apache/cloudstack
1
0
Fork 0
mirror of https://github.com/apache/cloudstack.git synced 2025-10-26 08:42:29 +01:00
Code Issues Packages Projects Releases Wiki Activity

Use same sudoers config for all distros Cleanup buggy code for sudoers file editing

Browse Source 
Signed-off-by: Daan Hoogland <daan@onecht.net>

This closes #332
This commit is contained in:
Rafael da Fonseca 2015-05-29 22:10:39 +02:00 committed by Daan Hoogland
parent c45c9bfeef
commit 870e1898eb
8 changed files with 13 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
debian/rules vendored
View File

@ -71,8 +71,8 @@ override_dh_auto_install:
# nast hack for a couple of configuration files # nast hack for a couple of configuration files
mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-limits.conf $(DESTDIR)/$(SYSCONFDIR)/security/limits.d/ mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-limits.conf $(DESTDIR)/$(SYSCONFDIR)/security/limits.d/
mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-sudoers $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-sudoers $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/$(PACKAGE)
chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/$(PACKAGE)
ln -s tomcat6-nonssl.conf $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/tomcat6.conf ln -s tomcat6-nonssl.conf $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/tomcat6.conf
ln -s server-nonssl.xml $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/server.xml ln -s server-nonssl.xml $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/server.xml

3
packaging/centos63/cloud.spec
View File

@ -225,6 +225,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/management
mkdir -p ${RPM_BUILD_ROOT}%{_initrddir} mkdir -p ${RPM_BUILD_ROOT}%{_initrddir}
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d
# Common # Common
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts
@ -297,6 +298,7 @@ install -D client/target/pythonlibs/jasypt-1.9.2.jar ${RPM_BUILD_ROOT}%{_datadir
install -D packaging/centos63/cloud-ipallocator.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-ipallocator install -D packaging/centos63/cloud-ipallocator.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-ipallocator
install -D packaging/centos63/cloud-management.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-management install -D packaging/centos63/cloud-management.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-management
install -D packaging/centos63/cloud-management.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}-management install -D packaging/centos63/cloud-management.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}-management
install -D server/target/conf/cloudstack-sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
install -D packaging/centos63/tomcat.sh ${RPM_BUILD_ROOT}%{_initrddir}/tomcat.sh install -D packaging/centos63/tomcat.sh ${RPM_BUILD_ROOT}%{_initrddir}/tomcat.sh
chmod 770 ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/Catalina chmod 770 ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/Catalina
@ -532,6 +534,7 @@ fi
%dir %attr(0770,root,cloud) %{_localstatedir}/cache/%{name}/management/temp %dir %attr(0770,root,cloud) %{_localstatedir}/cache/%{name}/management/temp
%dir %attr(0770,root,cloud) %{_localstatedir}/log/%{name}/management %dir %attr(0770,root,cloud) %{_localstatedir}/log/%{name}/management
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-management %config(noreplace) %{_sysconfdir}/sysconfig/%{name}-management
%config(noreplace) %{_sysconfdir}/sudoers.d/%{name}-management
%config(noreplace) %attr(0640,root,cloud) %{_sysconfdir}/%{name}/management/db.properties %config(noreplace) %attr(0640,root,cloud) %{_sysconfdir}/%{name}/management/db.properties
%config(noreplace) %{_sysconfdir}/%{name}/management/log4j-cloud.xml %config(noreplace) %{_sysconfdir}/%{name}/management/log4j-cloud.xml
%config(noreplace) %{_sysconfdir}/%{name}/management/tomcat6-nonssl.conf %config(noreplace) %{_sysconfdir}/%{name}/management/tomcat6-nonssl.conf

22
packaging/centos7/cloud-management.sudoers
View File

@ -1,22 +0,0 @@
# Licensed to the Apache Software Foundation (ASF) under one
# or more contributor license agreements. See the NOTICE file
# distributed with this work for additional information
# regarding copyright ownership. The ASF licenses this file
# to you under the Apache License, Version 2.0 (the
# "License"); you may not use this file except in compliance
# with the License. You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing,
# software distributed under the License is distributed on an
# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
# KIND, either express or implied. See the License for the
# specific language governing permissions and limitations
# under the License.
Cmnd_Alias CLOUDSTACK = /bin/mkdir, /bin/mount, /bin/umount, /bin/cp, /bin/chmod, /usr/bin/keytool, /bin/keytool
Defaults:cloud !requiretty
cloud ALL=(root) NOPASSWD:CLOUDSTACK

3
packaging/centos7/cloud.spec
View File

@ -199,6 +199,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/management
mkdir -p ${RPM_BUILD_ROOT}%{_initrddir} mkdir -p ${RPM_BUILD_ROOT}%{_initrddir}
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d
# Common # Common
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts
@ -272,8 +273,8 @@ install -D client/target/pythonlibs/jasypt-1.9.2.jar ${RPM_BUILD_ROOT}%{_datadir
install -D packaging/centos7/cloud-ipallocator.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-ipallocator install -D packaging/centos7/cloud-ipallocator.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-ipallocator
install -D packaging/centos7/cloud-management.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}-management install -D packaging/centos7/cloud-management.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}-management
install -D server/target/conf/cloudstack-sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
install -D packaging/centos7/cloud-management.service ${RPM_BUILD_ROOT}%{_unitdir}/%{name}-management.service install -D packaging/centos7/cloud-management.service ${RPM_BUILD_ROOT}%{_unitdir}/%{name}-management.service
install -D packaging/centos7/cloud-management.sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
install -D packaging/centos7/cloud.limits ${RPM_BUILD_ROOT}%{_sysconfdir}/security/limits.d/cloud install -D packaging/centos7/cloud.limits ${RPM_BUILD_ROOT}%{_sysconfdir}/security/limits.d/cloud
touch ${RPM_BUILD_ROOT}%{_localstatedir}/run/%{name}-management.pid touch ${RPM_BUILD_ROOT}%{_localstatedir}/run/%{name}-management.pid

8
python/lib/cloudutils/configFileOps.py
View File

@ -175,11 +175,3 @@ class configFileOps:
self.add_lines(oldLine, False) self.add_lines(oldLine, False)
else: else:
self.replace_lines(newLine, oldLine, False) self.replace_lines(newLine, oldLine, False)
if __name__ == '__main__':
cfo = configFileOps("./sudoers")
#cloud ALL = NOPASSWD : ALL
cfo.addEntry("cloud ALL ", "NOPASSWD : ALL")
cfo.rmEntry("Defaults", "requiretty", " ")
#cfo.addEntry("zone", "test", " ")
cfo.save()

18
python/lib/cloudutils/serviceConfig.py
View File

@ -721,24 +721,6 @@ class cloudAgentConfig(serviceCfgBase):
def restore(self): def restore(self):
return True return True
class sudoersConfig(serviceCfgBase):
def __init__(self, syscfg):
super(sudoersConfig, self).__init__(syscfg)
self.serviceName = "sudoers"
def config(self):
try:
cfo = configFileOps("/etc/sudoers", self)
cfo.addEntry("cloud ALL ", "NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount, /usr/bin/keytool")
cfo.rmEntry("Defaults", "requiretty", " ")
cfo.save()
return True
except:
raise
def restore(self):
return True
class firewallConfigServer(firewallConfigBase): class firewallConfigServer(firewallConfigBase):
def __init__(self, syscfg): def __init__(self, syscfg):
super(firewallConfigServer, self).__init__(syscfg) super(firewallConfigServer, self).__init__(syscfg)

6
python/lib/cloudutils/syscfg.py
View File

@ -206,12 +206,10 @@ class sysConfigServerRedhat(sysConfigServer):
def __init__(self, glbEnv): def __init__(self, glbEnv):
super(sysConfigServerRedhat, self).__init__(glbEnv) super(sysConfigServerRedhat, self).__init__(glbEnv)
self.svo = serviceOpsRedhat() self.svo = serviceOpsRedhat()
self.services = [sudoersConfig(self), self.services = [firewallConfigServer(self)]
firewallConfigServer(self)]
class sysConfigServerUbuntu(sysConfigServer): class sysConfigServerUbuntu(sysConfigServer):
def __init__(self, glbEnv): def __init__(self, glbEnv):
super(sysConfigServerUbuntu, self).__init__(glbEnv) super(sysConfigServerUbuntu, self).__init__(glbEnv)
self.svo = serviceOpsUbuntu() self.svo = serviceOpsUbuntu()
self.services = [sudoersConfig(self), self.services = [ubuntuFirewallConfigServer(self)]
ubuntuFirewallConfigServer(self)]

5
server/conf/cloudstack-sudoers.in
View File

@ -18,5 +18,8 @@
# The CloudStack management server needs sudo permissions # The CloudStack management server needs sudo permissions
# without a password. # without a password.
@MSUSER@ ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount Cmnd_Alias CLOUDSTACK = /bin/mkdir, /bin/mount, /bin/umount, /bin/cp, /bin/chmod, /usr/bin/keytool, /bin/keytool
Defaults:@MSUSER@ !requiretty
@MSUSER@ ALL=(root) NOPASSWD:CLOUDSTACK