }}