Gitiles
Code Review Sign In
gerrit.mcp.mirantis.com / salt-formulas / nova / f50f0c0be719abfdf88cdd2add89c200afc51419^! / .
commitf50f0c0be719abfdf88cdd2add89c200afc51419[log] [tgz]
authorkkalynovskyi <kkalynovskyi@mirantis.com>Tue Dec 12 17:52:57 2017 +0200
committerKostiantyn Kalynovskyi <kkalynovskyi@mirantis.com>Tue Dec 12 21:58:15 2017 +0200
tree9b0feac1df9ecd9ba90778a4bf58c788232451a8
parent3f25ec640613faab587308793a33731b4ccc4ffe [diff]
[PROD-16118] Adding feature to control user/group

Change allows to set user and group for QEMU processes run by the system instance
And specify whether libvirt should dynamically change file ownership to match the
Configured user/group above
Related-Prod: PROD-16118

Change-Id: I700f7cd373fffea82a0b1c3b0e22bfd9b2ef3a48

diff --git a/README.rst b/README.rst
index c3a67f1..64d546a 100644
--- a/README.rst
+++ b/README.rst

@@ -280,6 +280,19 @@
           max_processes: 4096
         host: node-12.domain.tld
 
+Group and user to be used for QEMU processes run by the system instance
+
+.. code-block:: yaml
+
+    nova:
+      compute:
+        enabled: true
+        ...
+        qemu:
+          user: nova
+          group: cinder
+          dynamic_ownership: 1
+
 Group membership for user nova (upgrade related)
 
 .. code-block:: yaml

diff --git a/nova/files/ocata/qemu.conf.Debian b/nova/files/ocata/qemu.conf.Debian
index 5b039c4..6212dda 100644
--- a/nova/files/ocata/qemu.conf.Debian
+++ b/nova/files/ocata/qemu.conf.Debian

@@ -238,6 +238,19 @@
 # Set to 0 to disable file ownership changes.
 #dynamic_ownership = 1
 
+{%- if compute.qemu is defined %}
+{%- if compute.qemu.user is defined %}
+user = "{{ compute.qemu.user }}"
+{%- endif %}
+
+{%- if compute.qemu.group is defined %}
+group = "{{ compute.qemu.group }}"
+{%- endif %}
+
+{%- if compute.qemu.dynamic_ownership is defined %}
+dynamic_ownership = "{{ compute.qemu.dynamic_ownership }}"
+{%- endif %}
+{%- endif %}
 
 # What cgroup controllers to make use of with QEMU guests
 #

diff --git a/tests/pillar/compute_cluster.sls b/tests/pillar/compute_cluster.sls
index 824a569..b6ad010 100644
--- a/tests/pillar/compute_cluster.sls
+++ b/tests/pillar/compute_cluster.sls

@@ -78,3 +78,7 @@
       volume_clear_size: 0
     barbican:
       enabled: true
+    qemu:
+      user: nova
+      group: cinder
+      dynamic_ownership: 1

diff --git a/tests/pillar/compute_single.sls b/tests/pillar/compute_single.sls
index 9357d15..bba29a0 100644
--- a/tests/pillar/compute_single.sls
+++ b/tests/pillar/compute_single.sls

@@ -48,3 +48,7 @@
       members:
       - host: 127.0.0.1
         port: 11211
+    qemu:
+      user: nova
+      group: cinder
+      dynamic_ownership: 1