Fix permissions for the Nova lock directory in systemd
The directory set as `lock_path` in `nova.conf` must be created with the nova system user as its owner, otherwise the VIF plugin would fail to acquire a lock when launching an instance. Here we set up systemd to create this directory with correct owner and permissions, besides moving its path to a `nova_lock_path` variable. Apparently, the `/var/lock/{{ item.value.service_name }}` directory, which is also created by `nova-systemd-tempfiles.j2`, is not needed at all. But as this patch is intended to be backported to a stable release, we keep it by now to avoid any unforeseen issues. Change-Id: I9886778eddc23f0f71dfdfc87f4f715054946b3d Closes-Bug: #1636604
This commit is contained in:
@@ -54,6 +54,8 @@ nova_system_comment: nova system user
|
||||
nova_system_home_folder: "/var/lib/{{ nova_system_user_name }}"
|
||||
nova_libvirt_save_path: "{{ nova_system_home_folder }}/save"
|
||||
|
||||
nova_lock_path: "/var/lock/nova"
|
||||
|
||||
## Manually specified nova UID/GID
|
||||
# Deployers can specify a UID for the nova user as well as the GID for the
|
||||
# nova group if needed. This is commonly used in environments where shared
|
||||
|
@@ -69,7 +69,7 @@
|
||||
- { path: "{{ nova_system_home_folder }}/cache/api" }
|
||||
- { path: "{{ nova_system_home_folder }}/instances" }
|
||||
- { path: "{{ nova_libvirt_save_path }}", mode: "0750" }
|
||||
- { path: "/var/lock/nova" }
|
||||
- { path: "{{ nova_lock_path }}" }
|
||||
- { path: "/var/run/nova" }
|
||||
tags:
|
||||
- nova-dirs
|
||||
|
@@ -2,3 +2,4 @@
|
||||
|
||||
D /var/lock/{{ item.value.service_name }} 2755 {{ nova_system_user_name }} {{ nova_system_group_name }}
|
||||
D /var/run/{{ item.value.service_name }} 2755 {{ nova_system_user_name }} {{ nova_system_group_name }}
|
||||
D {{ nova_lock_path }} 2755 {{ nova_system_user_name }} {{ nova_system_group_name }}
|
||||
|
@@ -242,7 +242,7 @@ pool_timeout = {{ nova_api_db_pool_timeout }}
|
||||
|
||||
|
||||
[oslo_concurrency]
|
||||
lock_path = /var/lock/nova
|
||||
lock_path = {{ nova_lock_path }}
|
||||
|
||||
|
||||
[oslo_messaging_rabbit]
|
||||
|
Reference in New Issue
Block a user