Fix "sudo: sorry, you must have a tty to run sudo"
On many systems the requiretty sudoers option is turned on by default.
With "requiretty" option the sudo ensures the user have real tty access.
Just several "su" variant has an option for skipping the new session creation step.
Only one session can posses a tty, so after a "su -c" the sudo will not
work.
We will use sudo instead of su, when we create the stack account.
This change adds new variable the STACK_USER for
service username.
Change-Id: I1b3fbd903686884e74a5a22d82c0c0890e1be03c
diff --git a/lib/baremetal b/lib/baremetal
index 112fd6d..3cc2429 100644
--- a/lib/baremetal
+++ b/lib/baremetal
@@ -200,14 +200,14 @@
sudo mkdir -p /tftpboot
sudo mkdir -p /tftpboot/pxelinux.cfg
sudo cp /usr/lib/syslinux/pxelinux.0 /tftpboot/
- sudo chown -R `whoami`:libvirtd /tftpboot
+ sudo chown -R $STACK_USER:libvirtd /tftpboot
# ensure $NOVA_STATE_PATH/baremetal is prepared
sudo mkdir -p $NOVA_STATE_PATH/baremetal
sudo mkdir -p $NOVA_STATE_PATH/baremetal/console
sudo mkdir -p $NOVA_STATE_PATH/baremetal/dnsmasq
sudo touch $NOVA_STATE_PATH/baremetal/dnsmasq/dnsmasq-dhcp.host
- sudo chown -R `whoami` $NOVA_STATE_PATH/baremetal
+ sudo chown -R $STACK_USER $NOVA_STATE_PATH/baremetal
# ensure dnsmasq is installed but not running
# because baremetal driver will reconfigure and restart this as needed
diff --git a/lib/ceilometer b/lib/ceilometer
index 749e785..0fae397 100644
--- a/lib/ceilometer
+++ b/lib/ceilometer
@@ -9,6 +9,7 @@
# - OS_AUTH_URL for auth in api
# - DEST set to the destination directory
# - SERVICE_PASSWORD, SERVICE_TENANT_NAME for auth in api
+# - STACK_USER service user
# stack.sh
# ---------
@@ -94,7 +95,7 @@
function init_ceilometer() {
# Create cache dir
sudo mkdir -p $CEILOMETER_AUTH_CACHE_DIR
- sudo chown `whoami` $CEILOMETER_AUTH_CACHE_DIR
+ sudo chown $STACK_USER $CEILOMETER_AUTH_CACHE_DIR
rm -f $CEILOMETER_AUTH_CACHE_DIR/*
}
diff --git a/lib/cinder b/lib/cinder
index 4aaea5d..cbeb1d7 100644
--- a/lib/cinder
+++ b/lib/cinder
@@ -3,7 +3,7 @@
# Dependencies:
# - functions
-# - DEST, DATA_DIR must be defined
+# - DEST, DATA_DIR, STACK_USER must be defined
# SERVICE_{TENANT_NAME|PASSWORD} must be defined
# ``KEYSTONE_TOKEN_FORMAT`` must be defined
@@ -110,7 +110,7 @@
if [[ ! -d $CINDER_CONF_DIR ]]; then
sudo mkdir -p $CINDER_CONF_DIR
fi
- sudo chown `whoami` $CINDER_CONF_DIR
+ sudo chown $STACK_USER $CINDER_CONF_DIR
cp -p $CINDER_DIR/etc/cinder/policy.json $CINDER_CONF_DIR
@@ -295,7 +295,7 @@
# Create cache dir
sudo mkdir -p $CINDER_AUTH_CACHE_DIR
- sudo chown `whoami` $CINDER_AUTH_CACHE_DIR
+ sudo chown $STACK_USER $CINDER_AUTH_CACHE_DIR
rm -f $CINDER_AUTH_CACHE_DIR/*
}
diff --git a/lib/glance b/lib/glance
index dff247a..1c56a67 100644
--- a/lib/glance
+++ b/lib/glance
@@ -3,7 +3,7 @@
# Dependencies:
# ``functions`` file
-# ``DEST``, ``DATA_DIR`` must be defined
+# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``SERVICE_HOST``
# ``KEYSTONE_TOKEN_FORMAT`` must be defined
@@ -75,7 +75,7 @@
if [[ ! -d $GLANCE_CONF_DIR ]]; then
sudo mkdir -p $GLANCE_CONF_DIR
fi
- sudo chown `whoami` $GLANCE_CONF_DIR
+ sudo chown $STACK_USER $GLANCE_CONF_DIR
# Copy over our glance configurations and update them
cp $GLANCE_DIR/etc/glance-registry.conf $GLANCE_REGISTRY_CONF
@@ -158,10 +158,10 @@
# Create cache dir
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/api
- sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/api
+ sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/api
rm -f $GLANCE_AUTH_CACHE_DIR/api/*
sudo mkdir -p $GLANCE_AUTH_CACHE_DIR/registry
- sudo chown `whoami` $GLANCE_AUTH_CACHE_DIR/registry
+ sudo chown $STACK_USER $GLANCE_AUTH_CACHE_DIR/registry
rm -f $GLANCE_AUTH_CACHE_DIR/registry/*
}
diff --git a/lib/heat b/lib/heat
index a6f7286..89bd44f 100644
--- a/lib/heat
+++ b/lib/heat
@@ -49,7 +49,7 @@
if [[ ! -d $HEAT_CONF_DIR ]]; then
sudo mkdir -p $HEAT_CONF_DIR
fi
- sudo chown `whoami` $HEAT_CONF_DIR
+ sudo chown $STACK_USER $HEAT_CONF_DIR
HEAT_API_CFN_HOST=${HEAT_API_CFN_HOST:-$SERVICE_HOST}
HEAT_API_CFN_PORT=${HEAT_API_CFN_PORT:-8000}
diff --git a/lib/keystone b/lib/keystone
index 34f3372..7a70cc4 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -7,6 +7,7 @@
# ``SERVICE_HOST``, ``SERVICE_PROTOCOL``
# ``SERVICE_TOKEN``
# ``S3_SERVICE_PORT`` (template backend only)
+# ``STACK_USER``
# ``stack.sh`` calls the entry points in this order:
#
@@ -79,7 +80,7 @@
if [[ ! -d $KEYSTONE_CONF_DIR ]]; then
sudo mkdir -p $KEYSTONE_CONF_DIR
fi
- sudo chown `whoami` $KEYSTONE_CONF_DIR
+ sudo chown $STACK_USER $KEYSTONE_CONF_DIR
if [[ "$KEYSTONE_CONF_DIR" != "$KEYSTONE_DIR/etc" ]]; then
cp -p $KEYSTONE_DIR/etc/keystone.conf.sample $KEYSTONE_CONF
@@ -261,7 +262,7 @@
# Create cache dir
sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
- sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR
+ sudo chown $STACK_USER $KEYSTONE_AUTH_CACHE_DIR
rm -f $KEYSTONE_AUTH_CACHE_DIR/*
fi
}
diff --git a/lib/nova b/lib/nova
index 781cc09..9803acb 100644
--- a/lib/nova
+++ b/lib/nova
@@ -3,7 +3,7 @@
# Dependencies:
# ``functions`` file
-# ``DEST``, ``DATA_DIR`` must be defined
+# ``DEST``, ``DATA_DIR``, ``STACK_USER`` must be defined
# ``SERVICE_{TENANT_NAME|PASSWORD}`` must be defined
# ``LIBVIRT_TYPE`` must be defined
# ``INSTANCE_NAME_PREFIX``, ``VOLUME_NAME_PREFIX`` must be defined
@@ -149,7 +149,7 @@
if [[ ! -d $NOVA_CONF_DIR ]]; then
sudo mkdir -p $NOVA_CONF_DIR
fi
- sudo chown `whoami` $NOVA_CONF_DIR
+ sudo chown $STACK_USER $NOVA_CONF_DIR
cp -p $NOVA_DIR/etc/nova/policy.json $NOVA_CONF_DIR
@@ -277,7 +277,7 @@
if ! getent group libvirtd >/dev/null; then
sudo groupadd libvirtd
fi
- add_user_to_group `whoami` libvirtd
+ add_user_to_group $STACK_USER libvirtd
# libvirt detects various settings on startup, as we potentially changed
# the system configuration (modules, filesystems), we need to restart
@@ -297,7 +297,7 @@
if [ -L /dev/disk/by-label/nova-instances ]; then
if ! mount -n | grep -q $NOVA_INSTANCES_PATH; then
sudo mount -L nova-instances $NOVA_INSTANCES_PATH
- sudo chown -R `whoami` $NOVA_INSTANCES_PATH
+ sudo chown -R $STACK_USER $NOVA_INSTANCES_PATH
fi
fi
@@ -474,13 +474,13 @@
# Create cache dir
sudo mkdir -p $NOVA_AUTH_CACHE_DIR
- sudo chown `whoami` $NOVA_AUTH_CACHE_DIR
+ sudo chown $STACK_USER $NOVA_AUTH_CACHE_DIR
rm -f $NOVA_AUTH_CACHE_DIR/*
# Create the keys folder
sudo mkdir -p ${NOVA_STATE_PATH}/keys
# make sure we own NOVA_STATE_PATH and all subdirs
- sudo chown -R `whoami` ${NOVA_STATE_PATH}
+ sudo chown -R $STACK_USER ${NOVA_STATE_PATH}
}
# install_novaclient() - Collect source and prepare
diff --git a/lib/quantum b/lib/quantum
index f74eead..f081d9b 100644
--- a/lib/quantum
+++ b/lib/quantum
@@ -388,7 +388,7 @@
if [[ ! -d $QUANTUM_CONF_DIR ]]; then
sudo mkdir -p $QUANTUM_CONF_DIR
fi
- sudo chown `whoami` $QUANTUM_CONF_DIR
+ sudo chown $STACK_USER $QUANTUM_CONF_DIR
cp $QUANTUM_DIR/etc/quantum.conf $QUANTUM_CONF
@@ -730,7 +730,7 @@
iniset $conf_file $section signing_dir $QUANTUM_AUTH_CACHE_DIR
# Create cache dir
sudo mkdir -p $QUANTUM_AUTH_CACHE_DIR
- sudo chown `whoami` $QUANTUM_AUTH_CACHE_DIR
+ sudo chown $STACK_USER $QUANTUM_AUTH_CACHE_DIR
rm -f $QUANTUM_AUTH_CACHE_DIR/*
}
diff --git a/lib/ryu b/lib/ryu
index ac3462b..1292313 100644
--- a/lib/ryu
+++ b/lib/ryu
@@ -27,7 +27,7 @@
if [[ ! -d $RYU_CONF_DIR ]]; then
sudo mkdir -p $RYU_CONF_DIR
fi
- sudo chown `whoami` $RYU_CONF_DIR
+ sudo chown $STACK_USER $RYU_CONF_DIR
RYU_CONF=$RYU_CONF_DIR/ryu.conf
sudo rm -rf $RYU_CONF
diff --git a/lib/swift b/lib/swift
index b418eda..46c6eb2 100644
--- a/lib/swift
+++ b/lib/swift
@@ -4,6 +4,7 @@
# Dependencies:
# ``functions`` file
# ``DEST``, ``SCREEN_NAME``, `SWIFT_HASH` must be defined
+# ``STACK_USER`` must be defined
# ``SWIFT_DATA_DIR`` or ``DATA_DIR`` must be defined
# ``lib/keystone`` file
# ``stack.sh`` calls the entry points in this order:
@@ -333,7 +334,7 @@
# Create cache dir
sudo mkdir -p $SWIFT_AUTH_CACHE_DIR
- sudo chown `whoami` $SWIFT_AUTH_CACHE_DIR
+ sudo chown $STACK_USER $SWIFT_AUTH_CACHE_DIR
rm -f $SWIFT_AUTH_CACHE_DIR/*
}
diff --git a/stack.sh b/stack.sh
index da62353..9b084be 100755
--- a/stack.sh
+++ b/stack.sh
@@ -177,40 +177,43 @@
# sudo privileges and runs as that user.
if [[ $EUID -eq 0 ]]; then
+ STACK_USER=$DEFAULT_STACK_USER
ROOTSLEEP=${ROOTSLEEP:-10}
echo "You are running this script as root."
- echo "In $ROOTSLEEP seconds, we will create a user 'stack' and run as that user"
+ echo "In $ROOTSLEEP seconds, we will create a user '$STACK_USER' and run as that user"
sleep $ROOTSLEEP
# Give the non-root user the ability to run as **root** via ``sudo``
is_package_installed sudo || install_package sudo
- if ! getent group stack >/dev/null; then
- echo "Creating a group called stack"
- groupadd stack
+ if ! getent group $STACK_USER >/dev/null; then
+ echo "Creating a group called $STACK_USER"
+ groupadd $STACK_USER
fi
- if ! getent passwd stack >/dev/null; then
- echo "Creating a user called stack"
- useradd -g stack -s /bin/bash -d $DEST -m stack
+ if ! getent passwd $STACK_USER >/dev/null; then
+ echo "Creating a user called $STACK_USER"
+ useradd -g $STACK_USER -s /bin/bash -d $DEST -m $STACK_USER
fi
echo "Giving stack user passwordless sudo privileges"
# UEC images ``/etc/sudoers`` does not have a ``#includedir``, add one
grep -q "^#includedir.*/etc/sudoers.d" /etc/sudoers ||
echo "#includedir /etc/sudoers.d" >> /etc/sudoers
- ( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \
+ ( umask 226 && echo "$STACK_USER ALL=(ALL) NOPASSWD:ALL" \
> /etc/sudoers.d/50_stack_sh )
- echo "Copying files to stack user"
+ echo "Copying files to $STACK_USER user"
STACK_DIR="$DEST/${TOP_DIR##*/}"
cp -r -f -T "$TOP_DIR" "$STACK_DIR"
- chown -R stack "$STACK_DIR"
+ chown -R $STACK_USER "$STACK_DIR"
+ cd "$STACK_DIR"
if [[ "$SHELL_AFTER_RUN" != "no" ]]; then
- exec su -c "set -e; cd $STACK_DIR; bash stack.sh; bash" stack
+ exec sudo -u $STACK_USER bash -l -c "set -e; bash stack.sh; bash"
else
- exec su -c "set -e; cd $STACK_DIR; bash stack.sh" stack
+ exec sudo -u $STACK_USER bash -l -c "set -e; source stack.sh"
fi
exit 1
else
+ STACK_USER=`whoami`
# We're not **root**, make sure ``sudo`` is available
is_package_installed sudo || die "Sudo is required. Re-run stack.sh as root ONE TIME ONLY to set up sudo."
@@ -220,10 +223,10 @@
# Set up devstack sudoers
TEMPFILE=`mktemp`
- echo "`whoami` ALL=(root) NOPASSWD:ALL" >$TEMPFILE
+ echo "$STACK_USER ALL=(root) NOPASSWD:ALL" >$TEMPFILE
# Some binaries might be under /sbin or /usr/sbin, so make sure sudo will
# see them by forcing PATH
- echo "Defaults:`whoami` secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
+ echo "Defaults:$STACK_USER secure_path=/sbin:/usr/sbin:/usr/bin:/bin:/usr/local/sbin:/usr/local/bin" >> $TEMPFILE
chmod 0440 $TEMPFILE
sudo chown root:root $TEMPFILE
sudo mv $TEMPFILE /etc/sudoers.d/50_stack_sh
@@ -235,7 +238,7 @@
# Create the destination directory and ensure it is writable by the user
sudo mkdir -p $DEST
if [ ! -w $DEST ]; then
- sudo chown `whoami` $DEST
+ sudo chown $STACK_USER $DEST
fi
# Set ``OFFLINE`` to ``True`` to configure ``stack.sh`` to run cleanly without
@@ -251,7 +254,7 @@
# Destination path for service data
DATA_DIR=${DATA_DIR:-${DEST}/data}
sudo mkdir -p $DATA_DIR
-sudo chown `whoami` $DATA_DIR
+sudo chown $STACK_USER $DATA_DIR
# Common Configuration
diff --git a/stackrc b/stackrc
index 4e03a2f..96f0ee5 100644
--- a/stackrc
+++ b/stackrc
@@ -12,6 +12,9 @@
# Select the default database
DATABASE_TYPE=mysql
+# Default stack user
+DEFAULT_STACK_USER=stack
+
# Specify which services to launch. These generally correspond to
# screen tabs. To change the default list, use the ``enable_service`` and
# ``disable_service`` functions in ``localrc``.
diff --git a/tools/build_ramdisk.sh b/tools/build_ramdisk.sh
index 5ff05b0..cfcca51 100755
--- a/tools/build_ramdisk.sh
+++ b/tools/build_ramdisk.sh
@@ -125,17 +125,17 @@
# Create a stack user that is a member of the libvirtd group so that stack
# is able to interact with libvirt.
chroot $MNTDIR groupadd libvirtd
- chroot $MNTDIR useradd stack -s /bin/bash -d $DEST -G libvirtd
+ chroot $MNTDIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd
mkdir -p $MNTDIR/$DEST
- chroot $MNTDIR chown stack $DEST
+ chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST
# A simple password - pass
- echo stack:pass | chroot $MNTDIR chpasswd
+ echo $DEFAULT_STACK_USER:pass | chroot $MNTDIR chpasswd
echo root:$ROOT_PASSWORD | chroot $MNTDIR chpasswd
# And has sudo ability (in the future this should be limited to only what
# stack requires)
- echo "stack ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers
+ echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $MNTDIR/etc/sudoers
umount $MNTDIR
rmdir $MNTDIR
@@ -187,7 +187,7 @@
# Use this version of devstack
rm -rf $MNTDIR/$DEST/devstack
cp -pr $CWD $MNTDIR/$DEST/devstack
-chroot $MNTDIR chown -R stack $DEST/devstack
+chroot $MNTDIR chown -R $DEFAULT_STACK_USER $DEST/devstack
# Configure host network for DHCP
mkdir -p $MNTDIR/etc/network
@@ -225,7 +225,7 @@
# Make the run.sh executable
chmod 755 $RUN_SH
-chroot $MNTDIR chown stack $DEST/run.sh
+chroot $MNTDIR chown $DEFAULT_STACK_USER $DEST/run.sh
umount $MNTDIR
rmdir $MNTDIR
diff --git a/tools/build_uec.sh b/tools/build_uec.sh
index 58c5425..5748b39 100755
--- a/tools/build_uec.sh
+++ b/tools/build_uec.sh
@@ -207,11 +207,11 @@
`cat $TOP_DIR/localrc`
LOCAL_EOF
fi
-useradd -U -G sudo -s /bin/bash -d /opt/stack -m stack
-echo stack:pass | chpasswd
+useradd -U -G sudo -s /bin/bash -d /opt/stack -m $DEFAULT_STACK_USER
+echo $DEFAULT_STACK_USER:pass | chpasswd
mkdir -p /opt/stack/.ssh
echo "$PUB_KEY" > /opt/stack/.ssh/authorized_keys
-chown -R stack /opt/stack
+chown -R $DEFAULT_STACK_USER /opt/stack
chmod 700 /opt/stack/.ssh
chmod 600 /opt/stack/.ssh/authorized_keys
@@ -224,7 +224,7 @@
# Run stack.sh
cat >> $vm_dir/uec/user-data<<EOF
-su -c "cd /opt/stack/devstack && ./stack.sh" stack
+sudo -u $DEFAULT_STACK_USER bash -l -c "cd /opt/stack/devstack && ./stack.sh"
EOF
# (re)start a metadata service
diff --git a/tools/copy_dev_environment_to_uec.sh b/tools/copy_dev_environment_to_uec.sh
index 683a0d6..add4ff6 100755
--- a/tools/copy_dev_environment_to_uec.sh
+++ b/tools/copy_dev_environment_to_uec.sh
@@ -18,6 +18,9 @@
# Change dir to top of devstack
cd $TOP_DIR
+# Source params
+source ./stackrc
+
# Echo usage
usage() {
echo "Add stack user and keys"
@@ -43,13 +46,13 @@
# Create a stack user that is a member of the libvirtd group so that stack
# is able to interact with libvirt.
chroot $STAGING_DIR groupadd libvirtd || true
-chroot $STAGING_DIR useradd stack -s /bin/bash -d $DEST -G libvirtd || true
+chroot $STAGING_DIR useradd $DEFAULT_STACK_USER -s /bin/bash -d $DEST -G libvirtd || true
# Add a simple password - pass
-echo stack:pass | chroot $STAGING_DIR chpasswd
+echo $DEFAULT_STACK_USER:pass | chroot $STAGING_DIR chpasswd
# Configure sudo
-( umask 226 && echo "stack ALL=(ALL) NOPASSWD:ALL" \
+( umask 226 && echo "$DEFAULT_STACK_USER ALL=(ALL) NOPASSWD:ALL" \
> $STAGING_DIR/etc/sudoers.d/50_stack_sh )
# Copy over your ssh keys and env if desired
@@ -64,7 +67,7 @@
cp_it . $STAGING_DIR/$DEST/devstack
# Give stack ownership over $DEST so it may do the work needed
-chroot $STAGING_DIR chown -R stack $DEST
+chroot $STAGING_DIR chown -R $DEFAULT_STACK_USER $DEST
# Unmount
umount $STAGING_DIR
diff --git a/tools/xen/build_xva.sh b/tools/xen/build_xva.sh
index c359c55..f3f166f 100755
--- a/tools/xen/build_xva.sh
+++ b/tools/xen/build_xva.sh
@@ -65,8 +65,8 @@
cat <<EOF >$STAGING_DIR/etc/rc.local
# network restart required for getting the right gateway
/etc/init.d/networking restart
-chown -R stack /opt/stack
-su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" stack
+chown -R $DEFAULT_STACK_USER /opt/stack
+su -c "/opt/stack/run.sh > /opt/stack/run.sh.log" $DEFAULT_STACK_USER
exit 0
EOF
diff --git a/tools/xen/prepare_guest.sh b/tools/xen/prepare_guest.sh
index 4aa4554..fe52445 100755
--- a/tools/xen/prepare_guest.sh
+++ b/tools/xen/prepare_guest.sh
@@ -19,6 +19,7 @@
STAGING_DIR=${STAGING_DIR:-stage}
DO_TGZ=${DO_TGZ:-1}
XS_TOOLS_PATH=${XS_TOOLS_PATH:-"/root/xs-tools.deb"}
+STACK_USER=${STACK_USER:-stack}
# Install basics
chroot $STAGING_DIR apt-get update
@@ -46,12 +47,12 @@
# Add stack user
chroot $STAGING_DIR groupadd libvirtd
-chroot $STAGING_DIR useradd stack -s /bin/bash -d /opt/stack -G libvirtd
-echo stack:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd
-echo "stack ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers
+chroot $STAGING_DIR useradd $STACK_USER -s /bin/bash -d /opt/stack -G libvirtd
+echo $STACK_USER:$GUEST_PASSWORD | chroot $STAGING_DIR chpasswd
+echo "$STACK_USER ALL=(ALL) NOPASSWD: ALL" >> $STAGING_DIR/etc/sudoers
# Give ownership of /opt/stack to stack user
-chroot $STAGING_DIR chown -R stack /opt/stack
+chroot $STAGING_DIR chown -R $STACK_USER /opt/stack
# Make our ip address hostnames look nice at the command prompt
echo "export PS1='${debian_chroot:+($debian_chroot)}\\u@\\H:\\w\\$ '" >> $STAGING_DIR/opt/stack/.bashrc