2019-09-30 15:15:42 +02:00
# -------------------------------------------------------------------------- #
2020-04-30 15:00:02 +02:00
# Copyright 2002-2020, OpenNebula Project, OpenNebula Systems #
2019-09-30 15:15:42 +02:00
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
# Holds configuration about sudoers requirements for OpeNebula
class Sudoers
NODECMDS = [ :NET , :OVS , :LVM , :LXD ]
attr_accessor :cmds
def initialize ( lib_location )
# Commands required to be used as root, without password, by oneadmin
@cmds = {
2020-05-11 19:03:23 +02:00
:NET = > [
'ebtables' ,
'iptables' ,
'ip6tables' ,
'ipset' ,
'ip link *' ,
2020-12-20 22:49:54 +01:00
'ip tuntap *' ,
'ip route *' ,
'ip neighbour *'
2020-05-11 19:03:23 +02:00
] ,
2019-09-30 15:15:42 +02:00
:LVM = > %w[
lvcreate lvremove lvs vgdisplay lvchange lvscan lvextend
] ,
:OVS = > %w[ ovs-ofctl ovs-vsctl ] ,
:CEPH = > %w[ rbd ] ,
:LXD = > %w[
/ snap / bin / lxc / usr / bin / catfstab mount umount mkdir lsblk losetup
kpartx qemu - nbd blkid e2fsck resize2fs xfs_growfs rbd - nbd
xfs_admin tune2fs
] ,
:HA = > [
'systemctl start opennebula-flow' ,
'systemctl stop opennebula-flow' ,
'systemctl start opennebula-gate' ,
'systemctl stop opennebula-gate' ,
2019-10-07 10:02:08 +02:00
'systemctl start opennebula-hem' ,
'systemctl stop opennebula-hem' ,
2020-05-18 09:44:56 +02:00
'systemctl start opennebula-showback.timer' ,
'systemctl stop opennebula-showback.timer' ,
2019-09-30 15:15:42 +02:00
'service opennebula-flow start' ,
'service opennebula-flow stop' ,
'service opennebula-gate start' ,
'service opennebula-gate stop' ,
2019-10-07 10:02:08 +02:00
'service opennebula-hem start' ,
'service opennebula-hem stop' ,
'arping' ,
2020-05-11 19:03:23 +02:00
'ip address *'
2019-09-30 15:15:42 +02:00
] ,
2020-05-18 02:54:11 +02:00
:MARKET = > %W[ #{ lib_location } /sh/create_container_image.sh
#{lib_location}/sh/create_docker_image.sh ],
2020-03-27 11:18:18 +01:00
:FIRECRACKER = > %w[ /usr/bin/jailer
2020-05-19 14:55:12 +02:00
/ usr /s bin / one - clean - firecracker - domain
/ usr /s bin / one - prepare - firecracker - domain ]
2019-09-30 15:15:42 +02:00
}
end
# Return a list of commands full path
def aliases
cmnd_aliases = { }
cmds . keys . each do | label |
cmd_path = [ ]
cmds [ label ] . each do | cmd |
if cmd [ 0 ] == '/'
cmd_path << cmd
next
end
cmd_parts = cmd . split
cmd_parts [ 0 ] = which ( cmd_parts [ 0 ] )
if cmd_parts [ 0 ] . empty?
STDERR . puts " command not found: #{ cmd } "
exit 1
end
cmd_path << cmd_parts . join ( ' ' )
end
cmnd_aliases [ " ONE_ #{ label } " ] = cmd_path
end
cmnd_aliases
end
def which ( cmd )
` which #{ cmd } 2>/dev/null ` . strip
end
end