From f4821e47b1cdafbb00d1949b292a40aaa687f3f1 Mon Sep 17 00:00:00 2001 From: Major Hayden Date: Tue, 8 Mar 2016 14:13:41 -0600 Subject: [PATCH] Conditionally set UID/GID for nova user/group Deployers with shared storage systems must ensure that the nova user and group have consistent UID's and GID's respectively. This patch adds a configurable option for deployers to set a UID/GID for the nova user and group. Warnings are provided in the default/main.yml about the potential dangers of adjusting this value on a production system Docs and a release note will be proposed separately in the OpenStack-Ansible main repository for this change. Closes-Bug: 1544889 Change-Id: I881555a896455ce3c897d56a143a8a25c088880b --- defaults/main.yml | 14 +++++++++++++- tasks/nova_pre_install.yml | 2 ++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index b1a01d73..89007482 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -45,13 +45,25 @@ nova_venv_download_url: http://127.0.0.1/venvs/untagged/ubuntu/nova.tgz nova_fatal_deprecations: False -## System info +## Nova user information nova_system_user_name: nova nova_system_group_name: nova nova_system_shell: /bin/bash nova_system_comment: nova system user nova_system_home_folder: "/var/lib/{{ nova_system_user_name }}" +## Manually specified nova UID/GID +# Deployers can specify a UID for the nova user as well as the GID for the +# nova group if needed. This is commonly used in environments where shared +# storage is used, such as NFS or GlusterFS, and nova UID/GID values must be +# in sync between multiple servers. +# +# WARNING: Changing these values on an existing deployment can lead to +# failures, errors, and instability. +# +# nova_system_user_uid = +# nova_system_group_gid = + ## DB nova_galera_user: nova nova_galera_database: nova diff --git a/tasks/nova_pre_install.yml b/tasks/nova_pre_install.yml index 4812c45c..ab11a0d9 100644 --- a/tasks/nova_pre_install.yml +++ b/tasks/nova_pre_install.yml @@ -16,6 +16,7 @@ - name: create the system group group: name: "{{ nova_system_group_name }}" + gid: "{{ nova_system_group_uid|default(omit) }}" state: "present" system: "yes" tags: @@ -37,6 +38,7 @@ - name: Create the nova system user user: name: "{{ nova_system_user_name }}" + uid: "{{ nova_system_user_uid|default(omit) }}" group: "{{ nova_system_group_name }}" comment: "{{ nova_system_comment }}" shell: "{{ nova_system_shell }}"