hypervisor: manage nova shell

To enable live-migration & resize feature, nova user needs to run /bin/bash shell (need from libvirt). By default packaging set /bin/nologin for some security reasons. Let's bring more flexibility and let the end user to set another shell for Nova on Hypervisor nodes. Defaults to false to keep default packaging configuration. Close #600
2014-09-30 11:06:40 -04:00 · 2014-09-30 11:06:40 -04:00 · 341e935e4c
commit 341e935e4c
parent 02af63547d
2 changed files with 38 additions and 0 deletions
--- a/manifests/compute/hypervisor.pp
+++ b/manifests/compute/hypervisor.pp
@ -49,6 +49,13 @@
 #   You may have side effects (SElinux for example).
 #   Defaults to '/var/lib/nova/instances'
 #
+# [*nova_shell*]
+#   (optional) Full path of shell to run for nova user.
+#   To disable live migration & resize, set it to '/bin/nologin' or false.
+#   Otherwise, set the value to '/bin/bash'.
+#   Need to be a valid shell path.
+#   Defaults to false
+#
 class cloud::compute::hypervisor(
  $server_proxyclient_address = '127.0.0.1',
  $libvirt_type               = 'kvm',
@ -63,6 +70,7 @@ class cloud::compute::hypervisor(
  $vm_rbd                     = false,
  $volume_rbd                 = false,
  $manage_tso                 = true,
+  $nova_shell                 = false,
  # when using NFS storage backend
  $nfs_enabled                = false,
  $nfs_device                 = false,
@ -165,6 +173,16 @@ Host *
 "
  }

+  if $nova_shell {
+    ensure_resource ('user', 'nova', {
+      'ensure'     => 'present',
+      'system'     => true,
+      'home'       => '/var/lib/nova',
+      'managehome' => false,
+      'shell'      => $nova_shell,
+    })
+  }
+
  class { 'nova::compute':
    enabled         => true,
    vnc_enabled     => false,
--- a/spec/classes/cloud_compute_hypervisor_spec.rb
+++ b/spec/classes/cloud_compute_hypervisor_spec.rb
@ -81,6 +81,7 @@ describe 'cloud::compute::hypervisor' do
        :ks_spice_public_host                 => '10.0.0.2',
        :vm_rbd                               => false,
        :volume_rbd                           => false,
+        :nova_shell                           => false,
        :ks_nova_public_host                  => '10.0.0.1' }
    end

@ -224,6 +225,10 @@ describe 'cloud::compute::hypervisor' do
      is_expected.to contain_class('ceilometer::agent::compute')
    end

+    it 'do not configure nova shell' do
+      is_expected.not_to contain_user('nova')
+    end
+
    it 'should not configure nova-compute for RBD backend' do
      is_expected.not_to contain_nova_config('libvirt/rbd_user').with('value' => 'cinder')
      is_expected.not_to contain_nova_config('libvirt/images_type').with('value' => 'rbd')
@ -320,6 +325,21 @@ describe 'cloud::compute::hypervisor' do
      end
    end

+    context 'when managing nova shell' do
+      before :each do
+        params.merge!( :nova_shell => '/bin/bash')
+      end
+      it 'ensure nova shell is configured by Puppet' do
+        is_expected.to contain_user('nova').with(
+          :ensure     => 'present',
+          :system     => true,
+          :home       => '/var/lib/nova',
+          :managehome => false,
+          :shell      => '/bin/bash'
+        )
+      end
+    end
+
    context 'with RBD backend for instances and volumes on Debian plaforms' do
      before :each do
        facts.merge!( :osfamily => 'Debian',