Fixes nova-compute failing to start on Fedora 18
Fixes bug #1086784
Adds a rule to the policy-kit allowing the stack user to manage libvirt
Change-Id: I6e9c0106c932f5f5f5c5c18ff79ac81a050c4599
diff --git a/lib/nova b/lib/nova
index f0456d6..2893366 100644
--- a/lib/nova
+++ b/lib/nova
@@ -247,11 +247,25 @@
LIBVIRT_DAEMON=libvirtd
fi
- # For distributions using polkit to authorize access to libvirt,
- # configure polkit accordingly.
- # Based on http://wiki.libvirt.org/page/SSHPolicyKitSetup
+
+
if is_fedora; then
- sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
+ # Starting with fedora 18 enable stack-user to virsh -c qemu:///system
+ # by creating a policy-kit rule for stack-user
+ if [[ "$os_RELEASE" -ge "18" ]]; then
+ rules_dir=/etc/polkit-1/rules.d
+ sudo mkdir -p $rules_dir
+ sudo bash -c "cat <<EOF > $rules_dir/50-libvirt-$STACK_USER.rules
+polkit.addRule(function(action, subject) {
+ if (action.id == 'org.libvirt.unix.manage' &&
+ subject.user == '"$STACK_USER"') {
+ return polkit.Result.YES;
+ }
+});
+EOF"
+ unset rules_dir
+ else
+ sudo bash -c 'cat <<EOF >/etc/polkit-1/localauthority/50-local.d/50-libvirt-remote-access.pkla
[libvirt Management Access]
Identity=unix-group:libvirtd
Action=org.libvirt.unix.manage
@@ -259,6 +273,7 @@
ResultInactive=yes
ResultActive=yes
EOF'
+ fi
elif is_suse; then
# Work around the fact that polkit-default-privs overrules pklas
# with 'unix-group:$group'.