starlingx/integ
Code Issues Proposed changes
9c14e562e2
integ/base/setup/centos/patches/0001-Change-group-passwd-and-uidgid.patch
Al Bailey 4341591423 Ensure barbican user and group exist during installation 
The barbican user and group were missing from the setup files.

Adding it ensures consistent uid/gid values across nodes, where
filesystems may be shared.

Adding it also ensures uid/gid exists when barbican is installed.
This will fix sanity issues due to arbitrary rpm ordering during
initial system installation.

openstack-barbican-common has a scriptlet that sets up
barbican user and group if they do not exist, through
shadow-utils.

The shadow-utils requirement is set for openstack-barbican
rather than openstack-barbican-common or python-barbican.

Alternatively the src rpm could be patched, but this would add
source code patching debt, and still not resolve the filesystem
consistency issue.

Change-Id: I67b7c292e4a3356335df6619648284e028625fe6
Closes-Bug: 1849671
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
2019-10-24 13:49:43 -05:00

126 lines
4.4 KiB
Diff
Raw Blame History

From ac1266693665ff6a266e1123109c23a6adbb399b Mon Sep 17 00:00:00 2001
From: Al Bailey <Al.Bailey@windriver.com>
Date: Thu, 24 Oct 2019 11:53:01 -0500
Subject: [PATCH] Change group,passwd,and uidgid
Signed-off-by: Andy Ning <andy.ning@windriver.com>
Signed-off-by: Al Bailey <Al.Bailey@windriver.com>
---
group | 22 ++++++++++++----------
passwd | 19 +++++++++++--------
uidgid | 10 ++++++----
3 files changed, 29 insertions(+), 22 deletions(-)
diff --git a/group b/group
index 2753bd8..74174c3 100644
--- a/group
+++ b/group
@@ -1,24 +1,26 @@
root::0:
-bin::1:
-daemon::2:
sys::3:
-adm::4:
tty::5:
disk::6:
-lp::7:
-mem::8:
kmem::9:
wheel::10:
cdrom::11:
mail::12:
-man::15:
dialout::18:
floppy::19:
-games::20:
tape::33:
-video::39:
-ftp::50:
lock::54:
-audio::63:
nobody::99:
users::100:
+postgres:x:120:
+nova:x:162:nova
+barbican:x:978:barbican
+keystone:x:42424:keystone
+neutron:x:164:neutron
+ceilometer:x:166:ceilometer
+sysinv:x:168:sysinv
+snmpd:x:169:snmpd,fm
+fm:x:195:fm
+libvirt:x:991:nova
+ironic:x:1874:ironic
+www:x:1877:www
diff --git a/passwd b/passwd
index 6c6a8eb..b478fc3 100644
--- a/passwd
+++ b/passwd
@@ -1,13 +1,16 @@
root:*:0:0:root:/root:/bin/bash
-bin:*:1:1:bin:/bin:/sbin/nologin
-daemon:*:2:2:daemon:/sbin:/sbin/nologin
-adm:*:3:4:adm:/var/adm:/sbin/nologin
-lp:*:4:7:lp:/var/spool/lpd:/sbin/nologin
sync:*:5:0:sync:/sbin:/bin/sync
shutdown:*:6:0:shutdown:/sbin:/sbin/shutdown
halt:*:7:0:halt:/sbin:/sbin/halt
-mail:*:8:12:mail:/var/spool/mail:/sbin/nologin
-operator:*:11:0:operator:/root:/sbin/nologin
-games:*:12:100:games:/usr/games:/sbin/nologin
-ftp:*:14:50:FTP User:/var/ftp:/sbin/nologin
nobody:*:99:99:Nobody:/:/sbin/nologin
+postgres:x:120:120:PostgreSQL Server:/var/lib/pgsql:/bin/sh
+neutron:x:164:164:OpenStack Neutron Daemons:/var/lib/neutron:/sbin/nologin
+sysinv:x:168:168:sysinv Daemons:/var/lib/sysinv:/sbin/nologin
+snmpd:x:169:169:net-snmp:/usr/share/snmp:/sbin/nologin
+fm:x:195:195:fm-mgr:/var/lib/fm:/sbin/nologin
+barbican:x:982:978:Barbican Key Manager user account.:/var/lib/barbican:/sbin/nologin
+ceilometer:x:991:166:OpenStack ceilometer Daemons:/var/lib/ceilometer:/sbin/nologin
+keystone:x:42424:42424:OpenStack Keystone Daemons:/var/lib/keystone:/sbin/nologin
+nova:x:994:162:OpenStack Nova Daemons:/var/lib/nova:/sbin/nologin
+ironic:x:1874:1874:OpenStack Ironic Daemons:/var/lib/ironic:/sbin/nologin
+www:x:1877:1877:www:/home/www:/sbin/nologin
diff --git a/uidgid b/uidgid
index c6bbd4b..714ba2a 100644
--- a/uidgid
+++ b/uidgid
@@ -127,13 +127,14 @@ stapusr - 156 / - systemtap-runtime
stapsys - 157 / - systemtap-runtime
stapdev - 158 / - systemtap-runtime
swift 160 160 /var/lib/swift /sbin/nologin openstack-swift
-glance 161 161 /var/lib/glance /sbin/nologin openstack-glance
nova 162 162 /var/lib/nova /sbin/nologin openstack-nova
-keystone 163 163 /var/lib/keystone /sbin/nologin openstack-keystone
+barbican 982 978 /var/lib/barbican /sbin/nologin openstack-barbican
+keystone 42424 42424 /var/lib/keystone /sbin/nologin openstack-keystone
quantum 164 164 /var/lib/quantum /sbin/nologin openstack-quantum
-cinder 165 165 /var/lib/cinder /sbin/nologin openstack-cinder
ceilometer 166 166 /var/lib/ceilometer /sbin/nologin openstack-ceilometer
ceph 167 167 /var/lib/ceph /sbin/nologin ceph-common
+sysinv 168 168 /var/lib/sysinv /sbin/nologin sysinv
+snmpd 169 169 /usr/share/snmp /sbin/nologin net-snmp
avahi-autoipd 170 170 /var/lib/avahi-autoipd /sbin/nologin avahi
pulse 171 171 /var/run/pulse /sbin/nologin pulseaudio
rtkit 172 172 /proc /sbin/nologin rtkit
@@ -152,7 +153,6 @@ mongodb 184 184 /var/lib/mongodb /sbin/nologin mongodb
jboss 185 185 /var/lib/jbossas /sbin/nologin jbossas-core #was jboss-as and wildfly
jbosson-agent 186 - / /sbin/nologin jboss-on-agent
jbosson - 186 - - jboss-on-agent
-heat 187 187 /var/lib/heat /sbin/nologin heat
haproxy 188 188 /var/lib/haproxy /sbin/nologin haproxy
hacluster 189 - / /sbin/nologin pacemaker
haclient - 189 - - pacemaker
@@ -163,6 +163,8 @@ systemd-network 192 192 / /sbin/nologin systemd
systemd-resolve 193 193 / /sbin/nologin systemd
gnats ? ? ? ? gnats, gnats-db
listar ? ? ? ? listar
+fm 195 195 /var/lib/fm /sbin/nologin fm-mgr
nfsnobody 65534 65534 /var/lib/nfs /sbin/nologin nfs-utils
+www 1877 1877 /home/www /sbin/nologin setup
# Note: nfsnobody is 4294967294 on 64-bit platforms (-2)
--
1.8.3.1
View Git Blame Copy Permalink