Bug 732442

Summary: Reserve static uid/gids for OpenStack packages - swift, glance and nova
Product: [Fedora] Fedora Reporter: Mark McLoughlin <markmc>
Component: setupAssignee: Ondrej Vasik <ovasik>
Status: CLOSED RAWHIDE QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: low Docs Contact:
Priority: low    
Version: rawhideCC: ovasik, pknirsch
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-08-23 08:25:14 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Mark McLoughlin 2011-08-22 13:36:29 UTC 
As per:

  http://fedoraproject.org/wiki/Packaging:UsersAndGroups

The openstack-{swift,glance,nova} packages dynamically allocate uids and gids for the users they create

We'd prefer to have these uids and gids statically allocated in the uidgid file so that:

  1) The uids and gids are predictable

  2) We can shut up rpmlint's non-standard-uid warning

See bug #707199 and bug #731966

In summary, please allocate static uids and gids for the swift, glance and nova users
Comment 1 Ondrej Vasik 2011-08-22 13:53:00 UTC 
Thanks for filing the request.
There are not only pros of static allocation... we have only 200 uidgid pairs which could be reserved statically - and more than 100 is already reserved - so static uidgid allocation should be used only if the system user account handles/stores sensitive data or if it is network facing/communicating between virtual machines - so predictable uid/gid makes sense there.

Is that your case? If so, could you please provide homedir and package which will create them for all these 3 users? I'll let you know which pairs will be reserved.
Comment 2 Mark McLoughlin 2011-08-22 14:23:33 UTC 
Thanks Ondrej

All three accounts are used for network facing daemons which store sensitive data

Homedir for each is /var/lib/{swift,glance,nova} and packages are openstack-{swift,glance,nova}
Comment 3 Ondrej Vasik 2011-08-23 08:25:14 UTC 
* Tue Aug 23 2011 Ondrej Vasik <ovasik> 2.8.38-1
- reserve 160:160 for swift (openstack-swift) - #732442
- reserve 161:161 for glance (openstack-glance) - #737442
- reserve 162:162 for nova (openstack-nova) - #737442

Closing RAWHIDE.
Comment 4 Ondrej Vasik 2011-08-23 08:26:04 UTC 
oops, now I see typos in the changelog :) ... anyway, reserved uidgids are correct :)
Comment 5 Mark McLoughlin 2011-08-23 09:32:07 UTC 
Thanks again Ondrej :)