From e30432f6251edf61ad04dd40a7efa43da239f3a1 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Fri, 16 Sep 2011 14:54:48 -0700 Subject: [PATCH 1/2] attempt to fix group issue --- stack.sh | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/stack.sh b/stack.sh index a093b24..ba88a01 100755 --- a/stack.sh +++ b/stack.sh @@ -322,9 +322,7 @@ if [[ "$ENABLED_SERVICES" =~ "n-cpu" ]]; then # device - used to manage qcow images) sudo modprobe nbd || true sudo modprobe kvm || true - # user needs to be member of libvirtd group for nova-compute to use libvirt - ## FIXME: this doesn't affect the current shell so you end up with a failed - ## launch of nova-compute + # User needs to be member of libvirtd group for nova-compute to use libvirt. sudo usermod -a -G libvirtd `whoami` # if kvm wasn't running before we need to restart libvirt to enable it sudo /etc/init.d/libvirt-bin restart @@ -404,7 +402,10 @@ screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.con screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf" screen_it key "$KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF" screen_it n-api "$NOVA_DIR/bin/nova-api" -screen_it n-cpu "$NOVA_DIR/bin/nova-compute" +# launch nova-compute with a new bash, since user won't be a member of libvirtd +# group in the current shell context (due to how linux works). +# TODO: newgrp might work instead... +screen_it n-cpu "bash -c $NOVA_DIR/bin/nova-compute" screen_it n-net "$NOVA_DIR/bin/nova-network" screen_it n-sch "$NOVA_DIR/bin/nova-scheduler" # nova-vncproxy binds a privileged port, and so needs sudo From 1f7176011008c77bdf0a0ec8138755dfb0a769e3 Mon Sep 17 00:00:00 2001 From: Jesse Andrews Date: Fri, 16 Sep 2011 15:18:53 -0700 Subject: [PATCH 2/2] use newgrp to launch nova-compute in a new context --- stack.sh | 15 +++++++++------ 1 file changed, 9 insertions(+), 6 deletions(-) diff --git a/stack.sh b/stack.sh index ba88a01..e9218b8 100755 --- a/stack.sh +++ b/stack.sh @@ -389,9 +389,9 @@ fi # so send the start command by forcing text into the window. # Only run the services specified in ``ENABLED_SERVICES`` -NL=`echo -ne '\015'` - +# our screen helper to launch a service in a hidden named screen function screen_it { + NL=`echo -ne '\015'` if [[ "$ENABLED_SERVICES" =~ "$1" ]]; then screen -S nova -X screen -t $1 screen -S nova -p $1 -X stuff "$2$NL" @@ -402,10 +402,13 @@ screen_it g-api "cd $GLANCE_DIR; bin/glance-api --config-file=etc/glance-api.con screen_it g-reg "cd $GLANCE_DIR; bin/glance-registry --config-file=etc/glance-registry.conf" screen_it key "$KEYSTONE_DIR/bin/keystone --config-file $KEYSTONE_CONF" screen_it n-api "$NOVA_DIR/bin/nova-api" -# launch nova-compute with a new bash, since user won't be a member of libvirtd -# group in the current shell context (due to how linux works). -# TODO: newgrp might work instead... -screen_it n-cpu "bash -c $NOVA_DIR/bin/nova-compute" +# Launching nova-compute should be as simple as running ``nova-compute`` but +# have to do a little more than that in our script. Since we add the group +# ``libvirtd`` to our user in this script, when nova-compute is run it is +# within the context of our original shell (so our groups won't be updated). +# We can send the command nova-compute to the ``newgrp`` command to execute +# in a specific context. +screen_it n-cpu "echo $NOVA_DIR/bin/nova-compute | newgrp libvirtd" screen_it n-net "$NOVA_DIR/bin/nova-network" screen_it n-sch "$NOVA_DIR/bin/nova-scheduler" # nova-vncproxy binds a privileged port, and so needs sudo