openstack
/
openstack-ansible-os_nova
Code Issues Proposed changes

Fix permissions for the Nova lock directory in systemd 

The directory set as `lock_path` in `nova.conf` must be created with
the nova system user as its owner, otherwise the VIF plugin would fail
to acquire a lock when launching an instance.

Here we set up systemd to create this directory with correct owner and
permissions, besides moving its path to a `nova_lock_path` variable.

Apparently, the `/var/lock/{{ item.value.service_name }}` directory,
which is also created by `nova-systemd-tempfiles.j2`, is not needed at
all. But as this patch is intended to be backported to a stable release,
we keep it by now to avoid any unforeseen issues.

Change-Id: I9886778eddc23f0f71dfdfc87f4f715054946b3d
Closes-Bug: #1636604
This commit is contained in:
Paulo Matias 2016-10-27 17:24:50 -02:00
parent fa5fbc12f6
commit 1d4c3ad6ec
4 changed files with 5 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
defaults/main.yml
View File

@ -54,6 +54,8 @@ nova_system_comment: nova system user
nova_system_home_folder: "/var/lib/{{ nova_system_user_name }}"
nova_libvirt_save_path: "{{ nova_system_home_folder }}/save"
nova_lock_path: "/var/lock/nova"
## Manually specified nova UID/GID
# Deployers can specify a UID for the nova user as well as the GID for the
# nova group if needed. This is commonly used in environments where shared

2
tasks/nova_pre_install.yml
View File

@ -69,7 +69,7 @@
- { path: "{{ nova_system_home_folder }}/cache/api" }
- { path: "{{ nova_system_home_folder }}/instances" }
- { path: "{{ nova_libvirt_save_path }}", mode: "0750" }
- { path: "/var/lock/nova" }
- { path: "{{ nova_lock_path }}" }
- { path: "/var/run/nova" }
tags:
- nova-dirs

1
templates/nova-systemd-tempfiles.j2
View File

@ -2,3 +2,4 @@
D /var/lock/{{ item.value.service_name }} 2755 {{ nova_system_user_name }} {{ nova_system_group_name }}
D /var/run/{{ item.value.service_name }} 2755 {{ nova_system_user_name }} {{ nova_system_group_name }}
D {{ nova_lock_path }} 2755 {{ nova_system_user_name }} {{ nova_system_group_name }}

2
templates/nova.conf.j2
View File

@ -242,7 +242,7 @@ pool_timeout = {{ nova_api_db_pool_timeout }}
[oslo_concurrency]
lock_path = /var/lock/nova
lock_path = {{ nova_lock_path }}
[oslo_messaging_rabbit]