diff --git a/api-ref/source/api-ref-sysinv-v1-config.rst b/api-ref/source/api-ref-sysinv-v1-config.rst
index a88e6260d1..f0d66c2b56 100644
--- a/api-ref/source/api-ref-sysinv-v1-config.rst
+++ b/api-ref/source/api-ref-sysinv-v1-config.rst
@@ -10565,7 +10565,7 @@ badMediaType (415)
:header: "Parameter", "Style", "Type", "Description"
:widths: 20, 20, 20, 60
- "Content-Type multipart/form-data", "plain", "xsd:string", "The content of a file. e.g. if using curl, this would be specified as: curl -F name=@full_path_of_filename
file=@/home/wrsroot/server-with-key.pem
"
+ "Content-Type multipart/form-data", "plain", "xsd:string", "The content of a file. e.g. if using curl, this would be specified as: curl -F name=@full_path_of_filename file=@/home/sysadmin/server-with-key.pem
"
"passphrase (Optional)", "plain", "xsd:string", "The passphrase for the PEM file."
"mode (Optional)", "plain", "xsd:string", "This parameter specifies the type of System certificate. Possible values are: ssl, tpm_mode, docker_registry, openstack, openstack_ca. Default: ssl"
diff --git a/controllerconfig/controllerconfig/controllerconfig/common/constants.py b/controllerconfig/controllerconfig/controllerconfig/common/constants.py
index 0fc35f879d..97486b7d7e 100644
--- a/controllerconfig/controllerconfig/controllerconfig/common/constants.py
+++ b/controllerconfig/controllerconfig/controllerconfig/common/constants.py
@@ -61,7 +61,7 @@ SERVICE_ENABLE_TIMEOUT = 180
MINIMUM_ROOT_DISK_SIZE = 500
MAXIMUM_CGCS_LV_SIZE = 500
LDAP_CONTROLLER_CONFIGURE_TIMEOUT = 30
-WRSROOT_MAX_PASSWORD_AGE = 45 # 45 days
+SYSADMIN_MAX_PASSWORD_AGE = 45 # 45 days
LAG_MODE_ACTIVE_BACKUP = "active-backup"
LAG_MODE_BALANCE_XOR = "balance-xor"
diff --git a/controllerconfig/controllerconfig/controllerconfig/common/validator.py b/controllerconfig/controllerconfig/controllerconfig/common/validator.py
index 8df44ad131..fb0d1da019 100644
--- a/controllerconfig/controllerconfig/controllerconfig/common/validator.py
+++ b/controllerconfig/controllerconfig/controllerconfig/common/validator.py
@@ -38,7 +38,7 @@ MIN_DATABASE_STORAGE = 20
MIN_IMAGE_STORAGE = 10
MIN_IMAGE_CONVERSIONS_VOLUME = 20
-WRSROOT_PASSWD_NO_AGING = 99999
+SYSADMIN_PASSWD_NO_AGING = 99999
# System mode
SYSTEM_MODE_DUPLEX = "duplex"
diff --git a/controllerconfig/controllerconfig/controllerconfig/configassistant.py b/controllerconfig/controllerconfig/controllerconfig/configassistant.py
index 3625de7f27..e703584cd4 100644
--- a/controllerconfig/controllerconfig/controllerconfig/configassistant.py
+++ b/controllerconfig/controllerconfig/controllerconfig/configassistant.py
@@ -621,14 +621,14 @@ class ConfigAssistant():
self.next_lag_index += 1
return name
- def get_wrsroot_sig(self):
- """ Get signature for wrsroot user. """
+ def get_sysadmin_sig(self):
+ """ Get signature for sysadmin user. """
# NOTE (knasim): only compute the signature for the entries we're
# tracking and propagating {password, aging}. This is prevent
# config-outdated alarms for shadow fields that get modified
# and we don't track and propagate
- re_line = re.compile(r'(wrsroot:.*?)\s')
+ re_line = re.compile(r'(sysadmin:.*?)\s')
with open('/etc/shadow') as shadow_file:
for line in shadow_file:
match = re_line.search(line)
@@ -636,7 +636,7 @@ class ConfigAssistant():
# Isolate password(2nd field) and aging(5th field)
entry = match.group(1).split(':')
entrystr = entry[1] + ":" + entry[4]
- self.wrsroot_sig = hashlib.md5(entrystr).hexdigest()
+ self.sysadmin_sig = hashlib.md5(entrystr).hexdigest()
self.passwd_hash = entry[1]
def input_system_mode_config(self):
@@ -2904,8 +2904,8 @@ class ConfigAssistant():
self.add_password_for_validation('ADMIN_PASSWORD',
self.admin_password)
- if config.has_option('cUSERS', 'WRSROOT_SIG'):
- raise ConfigFail("The option WRSROOT_SIG is "
+ if config.has_option('cUSERS', 'SYSADMIN_SIG'):
+ raise ConfigFail("The option SYSADMIN_SIG is "
"no longer supported.")
# Licensing configuration
@@ -2914,8 +2914,8 @@ class ConfigAssistant():
"no longer supported")
# Security configuration
- if config.has_option('cSECURITY', 'CONFIG_WRSROOT_PW_AGE'):
- raise ConfigFail("The option CONFIG_WRSROOT_PW_AGE is "
+ if config.has_option('cSECURITY', 'CONFIG_SYSADMIN_PW_AGE'):
+ raise ConfigFail("The option CONFIG_SYSADMIN_PW_AGE is "
"no longer supported.")
if config.has_option('cSECURITY', 'ENABLE_HTTPS'):
raise ConfigFail("The option ENABLE_HTTPS is "
diff --git a/controllerconfig/controllerconfig/controllerconfig/regionconfig.py b/controllerconfig/controllerconfig/controllerconfig/regionconfig.py
index d4799eba35..eee9b66f54 100755
--- a/controllerconfig/controllerconfig/controllerconfig/regionconfig.py
+++ b/controllerconfig/controllerconfig/controllerconfig/regionconfig.py
@@ -566,9 +566,9 @@ def show_help_subcloud():
def config_main(config_type=REGION_CONFIG):
allow_ssh = False
if config_type == REGION_CONFIG:
- config_file = "/home/wrsroot/region_config"
+ config_file = "/home/sysadmin/region_config"
elif config_type == SUBCLOUD_CONFIG:
- config_file = "/home/wrsroot/subcloud_config"
+ config_file = "/home/sysadmin/subcloud_config"
else:
raise ConfigFail("Invalid config_type: %s" % config_type)
diff --git a/controllerconfig/controllerconfig/controllerconfig/systemconfig.py b/controllerconfig/controllerconfig/controllerconfig/systemconfig.py
index 3f060c1cc8..801b02d66e 100644
--- a/controllerconfig/controllerconfig/controllerconfig/systemconfig.py
+++ b/controllerconfig/controllerconfig/controllerconfig/systemconfig.py
@@ -300,7 +300,7 @@ def main():
do_clone = False
do_non_interactive = False
do_provision = False
- system_config_file = "/home/wrsroot/system_config"
+ system_config_file = "/home/sysadmin/system_config"
allow_ssh = False
# Disable completion as the default completer shows python commands
diff --git a/controllerconfig/controllerconfig/controllerconfig/tests/test_region_config.py b/controllerconfig/controllerconfig/controllerconfig/tests/test_region_config.py
index caa8915296..6faf2f121b 100644
--- a/controllerconfig/controllerconfig/controllerconfig/tests/test_region_config.py
+++ b/controllerconfig/controllerconfig/controllerconfig/tests/test_region_config.py
@@ -451,12 +451,12 @@ def _replace_in_file(filename, old, new):
fileinput.close()
-@patch('controllerconfig.configassistant.ConfigAssistant.get_wrsroot_sig')
+@patch('controllerconfig.configassistant.ConfigAssistant.get_sysadmin_sig')
def _test_region_config(tmpdir, inputfile, resultfile,
- mock_get_wrsroot_sig):
+ mock_get_sysadmin_sig):
""" Test import and generation of answerfile """
- mock_get_wrsroot_sig.return_value = None
+ mock_get_sysadmin_sig.return_value = None
# Create the path to the output file
outputfile = os.path.join(str(tmpdir), 'output')
diff --git a/puppet-manifests/src/hieradata/controller.yaml b/puppet-manifests/src/hieradata/controller.yaml
index 4fda9b18ed..4f25bb26b0 100644
--- a/puppet-manifests/src/hieradata/controller.yaml
+++ b/puppet-manifests/src/hieradata/controller.yaml
@@ -109,7 +109,7 @@ platform::haproxy::params::global_options:
log:
- '127.0.0.1:514 local1 info'
user: 'haproxy'
- group: 'wrs_protected'
+ group: 'sys_protected'
chroot: '/var/lib/haproxy'
pidfile: '/var/run/haproxy.pid'
maxconn: '4000'
diff --git a/puppet-manifests/src/hieradata/global.yaml b/puppet-manifests/src/hieradata/global.yaml
index 5572bfa500..d04bcc18f1 100644
--- a/puppet-manifests/src/hieradata/global.yaml
+++ b/puppet-manifests/src/hieradata/global.yaml
@@ -9,7 +9,7 @@ platform::params::controller_1_hostname: controller-1
platform::params::pxeboot_hostname: pxecontroller
platform::params::security_feature: nopti nospectre_v2
platform::amqp::auth_user: guest
-platform::users::params::wrsroot_password_max_age: 45
+platform::users::params::sysadmin_password_max_age: 45
# mtce
platform::mtce::params::sm_server_port: 2124
diff --git a/puppet-manifests/src/modules/openstack/manifests/horizon.pp b/puppet-manifests/src/modules/openstack/manifests/horizon.pp
index 91b9ed0561..f5c1a1637e 100755
--- a/puppet-manifests/src/modules/openstack/manifests/horizon.pp
+++ b/puppet-manifests/src/modules/openstack/manifests/horizon.pp
@@ -47,7 +47,7 @@ class openstack::horizon
user { 'www':
ensure => 'present',
shell => '/sbin/nologin',
- groups => ['wrs_protected'],
+ groups => ['sys_protected'],
}
file { '/www/tmp':
diff --git a/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb b/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb
index 67ff348eda..14a0f4f399 100755
--- a/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb
+++ b/puppet-manifests/src/modules/openstack/templates/lighttpd.conf.erb
@@ -202,7 +202,7 @@ server.chroot = "/www"
server.username = "www"
## change uid to (default: don't care)
-server.groupname = "wrs_protected"
+server.groupname = "sys_protected"
## defaults to /var/tmp
server.upload-dirs = ( "/tmp" )
diff --git a/puppet-manifests/src/modules/platform/manifests/helm.pp b/puppet-manifests/src/modules/platform/manifests/helm.pp
index c42adf7f60..bf55dde0f9 100644
--- a/puppet-manifests/src/modules/platform/manifests/helm.pp
+++ b/puppet-manifests/src/modules/platform/manifests/helm.pp
@@ -30,19 +30,19 @@ define platform::helm::repository (
}
$before_relationship = Exec['Stop lighttpd']
- $require_relationship = [ User['wrsroot'], Exec["Generate index: ${repo_path}"] ]
+ $require_relationship = [ User['sysadmin'], Exec["Generate index: ${repo_path}"] ]
} else {
$before_relationship = undef
- $require_relationship = User['wrsroot']
+ $require_relationship = User['sysadmin']
}
exec { "Adding StarlingX helm repo: ${name}":
before => $before_relationship,
- environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' , 'HOME=/home/wrsroot'],
+ environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf' , 'HOME=/home/sysadmin'],
command => "helm repo add ${name} http://127.0.0.1:${repo_port}/helm_charts/${name}",
logoutput => true,
- user => 'wrsroot',
- group => 'wrs',
+ user => 'sysadmin',
+ group => 'sys_protected',
require => $require_relationship
}
}
@@ -62,12 +62,12 @@ class platform::helm::repositories
}
-> exec { 'Updating info of available charts locally from chart repo':
- environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/wrsroot' ],
+ environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/sysadmin' ],
command => 'helm repo update',
logoutput => true,
- user => 'wrsroot',
- group => 'wrs',
- require => User['wrsroot']
+ user => 'sysadmin',
+ group => 'sys_protected',
+ require => User['sysadmin']
}
}
@@ -132,12 +132,12 @@ class platform::helm
}
-> exec { 'initialize helm':
- environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/wrsroot' ],
+ environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/sysadmin' ],
command => "helm init --skip-refresh --service-account tiller --node-selectors \"node-role.kubernetes.io/master\"=\"\" --tiller-image=${gcr_registry}/kubernetes-helm/tiller:v2.13.1 --override spec.template.spec.hostNetwork=true", # lint:ignore:140chars
logoutput => true,
- user => 'wrsroot',
- group => 'wrs',
- require => User['wrsroot']
+ user => 'sysadmin',
+ group => 'sys_protected',
+ require => User['sysadmin']
}
exec { "bind mount ${target_helm_repos_base_dir}":
@@ -150,12 +150,12 @@ class platform::helm
Class['::platform::kubernetes::master']
-> exec { 'initialize helm':
- environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/wrsroot' ],
+ environment => [ 'KUBECONFIG=/etc/kubernetes/admin.conf', 'HOME=/home/sysadmin' ],
command => 'helm init --skip-refresh --client-only',
logoutput => true,
- user => 'wrsroot',
- group => 'wrs',
- require => User['wrsroot']
+ user => 'sysadmin',
+ group => 'sys_protected',
+ require => User['sysadmin']
}
}
diff --git a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
index 76663a521b..471ec8c69a 100644
--- a/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
+++ b/puppet-manifests/src/modules/platform/manifests/kubernetes.pp
@@ -227,7 +227,7 @@ class platform::kubernetes::master::init
}
# Update ownership/permissions for file created by "kubeadm init".
- # We want it readable by sysinv and wrsroot.
+ # We want it readable by sysinv and sysadmin.
-> file { '/etc/kubernetes/admin.conf':
ensure => file,
owner => 'root',
@@ -382,7 +382,7 @@ class platform::kubernetes::master::init
}
# Update ownership/permissions for file created by "kubeadm init".
- # We want it readable by sysinv and wrsroot.
+ # We want it readable by sysinv and sysadmin.
-> file { '/etc/kubernetes/admin.conf':
ensure => file,
owner => 'root',
diff --git a/puppet-manifests/src/modules/platform/manifests/ldap.pp b/puppet-manifests/src/modules/platform/manifests/ldap.pp
index 86944d78aa..b3d6ee7146 100644
--- a/puppet-manifests/src/modules/platform/manifests/ldap.pp
+++ b/puppet-manifests/src/modules/platform/manifests/ldap.pp
@@ -137,10 +137,10 @@ class platform::ldap::bootstrap
-> exec { 'create ldap protected group':
command => "ldapaddgroup ${::platform::params::protected_group_name} ${::platform::params::protected_group_id}"
}
- -> exec { 'add admin to wrs protected group' :
+ -> exec { 'add admin to sys_protected protected group' :
command => "ldapaddusertogroup admin ${::platform::params::protected_group_name}",
}
- -> exec { 'add operator to wrs protected group' :
+ -> exec { 'add operator to sys_protected protected group' :
command => "ldapaddusertogroup operator ${::platform::params::protected_group_name}",
}
diff --git a/puppet-manifests/src/modules/platform/manifests/params.pp b/puppet-manifests/src/modules/platform/manifests/params.pp
index 71c953aef6..9ef50eb273 100644
--- a/puppet-manifests/src/modules/platform/manifests/params.pp
+++ b/puppet-manifests/src/modules/platform/manifests/params.pp
@@ -30,7 +30,9 @@ class platform::params (
$nfs_mount_options = "timeo=30,proto=${nfs_proto},vers=3,rsize=${nfs_rw_size},wsize=${nfs_rw_size}"
- $protected_group_name = 'wrs_protected'
+ $sysadmin_user_name = 'sysadmin'
+ $sysadmin_user_dir = '/home/sysadmin'
+ $protected_group_name = 'sys_protected'
$protected_group_id = '345'
# PUPPET 4 treats custom facts as strings. We convert to int by adding zero.
diff --git a/puppet-manifests/src/modules/platform/manifests/sysinv.pp b/puppet-manifests/src/modules/platform/manifests/sysinv.pp
index af67e2ee98..c2c1178add 100644
--- a/puppet-manifests/src/modules/platform/manifests/sysinv.pp
+++ b/puppet-manifests/src/modules/platform/manifests/sysinv.pp
@@ -28,7 +28,7 @@ class platform::sysinv
ensure => 'present',
comment => 'sysinv Daemons',
gid => '168',
- groups => ['nobody', 'sysinv', 'wrs_protected'],
+ groups => ['nobody', 'sysinv', 'sys_protected'],
home => '/var/lib/sysinv',
password => '!!',
password_max_age => '-1',
diff --git a/puppet-manifests/src/modules/platform/manifests/users.pp b/puppet-manifests/src/modules/platform/manifests/users.pp
index 9a9e5245b1..84396ce5fd 100644
--- a/puppet-manifests/src/modules/platform/manifests/users.pp
+++ b/puppet-manifests/src/modules/platform/manifests/users.pp
@@ -1,6 +1,6 @@
class platform::users::params (
- $wrsroot_password = undef,
- $wrsroot_password_max_age = undef,
+ $sysadmin_password = undef,
+ $sysadmin_password_max_age = undef,
) {}
@@ -9,27 +9,23 @@ class platform::users
include ::platform::params
- group { 'wrs':
+ # Create a 'sys_protected' group for sysadmin and all openstack services
+ # (including StarlingX services: sysinv, etc.).
+ group { $::platform::params::protected_group_name:
ensure => 'present',
+ gid => $::platform::params::protected_group_id,
}
- # WRS: Create a 'wrs_protected' group for wrsroot and all openstack services
- # (including TiS services: sysinv, etc.).
- -> group { $::platform::params::protected_group_name:
- ensure => 'present',
- gid => $::platform::params::protected_group_id,
- }
-
- -> user { 'wrsroot':
+ -> user { 'sysadmin':
ensure => 'present',
- groups => ['wrs', 'root', $::platform::params::protected_group_name],
- home => '/home/wrsroot',
- password => $wrsroot_password,
- password_max_age => $wrsroot_password_max_age,
+ groups => ['root', $::platform::params::protected_group_name],
+ home => '/home/sysadmin',
+ password => $sysadmin_password,
+ password_max_age => $sysadmin_password_max_age,
shell => '/bin/sh',
}
- # WRS: Keyring should only be executable by 'wrs_protected'.
+ # Keyring should only be executable by 'sys_protected'.
-> file { '/usr/bin/keyring':
owner => 'root',
group => $::platform::params::protected_group_name,
@@ -43,20 +39,16 @@ class platform::users::bootstrap
include ::platform::params
- group { 'wrs':
- ensure => 'present',
- }
-
- -> group { $::platform::params::protected_group_name:
+ group { $::platform::params::protected_group_name:
ensure => 'present',
gid => $::platform::params::protected_group_id,
}
- -> user { 'wrsroot':
+ -> user { 'sysadmin':
ensure => 'present',
- groups => ['wrs', 'root', $::platform::params::protected_group_name],
- home => '/home/wrsroot',
- password_max_age => $wrsroot_password_max_age,
+ groups => ['root', $::platform::params::protected_group_name],
+ home => '/home/sysadmin',
+ password_max_age => $sysadmin_password_max_age,
shell => '/bin/sh',
}
}
diff --git a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/user.py b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/user.py
index 4fe5e2d9dc..69f085c1ee 100644
--- a/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/user.py
+++ b/sysinv/sysinv/sysinv/sysinv/api/controllers/v1/user.py
@@ -37,7 +37,7 @@ from wsme import types as wtypes
LOG = log.getLogger(__name__)
-IUSERS_ROOT_USERNAME = 'wrsroot'
+IUSERS_ROOT_USERNAME = 'sysadmin'
class UserPatchType(types.JsonPatchType):
@@ -300,11 +300,11 @@ class UserController(rest.RestController):
return User.convert_with_links(rpc_user)
except exception.HTTPNotFound:
- msg = _("User wrsroot update failed: system %s user %s : patch %s"
+ msg = _("User sysadmin update failed: system %s user %s : patch %s"
% (isystem['systemname'], user, patch))
raise wsme.exc.ClientSideError(msg)
except exception.KeyError:
- msg = _("Cannot retrieve shadow entry for wrsroot: system %s : patch %s"
+ msg = _("Cannot retrieve shadow entry for sysadmin: system %s : patch %s"
% (isystem['systemname'], patch))
raise wsme.exc.ClientSideError(msg)
diff --git a/sysinv/sysinv/sysinv/sysinv/common/constants.py b/sysinv/sysinv/sysinv/sysinv/common/constants.py
index 5d9abd3ae4..e766a0653b 100644
--- a/sysinv/sysinv/sysinv/sysinv/common/constants.py
+++ b/sysinv/sysinv/sysinv/sysinv/common/constants.py
@@ -1185,10 +1185,10 @@ LLDP_FULL_AUDIT_COUNT = 6
FM_SUPPRESSED = 'suppressed'
FM_UNSUPPRESSED = 'unsuppressed'
-# wrsroot password aging.
+# sysadmin password aging.
# Setting aging to max defined value qualifies
# as "never" on certain Linux distros including WRL
-WRSROOT_PASSWORD_NO_AGING = 99999
+SYSADMIN_PASSWORD_NO_AGING = 99999
# SDN Controller
SDN_CONTROLLER_STATE_ENABLED = 'enabled'
@@ -1298,7 +1298,7 @@ NETWORK_CONFIG_LOCK_FILE = os.path.join(
SYSINV_USERNAME = "sysinv"
SYSINV_GRPNAME = "sysinv"
-SYSINV_WRS_GRPNAME = "wrs_protected"
+SYSINV_SYSADMIN_GRPNAME = "sys_protected"
# This is the first report sysinv is sending to conductor since boot
SYSINV_AGENT_FIRST_REPORT = 'first_report'
diff --git a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
index 3ca28cd47d..ff63b6d336 100644
--- a/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
+++ b/sysinv/sysinv/sysinv/sysinv/conductor/kube_app.py
@@ -272,9 +272,9 @@ class AppOperator(object):
if not os.path.isdir(app.path):
create_app_path(app.path)
- # Temporarily change /scratch group ownership to wrs_protected
+ # Temporarily change /scratch group ownership to sys_protected
os.chown(constants.APP_INSTALL_ROOT_PATH, orig_uid,
- grp.getgrnam(constants.SYSINV_WRS_GRPNAME).gr_gid)
+ grp.getgrnam(constants.SYSINV_SYSADMIN_GRPNAME).gr_gid)
# Extract the tarfile as sysinv user
if not cutils.extract_tarfile(app.path, app.tarfile, demote_user=True):
@@ -613,9 +613,9 @@ class AppOperator(object):
orig_uid, orig_gid = get_app_install_root_path_ownership()
helm_repo = self._get_helm_repo_from_metadata(app)
try:
- # Temporarily change /scratch group ownership to wrs_protected
+ # Temporarily change /scratch group ownership to sys_protected
os.chown(constants.APP_INSTALL_ROOT_PATH, orig_uid,
- grp.getgrnam(constants.SYSINV_WRS_GRPNAME).gr_gid)
+ grp.getgrnam(constants.SYSINV_SYSADMIN_GRPNAME).gr_gid)
with open(os.devnull, "w") as fnull:
for chart in charts:
subprocess.check_call(['helm-upload', helm_repo, chart],
@@ -1914,14 +1914,14 @@ class DockerHelper(object):
if not os.path.exists(ARMADA_HOST_LOG_LOCATION):
os.mkdir(ARMADA_HOST_LOG_LOCATION)
os.chmod(ARMADA_HOST_LOG_LOCATION, 0o755)
- os.chown(ARMADA_HOST_LOG_LOCATION, 1000, grp.getgrnam("wrs").gr_gid)
+ os.chown(ARMADA_HOST_LOG_LOCATION, 1000, grp.getgrnam("sys_protected").gr_gid)
# First make kubernetes config accessible to Armada. This
# is a work around the permission issue in Armada container.
kube_config = os.path.join(constants.APP_SYNCED_DATA_PATH,
'admin.conf')
shutil.copy('/etc/kubernetes/admin.conf', kube_config)
- os.chown(kube_config, 1000, grp.getgrnam("wrs").gr_gid)
+ os.chown(kube_config, 1000, grp.getgrnam("sys_protected").gr_gid)
overrides_dir = common.HELM_OVERRIDES_PATH
manifests_dir = constants.APP_SYNCED_DATA_PATH
diff --git a/sysinv/sysinv/sysinv/sysinv/helm/utils.py b/sysinv/sysinv/sysinv/sysinv/helm/utils.py
index 0c40012c23..ee8e3f2d40 100644
--- a/sysinv/sysinv/sysinv/sysinv/helm/utils.py
+++ b/sysinv/sysinv/sysinv/sysinv/helm/utils.py
@@ -1,4 +1,4 @@
-# vim: tabstop=4 shiftwidth=4 softtabstop=4
+# sim: tabstop=4 shiftwidth=4 softtabstop=4
#
# Copyright (c) 2019 Wind River Systems, Inc.
#
@@ -32,12 +32,12 @@ def refresh_helm_repo_information():
"""
with open(os.devnull, "w") as fnull:
try:
- subprocess.check_call(['sudo', '-u', 'wrsroot',
+ subprocess.check_call(['sudo', '-u', 'sysadmin',
'helm', 'repo', 'update'],
stdout=fnull, stderr=fnull)
except subprocess.CalledProcessError:
# Just log an error. Don't stop any callers from further execution.
- LOG.error("Failed to update helm repo data for user wrsroot.")
+ LOG.error("Failed to update helm repo data for user sysadmin.")
def retrieve_helm_releases():
diff --git a/sysinv/sysinv/sysinv/sysinv/puppet/platform.py b/sysinv/sysinv/sysinv/sysinv/puppet/platform.py
index a1399bbfef..bd5ea485d9 100644
--- a/sysinv/sysinv/sysinv/sysinv/puppet/platform.py
+++ b/sysinv/sysinv/sysinv/sysinv/puppet/platform.py
@@ -235,9 +235,9 @@ class PlatformPuppet(base.BasePuppet):
def _get_user_config(self):
user = self.dbapi.iuser_get_one()
return {
- 'platform::users::params::wrsroot_password':
+ 'platform::users::params::sysadmin_password':
user.passwd_hash,
- 'platform::users::params::wrsroot_password_max_age':
+ 'platform::users::params::sysadmin_password_max_age':
user.passwd_expiry_days,
}