1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
#!/bin/sh
set -e
set -x
# Make sure we have a nova user and group
if ! getent group nova > /dev/null 2>&1 ; then
addgroup --quiet --system nova --gid 64060
fi
if ! getent passwd nova > /dev/null 2>&1 ; then
adduser --system \
--home /var/lib/nova \
--no-create-home \
--quiet \
--disabled-password \
--shell /bin/sh \
--group nova --uid 64060
fi
# Make sure /var/lib/nova exists
if [ ! -d /var/lib/nova ] ; then
mkdir -p /var/lib/nova
chown nova:nova /var/lib/nova
fi
# Make sure /var/lib/nova/.ssh exists
if [ ! -d /var/lib/nova/.ssh ] ; then
mkdir -p /var/lib/nova/.ssh
chown nova:nova /var/lib/nova/.ssh
chmod 700 /var/lib/nova/.ssh
fi
if [ ! -f /var/lib/nova/.ssh/config ] ; then
# The change of ciphers speeds-up cold migrations.
echo "HashKnownHosts no
Ciphers aes256-gcm@openssh.com,aes256-ctr" >/var/lib/nova/.ssh/config
# We don't need "StrictHostKeyChecking no" anymore,
# since we're now signing SSH host keys with a trusted CA.
# echo "StrictHostKeyChecking no
#HashKnownHosts no" >/var/lib/nova/.ssh/config
chown nova:nova /var/lib/nova/.ssh/config
fi
|
