Have all os-refresh-config elements use su instead of sudo
Using sudo -u to change users for a command can fail if sudo thinks it needs a controlling TTY as part of its authentication. Since this is the default config, that means that whenever the command is run in an environment that does not have a TTY (such as from init(1)), sudo will die. su does not care or check for a controlling TTY, so it will succeed as long as it is being run by root (which should be the case for all os-refresh-config elements). Therefore, instead of using sudo -u <username> -- <command> to run commands as other users, use su -s /bin/bash -c "<command>" <username> This will allow things to function in the face of a misconfigured sudo as well as allow commands to run against an account that has been locked out or has a shell that otherwise restricts what commands can be run. Change-Id: I5cc518ce42536a09e9f25c6635e191884aaaef92
This commit is contained in:
Victor Lowther
Chris Dearborn
parent
6b6d7b42f8
commit
b1197b3819
|
|
@ -2,5 +2,5 @@
|
|||
set -eux
|
||||
|
||||
if os-is-bootstrap-host ; then
|
||||
sudo -u ceilometer -- ceilometer-dbsync --config-file /etc/ceilometer/ceilometer.conf
|
||||
su -s /bin/bash -c 'ceilometer-dbsync --config-file /etc/ceilometer/ceilometer.conf' ceilometer
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -2,5 +2,5 @@
|
|||
set -eux
|
||||
|
||||
if os-is-bootstrap-host ; then
|
||||
sudo -u cinder -- cinder-manage db sync
|
||||
su -s /bin/bash -c 'cinder-manage db sync' cinder
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -2,5 +2,5 @@
|
|||
set -eux
|
||||
|
||||
if os-is-bootstrap-host ; then
|
||||
sudo -u glance -- glance-manage db sync
|
||||
su -s /bin/bash -c 'glance-manage db sync' glance
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -3,5 +3,5 @@ set -eux
|
|||
set -o pipefail
|
||||
|
||||
if os-is-bootstrap-host ; then
|
||||
sudo -u heat -- heat-manage db_sync
|
||||
su -s /bin/bash -c 'heat-manage db_sync' heat
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -3,5 +3,5 @@ set -eux
|
|||
set -o pipefail
|
||||
|
||||
if os-is-bootstrap-host ; then
|
||||
sudo -u ironic -- ironic-dbsync --config-file /etc/ironic/ironic.conf
|
||||
su -s /bin/bash -c 'ironic-dbsync --config-file /etc/ironic/ironic.conf' ironic
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -3,5 +3,5 @@ set -eux
|
|||
set -o pipefail
|
||||
|
||||
if os-is-bootstrap-host ; then
|
||||
sudo -u keystone -- keystone-manage db_sync
|
||||
su -s /bin/bash -c 'keystone-manage db_sync' keystone
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -2,5 +2,5 @@
|
|||
set -eux
|
||||
|
||||
if os-is-bootstrap-host ; then
|
||||
sudo -u nova -- nova-manage db sync
|
||||
su -s /bin/bash -c 'nova-manage db sync' nova
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -2,5 +2,5 @@
|
|||
set -eux
|
||||
|
||||
if os-is-bootstrap-host ; then
|
||||
sudo -u nova -- nova-baremetal-manage db sync
|
||||
su -s /bin/bash -c 'nova-baremetal-manage db sync' nova
|
||||
fi
|
||||
|
|
|
|||
|
|
@ -4,7 +4,7 @@ set -eux
|
|||
mkdir -p /mnt/state/var/log/trove
|
||||
chown -R trove:trove /mnt/state/var/log/trove
|
||||
|
||||
sudo -u trove -- trove-manage --config-file /etc/trove/trove.conf db_sync
|
||||
su -s /bin/bash -c 'trove-manage --config-file /etc/trove/trove.conf db_sync' trove
|
||||
|
||||
os-svc-enable -n trove-api
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,7 @@ if [ -z "$TUSKAR_ROLE_DIRECTORY" ]; then
|
|||
fi
|
||||
|
||||
if os-is-bootstrap-host ; then
|
||||
sudo -u tuskar -- tuskar-dbsync --config-file $TUSKAR_CONF
|
||||
su -s /bin/bash -c "tuskar-dbsync --config-file $TUSKAR_CONF" tuskar
|
||||
|
||||
# pop trailing / from role directory if it is there
|
||||
TUSKAR_ROLE_DIRECTORY=`echo $TUSKAR_ROLE_DIRECTORY | sed 's/\/$//'`
|
||||
|
|
|
|||
Loading…
Reference in New Issue