You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@cloudstack.apache.org by da...@apache.org on 2015/06/19 16:01:09 UTC
git commit: updated refs/heads/master to 870e189
Repository: cloudstack
Updated Branches:
refs/heads/master c45c9bfee -> 870e1898e
Use same sudoers config for all distros Cleanup buggy code for sudoers file editing
Signed-off-by: Daan Hoogland <da...@onecht.net>
This closes #332
Project: http://git-wip-us.apache.org/repos/asf/cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/cloudstack/commit/870e1898
Tree: http://git-wip-us.apache.org/repos/asf/cloudstack/tree/870e1898
Diff: http://git-wip-us.apache.org/repos/asf/cloudstack/diff/870e1898
Branch: refs/heads/master
Commit: 870e1898eb28039fafaaeb8e50a7039f626f912c
Parents: c45c9bf
Author: Rafael da Fonseca <rs...@gmail.com>
Authored: Fri May 29 22:10:39 2015 +0200
Committer: Daan Hoogland <da...@onecht.net>
Committed: Fri Jun 19 16:00:57 2015 +0200
----------------------------------------------------------------------
debian/rules | 4 ++--
packaging/centos63/cloud.spec | 3 +++
packaging/centos7/cloud-management.sudoers | 22 ----------------------
packaging/centos7/cloud.spec | 3 ++-
python/lib/cloudutils/configFileOps.py | 8 --------
python/lib/cloudutils/serviceConfig.py | 18 ------------------
python/lib/cloudutils/syscfg.py | 6 ++----
server/conf/cloudstack-sudoers.in | 5 ++++-
8 files changed, 13 insertions(+), 56 deletions(-)
----------------------------------------------------------------------
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/870e1898/debian/rules
----------------------------------------------------------------------
diff --git a/debian/rules b/debian/rules
index 888cf5b..b06f929 100755
--- a/debian/rules
+++ b/debian/rules
@@ -71,8 +71,8 @@ override_dh_auto_install:
# nast hack for a couple of configuration files
mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-limits.conf $(DESTDIR)/$(SYSCONFDIR)/security/limits.d/
- mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-sudoers $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack
- chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack
+ mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-sudoers $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/$(PACKAGE)
+ chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/$(PACKAGE)
ln -s tomcat6-nonssl.conf $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/tomcat6.conf
ln -s server-nonssl.xml $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/server.xml
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/870e1898/packaging/centos63/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec
index a194096..3e8c6e2 100644
--- a/packaging/centos63/cloud.spec
+++ b/packaging/centos63/cloud.spec
@@ -225,6 +225,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/management
mkdir -p ${RPM_BUILD_ROOT}%{_initrddir}
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d
# Common
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts
@@ -297,6 +298,7 @@ install -D client/target/pythonlibs/jasypt-1.9.2.jar ${RPM_BUILD_ROOT}%{_datadir
install -D packaging/centos63/cloud-ipallocator.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-ipallocator
install -D packaging/centos63/cloud-management.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-management
install -D packaging/centos63/cloud-management.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}-management
+install -D server/target/conf/cloudstack-sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
install -D packaging/centos63/tomcat.sh ${RPM_BUILD_ROOT}%{_initrddir}/tomcat.sh
chmod 770 ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/Catalina
@@ -532,6 +534,7 @@ fi
%dir %attr(0770,root,cloud) %{_localstatedir}/cache/%{name}/management/temp
%dir %attr(0770,root,cloud) %{_localstatedir}/log/%{name}/management
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-management
+%config(noreplace) %{_sysconfdir}/sudoers.d/%{name}-management
%config(noreplace) %attr(0640,root,cloud) %{_sysconfdir}/%{name}/management/db.properties
%config(noreplace) %{_sysconfdir}/%{name}/management/log4j-cloud.xml
%config(noreplace) %{_sysconfdir}/%{name}/management/tomcat6-nonssl.conf
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/870e1898/packaging/centos7/cloud-management.sudoers
----------------------------------------------------------------------
diff --git a/packaging/centos7/cloud-management.sudoers b/packaging/centos7/cloud-management.sudoers
deleted file mode 100644
index ad79cae..0000000
--- a/packaging/centos7/cloud-management.sudoers
+++ /dev/null
@@ -1,22 +0,0 @@
-# Licensed to the Apache Software Foundation (ASF) under one
-# or more contributor license agreements. See the NOTICE file
-# distributed with this work for additional information
-# regarding copyright ownership. The ASF licenses this file
-# to you under the Apache License, Version 2.0 (the
-# "License"); you may not use this file except in compliance
-# with the License. You may obtain a copy of the License at
-#
-# http://www.apache.org/licenses/LICENSE-2.0
-#
-# Unless required by applicable law or agreed to in writing,
-# software distributed under the License is distributed on an
-# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
-# KIND, either express or implied. See the License for the
-# specific language governing permissions and limitations
-# under the License.
-
-Cmnd_Alias CLOUDSTACK = /bin/mkdir, /bin/mount, /bin/umount, /bin/cp, /bin/chmod, /usr/bin/keytool, /bin/keytool
-
-Defaults:cloud !requiretty
-
-cloud ALL=(root) NOPASSWD:CLOUDSTACK
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/870e1898/packaging/centos7/cloud.spec
----------------------------------------------------------------------
diff --git a/packaging/centos7/cloud.spec b/packaging/centos7/cloud.spec
index d9ed26e..cf9c9b3 100644
--- a/packaging/centos7/cloud.spec
+++ b/packaging/centos7/cloud.spec
@@ -199,6 +199,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/management
mkdir -p ${RPM_BUILD_ROOT}%{_initrddir}
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d
+mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d
# Common
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts
@@ -272,8 +273,8 @@ install -D client/target/pythonlibs/jasypt-1.9.2.jar ${RPM_BUILD_ROOT}%{_datadir
install -D packaging/centos7/cloud-ipallocator.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-ipallocator
install -D packaging/centos7/cloud-management.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}-management
+install -D server/target/conf/cloudstack-sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
install -D packaging/centos7/cloud-management.service ${RPM_BUILD_ROOT}%{_unitdir}/%{name}-management.service
-install -D packaging/centos7/cloud-management.sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
install -D packaging/centos7/cloud.limits ${RPM_BUILD_ROOT}%{_sysconfdir}/security/limits.d/cloud
touch ${RPM_BUILD_ROOT}%{_localstatedir}/run/%{name}-management.pid
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/870e1898/python/lib/cloudutils/configFileOps.py
----------------------------------------------------------------------
diff --git a/python/lib/cloudutils/configFileOps.py b/python/lib/cloudutils/configFileOps.py
index 363b78d..e931824 100644
--- a/python/lib/cloudutils/configFileOps.py
+++ b/python/lib/cloudutils/configFileOps.py
@@ -175,11 +175,3 @@ class configFileOps:
self.add_lines(oldLine, False)
else:
self.replace_lines(newLine, oldLine, False)
-
-if __name__ == '__main__':
- cfo = configFileOps("./sudoers")
- #cloud ALL = NOPASSWD : ALL
- cfo.addEntry("cloud ALL ", "NOPASSWD : ALL")
- cfo.rmEntry("Defaults", "requiretty", " ")
- #cfo.addEntry("zone", "test", " ")
- cfo.save()
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/870e1898/python/lib/cloudutils/serviceConfig.py
----------------------------------------------------------------------
diff --git a/python/lib/cloudutils/serviceConfig.py b/python/lib/cloudutils/serviceConfig.py
index 03891ea..b2adc31 100755
--- a/python/lib/cloudutils/serviceConfig.py
+++ b/python/lib/cloudutils/serviceConfig.py
@@ -721,24 +721,6 @@ class cloudAgentConfig(serviceCfgBase):
def restore(self):
return True
-
-class sudoersConfig(serviceCfgBase):
- def __init__(self, syscfg):
- super(sudoersConfig, self).__init__(syscfg)
- self.serviceName = "sudoers"
- def config(self):
- try:
- cfo = configFileOps("/etc/sudoers", self)
- cfo.addEntry("cloud ALL ", "NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount, /usr/bin/keytool")
- cfo.rmEntry("Defaults", "requiretty", " ")
- cfo.save()
- return True
- except:
- raise
-
- def restore(self):
- return True
-
class firewallConfigServer(firewallConfigBase):
def __init__(self, syscfg):
super(firewallConfigServer, self).__init__(syscfg)
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/870e1898/python/lib/cloudutils/syscfg.py
----------------------------------------------------------------------
diff --git a/python/lib/cloudutils/syscfg.py b/python/lib/cloudutils/syscfg.py
index 290f56c..467fcf1 100755
--- a/python/lib/cloudutils/syscfg.py
+++ b/python/lib/cloudutils/syscfg.py
@@ -206,12 +206,10 @@ class sysConfigServerRedhat(sysConfigServer):
def __init__(self, glbEnv):
super(sysConfigServerRedhat, self).__init__(glbEnv)
self.svo = serviceOpsRedhat()
- self.services = [sudoersConfig(self),
- firewallConfigServer(self)]
+ self.services = [firewallConfigServer(self)]
class sysConfigServerUbuntu(sysConfigServer):
def __init__(self, glbEnv):
super(sysConfigServerUbuntu, self).__init__(glbEnv)
self.svo = serviceOpsUbuntu()
- self.services = [sudoersConfig(self),
- ubuntuFirewallConfigServer(self)]
+ self.services = [ubuntuFirewallConfigServer(self)]
http://git-wip-us.apache.org/repos/asf/cloudstack/blob/870e1898/server/conf/cloudstack-sudoers.in
----------------------------------------------------------------------
diff --git a/server/conf/cloudstack-sudoers.in b/server/conf/cloudstack-sudoers.in
index 0690164..908d2f4 100644
--- a/server/conf/cloudstack-sudoers.in
+++ b/server/conf/cloudstack-sudoers.in
@@ -18,5 +18,8 @@
# The CloudStack management server needs sudo permissions
# without a password.
-@MSUSER@ ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount
+Cmnd_Alias CLOUDSTACK = /bin/mkdir, /bin/mount, /bin/umount, /bin/cp, /bin/chmod, /usr/bin/keytool, /bin/keytool
+Defaults:@MSUSER@ !requiretty
+
+@MSUSER@ ALL=(root) NOPASSWD:CLOUDSTACK