Merge lp:~jtv/maas/pkg-import-as-maas into lp:~maas-maintainers/maas/packaging
Status: | Merged |
---|---|
Approved by: | Jeroen T. Vermeulen |
Approved revision: | no longer in the source branch. |
Merged at revision: | 273 |
Proposed branch: | lp:~jtv/maas/pkg-import-as-maas |
Merge into: | lp:~maas-maintainers/maas/packaging |
Diff against target: |
23 lines (+5/-1) 2 files modified
debian/changelog (+4/-0) debian/extras/99-maas-sudoers (+1/-1) |
To merge this branch: | bzr merge lp:~jtv/maas/pkg-import-as-maas |
Related bugs: |
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Raphaël Badin (community) | Approve | ||
Review via email: mp+216983@code.launchpad.net |
Commit message
Packaging changes: import boot resources from celery worker, as the maas user, instead of by running the script through sudo.
Description of the change
This does require two extra password-less sudo privileges for the maas user: to run tgt-admin (which manages iSCSI targets), and to run uec2roottar (which loop-mounts image files in order to extract their contents). As far as the codebase is concerned the maas user will no longer need sudo privileges to run the import script, but taking away privileges can be painful for users who may rely on them; so I kept that privilege.
Ownership of the files in /var/lib/
A new directory /var/lib/maas/gnupg is used for GPG state, owned by the maas user. I tried setting a full home directory for the maas user, but that didn't work: if the user already existed from a previous installation, and still had a process running, usermod refused to do the job. I figure it's hard to ensure that there won't be a maas process running (e.g. it might be a region controller on the same machine) but also, we don't really need a home directory for maas. All we really need is a place for GPG state to go.
I'm not sure I created this directory in the right way. Maybe /var/lib/maas/gnupg should simply be listed somewhere as a directory to be created on installation. Maybe it should be in maas-cluster-
Jeroen
[0]
18 + # Set up a "GPG home directory" for the maas user. This is where
19 + # GnuPG can store its state when verifying import boot resources.
20 + # We can't set a permanent home directory for the maas user, because
21 + # the user may already have been created by an older version of maas;
22 + # usermod won't set a home directory for a user that has processes
23 + # running, as may be the case for maas.
24 + mkdir -p /var/lib/maas/gnupg
25 + chown $user:$user /var/lib/maas/gnupg
We want to keep the post-inst scripts as minimal as possible… coulnd't this be part of the MAAS source code?
[1]
> Maybe it should be in maas-cluster- controller instead of maas-common.
If we need to keep this in the packaging, I think it should be in maas-cluster- controller indeed. AFAIK this is really something that belongs to the clusters.
[2]
You need a changelog entry for this.