Nova uid/gid sync, default/standards
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| openstack-ansible |
Confirmed
|
Wishlist
|
Unassigned | ||
Bug Description
The Nova role provides an option for configuration of the UID and GID of the Nova system user, but there is no default setting.
If this setting is defined after an initial deployment. Ansible will attempt to change the UID/GID on the running deployment. On a running deployment there are processes owned by the previous UID and the playbook will fail and leave the host in an inconsistent state which in a short time will cause service failures.
I believe it would be best if OSA were to set the UID/GID of system users by default, because changing these values after the fact can be troublesome. However, there should also be a safety mechanism in place to avoid breaking an existing deployment.
As for default UID/GID values, this seems to be a good reference:
https:/
The 2 most important services to standardize would be Nova and Glance because they have well known configuration scenarios in which multiple hosts would access the same shared filesystem.
nova uid=162 gid=162
glance uid=161 gid=161
| Jean-Philippe Evrard (jean-philippe-evrard) wrote | #1 |
| Jean-Philippe Evrard (jean-philippe-evrard) wrote | #2 |
| Changed in openstack-ansible: | |
| status: | New → Confirmed |
| importance: | Undecided → Wishlist |
I am fine with introducing consistency.
To avoid issues, I think it would be best to have it as an optional future default if the user doesn't exist yet.
We should probably use those IBM uid/gid for suse, use the redhat ones for centos (they might be the same), and for ubuntu use the following ones from the discussion here:
https:/