commit
f3bd4963f2
@ -19,85 +19,24 @@
|
|||||||
"""
|
"""
|
||||||
|
|
||||||
from devstack import log as logging
|
from devstack import log as logging
|
||||||
from devstack import shell as sh
|
|
||||||
from devstack import utils
|
|
||||||
|
|
||||||
from devstack.components import db
|
from devstack.distros import rhel6
|
||||||
from devstack.components import horizon
|
|
||||||
from devstack.components import nova
|
|
||||||
|
|
||||||
LOG = logging.getLogger(__name__)
|
LOG = logging.getLogger(__name__)
|
||||||
|
|
||||||
SOCKET_CONF = "/etc/httpd/conf.d/wsgi-socket-prefix.conf"
|
|
||||||
HTTPD_CONF = '/etc/httpd/conf/httpd.conf'
|
|
||||||
|
|
||||||
# See: http://wiki.libvirt.org/page/SSHPolicyKitSetup
|
# See: http://wiki.libvirt.org/page/SSHPolicyKitSetup
|
||||||
# FIXME: take from distro config??
|
# FIXME: take from distro config??
|
||||||
# TODO(mikeyp) check correct path for fedora
|
# TODO(mikeyp) check correct path for fedora
|
||||||
LIBVIRT_POLICY_FN = "/etc/polkit-1/localauthority/50-local.d/50-libvirt-access.pkla"
|
LIBVIRT_POLICY_FN = "/etc/polkit-1/localauthority/50-local.d/50-libvirt-access.pkla"
|
||||||
LIBVIRT_POLICY_CONTENTS = """
|
|
||||||
[libvirt Management Access]
|
|
||||||
Identity={idents}
|
|
||||||
Action=org.libvirt.unix.manage
|
|
||||||
ResultAny=yes
|
|
||||||
ResultInactive=yes
|
|
||||||
ResultActive=yes
|
|
||||||
"""
|
|
||||||
DEF_IDENT = 'unix-group:libvirtd'
|
|
||||||
|
|
||||||
|
|
||||||
class DBInstaller(db.DBInstaller):
|
class DBInstaller(rhel6.DBInstaller):
|
||||||
|
pass
|
||||||
def _configure_db_confs(self):
|
|
||||||
LOG.info("Fixing up %s mysql configs.", self.distro.name)
|
|
||||||
fc = sh.load_file('/etc/my.cnf')
|
|
||||||
lines = fc.splitlines()
|
|
||||||
new_lines = list()
|
|
||||||
for line in lines:
|
|
||||||
if line.startswith('skip-grant-tables'):
|
|
||||||
line = '#' + line
|
|
||||||
new_lines.append(line)
|
|
||||||
fc = utils.joinlinesep(*new_lines)
|
|
||||||
with sh.Rooted(True):
|
|
||||||
sh.write_file('/etc/my.cnf', fc)
|
|
||||||
|
|
||||||
|
|
||||||
class HorizonInstaller(horizon.HorizonInstaller):
|
class HorizonInstaller(rhel6.HorizonInstaller):
|
||||||
|
pass
|
||||||
def _config_fixups(self):
|
|
||||||
(user, group) = self._get_apache_user_group()
|
|
||||||
# This is recorded so it gets cleaned up during uninstall
|
|
||||||
self.tracewriter.file_touched(SOCKET_CONF)
|
|
||||||
LOG.info("Fixing up %s and %s files" % (SOCKET_CONF, HTTPD_CONF))
|
|
||||||
with sh.Rooted(True):
|
|
||||||
# Fix the socket prefix to someplace we can use
|
|
||||||
fc = "WSGISocketPrefix %s" % (sh.joinpths(self.log_dir, "wsgi-socket"))
|
|
||||||
sh.write_file(SOCKET_CONF, fc)
|
|
||||||
# Now adjust the run user and group (of httpd.conf)
|
|
||||||
new_lines = list()
|
|
||||||
for line in sh.load_file(HTTPD_CONF).splitlines():
|
|
||||||
if line.startswith("User "):
|
|
||||||
line = "User %s" % (user)
|
|
||||||
if line.startswith("Group "):
|
|
||||||
line = "Group %s" % (group)
|
|
||||||
new_lines.append(line)
|
|
||||||
sh.write_file(HTTPD_CONF, utils.joinlinesep(*new_lines))
|
|
||||||
|
|
||||||
|
|
||||||
class NovaInstaller(nova.NovaInstaller):
|
class NovaInstaller(rhel6.NovaInstaller):
|
||||||
|
pass
|
||||||
def configure(self):
|
|
||||||
configs_made = nova.NovaInstaller.configure(self)
|
|
||||||
driver_canon = nova.canon_virt_driver(self.cfg.get('nova', 'virt_driver'))
|
|
||||||
if driver_canon == 'libvirt':
|
|
||||||
ident_users = set()
|
|
||||||
ident_users.add(DEF_IDENT)
|
|
||||||
ident_users.add('unix-user:%s' % (sh.getuser()))
|
|
||||||
fc_contents = LIBVIRT_POLICY_CONTENTS.format(idents=(";".join(ident_users)))
|
|
||||||
with sh.Rooted(True):
|
|
||||||
dirs_made = sh.mkdirslist(sh.dirname(LIBVIRT_POLICY_FN))
|
|
||||||
sh.write_file(LIBVIRT_POLICY_FN, fc_contents)
|
|
||||||
self.tracewriter.cfg_file_written(LIBVIRT_POLICY_FN)
|
|
||||||
self.tracewriter.dirs_made(*dirs_made)
|
|
||||||
configs_made += 1
|
|
||||||
return configs_made
|
|
||||||
|
@ -87,18 +87,28 @@ class HorizonInstaller(horizon.HorizonInstaller):
|
|||||||
|
|
||||||
class NovaInstaller(nova.NovaInstaller):
|
class NovaInstaller(nova.NovaInstaller):
|
||||||
|
|
||||||
|
def _get_policy(self, ident_users):
|
||||||
|
fn = LIBVIRT_POLICY_FN
|
||||||
|
contents = LIBVIRT_POLICY_CONTENTS.format(idents=(";".join(ident_users)))
|
||||||
|
return (fn, contents)
|
||||||
|
|
||||||
|
def _get_policy_users(self):
|
||||||
|
ident_users = set()
|
||||||
|
ident_users.add(DEF_IDENT)
|
||||||
|
ident_users.add('unix-user:%s' % (sh.getuser()))
|
||||||
|
return ident_users
|
||||||
|
|
||||||
def configure(self):
|
def configure(self):
|
||||||
configs_made = nova.NovaInstaller.configure(self)
|
configs_made = nova.NovaInstaller.configure(self)
|
||||||
driver_canon = nova.canon_virt_driver(self.cfg.get('nova', 'virt_driver'))
|
driver_canon = nova.canon_virt_driver(self.cfg.get('nova', 'virt_driver'))
|
||||||
if driver_canon == 'libvirt':
|
if driver_canon == 'libvirt':
|
||||||
ident_users = set()
|
(fn, contents) = self._get_policy(self._get_policy_users())
|
||||||
ident_users.add(DEF_IDENT)
|
dirs_made = list()
|
||||||
ident_users.add('unix-user:%s' % (sh.getuser()))
|
|
||||||
fc_contents = LIBVIRT_POLICY_CONTENTS.format(idents=(";".join(ident_users)))
|
|
||||||
with sh.Rooted(True):
|
with sh.Rooted(True):
|
||||||
dirs_made = sh.mkdirslist(sh.dirname(LIBVIRT_POLICY_FN))
|
# TODO check if this dir is restricted before assuming it isn't?
|
||||||
sh.write_file(LIBVIRT_POLICY_FN, fc_contents)
|
dirs_made.extend(sh.mkdirslist(sh.dirname(fn)))
|
||||||
self.tracewriter.cfg_file_written(LIBVIRT_POLICY_FN)
|
sh.write_file(fn, contents)
|
||||||
|
self.tracewriter.cfg_file_written(fn)
|
||||||
self.tracewriter.dirs_made(*dirs_made)
|
self.tracewriter.dirs_made(*dirs_made)
|
||||||
configs_made += 1
|
configs_made += 1
|
||||||
return configs_made
|
return configs_made
|
||||||
|
Loading…
Reference in New Issue
Block a user