From 742ea276d8b034513505858dc5319381b1b6ef53 Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Tue, 15 Apr 2014 09:58:26 +0200 Subject: [PATCH] identity: write db_sync logging with keystone user When bootstrapping cloud::identity, the DB is populated with keystone-manage and tries to write logs in /var/log/keystone as root user by default. The problem is that if we don't use syslog, keystone won't be able to start because of permissions issues, because Keystone can't write in keystone.log who belongs to root user. We should use 'keystone' user to run the command. Signed-off-by: Emilien Macchi --- manifests/identity.pp | 4 +++- spec/classes/cloud_identity_spec.rb | 4 +++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/manifests/identity.pp b/manifests/identity.pp index 113151bb..d986d83a 100644 --- a/manifests/identity.pp +++ b/manifests/identity.pp @@ -558,7 +558,9 @@ class cloud::identity ( # We have to do this only on the primary node of the galera cluster to avoid race condition # https://github.com/enovance/puppet-openstack-cloud/issues/156 exec {'keystone_db_sync': - command => '/usr/bin/keystone-manage db_sync', + command => 'keystone-manage db_sync', + path => '/usr/bin', + user => 'keystone', unless => "/usr/bin/mysql keystone -h ${keystone_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables" } diff --git a/spec/classes/cloud_identity_spec.rb b/spec/classes/cloud_identity_spec.rb index b5eb19bc..baaf0b4e 100644 --- a/spec/classes/cloud_identity_spec.rb +++ b/spec/classes/cloud_identity_spec.rb @@ -118,7 +118,9 @@ describe 'cloud::identity' do it 'checks if Keystone DB is populated' do should contain_exec('keystone_db_sync').with( - :command => '/usr/bin/keystone-manage db_sync', + :command => 'keystone-manage db_sync', + :path => '/usr/bin', + :user => 'keystone', :unless => '/usr/bin/mysql keystone -h 10.0.0.1 -u keystone -psecrete -e "show tables" | /bin/grep Tables' ) end