From 1f7176011008c77bdf0a0ec8138755dfb0a769e3 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Fri, 16 Sep 2011 15:18:53 -0700 Subject: [PATCH] use newgrp to launch nova-compute in a new context --- stack.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/stack.sh b/stack.sh index ba88a01..e9218b8 100755 --- a/stack.sh +++ b/stack.sh @@ -389,9 +389,9 @@ fi # so send the start command by forcing text into the window. # Only run the services specified in ``ENABLED_SERVICES`` -NL=`echo -ne '\015'` - +# our screen helper to launch a service in a hidden named screen function screen_it { + NL=`echo -ne '\015'` if [[ "$ENABLED_SERVICES" =~ "$1" ]]; then screen -S nova -X screen -t $1 screen -S nova -p $1 -X stuff "$2$NL" @@ -402,10 +402,13 @@ screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.con screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf" screen_it key "$KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF" screen_it n-api "$NOVA_DIR/bin/nova-api" -# launch nova-compute with a new bash, since user won't be a member of libvirtd -# group in the current shell context (due to how linux works). -# TODO: newgrp might work instead... -screen_it n-cpu "bash -c $NOVA_DIR/bin/nova-compute" +# Launching nova-compute should be as simple as running ``nova-compute`` but +# have to do a little more than that in our script. Since we add the group +# ``libvirtd`` to our user in this script, when nova-compute is run it is +# within the context of our original shell (so our groups won't be updated). +# We can send the command nova-compute to the ``newgrp`` command to execute +# in a specific context. +screen_it n-cpu "echo $NOVA_DIR/bin/nova-compute | newgrp libvirtd" screen_it n-net "$NOVA_DIR/bin/nova-network" screen_it n-sch "$NOVA_DIR/bin/nova-scheduler" # nova-vncproxy binds a privileged port, and so needs sudo