Fix user for manage commands
All utilities can create files which are used by nova services
which are running under nova user. That's why they should be also
run under nova. Nova user and groups are created by packages.
Change-Id: I615e9e057d9e3fef7c28da74395a334b9b50fb8d
Related-Prod: https://mirantis.jira.com/browse/PROD-26018
diff --git a/nova/controller.sls b/nova/controller.sls
index e6dbac5..68a9bb4 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls
@@ -423,6 +423,7 @@
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
+ - runas: 'nova'
- require:
- sls: nova.db.offline_sync
diff --git a/nova/db/offline_sync.sls b/nova/db/offline_sync.sls
index 724ce2d..07da02a 100644
--- a/nova/db/offline_sync.sls
+++ b/nova/db/offline_sync.sls
@@ -7,6 +7,7 @@
{%- if grains.get('noservices') or controller.get('role', 'primary') == 'secondary' %}
- onlyif: /bin/false
{%- endif %}
+ - runas: 'nova'
- require_in:
- nova_controller_syncdb
@@ -20,6 +21,7 @@
{%- if grains.get('noservices') %}
- onlyif: /bin/false
{%- endif %}
+ - runas: 'nova'
- require:
- nova_controller_sync_apidb
@@ -30,6 +32,7 @@
- onlyif: /bin/false
{%- endif %}
- unless: 'nova-manage cell_v2 list_cells | grep cell1'
+ - runas: 'nova'
- require:
- nova_controller_map_cell0
- require_in:
@@ -43,3 +46,4 @@
{%- if grains.get('noservices') or controller.get('role', 'primary') == 'secondary' %}
- onlyif: /bin/false
{%- endif %}
+ - runas: 'nova'
diff --git a/nova/db/online_sync.sls b/nova/db/online_sync.sls
index 7c13c52..828b35c 100644
--- a/nova/db/online_sync.sls
+++ b/nova/db/online_sync.sls
@@ -9,3 +9,4 @@
cmd.run:
- name: nova-manage db online_data_migrations
- onlyif: {{ should_run }}
+ - runas: 'nova'