2019-09-30 16:15:42 +03:00
# -------------------------------------------------------------------------- #
2023-01-09 14:23:19 +03:00
# Copyright 2002-2023, OpenNebula Project, OpenNebula Systems #
2019-09-30 16:15:42 +03:00
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may #
# not use this file except in compliance with the License. You may obtain #
# a copy of the License at #
# #
# http://www.apache.org/licenses/LICENSE-2.0 #
# #
# Unless required by applicable law or agreed to in writing, software #
# distributed under the License is distributed on an "AS IS" BASIS, #
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. #
# See the License for the specific language governing permissions and #
# limitations under the License. #
#--------------------------------------------------------------------------- #
# Holds configuration about sudoers requirements for OpeNebula
class Sudoers
2022-02-17 17:51:27 +03:00
NODECMDS = [ :NET , :OVS , :LVM , :LXD , :MEM , :VGPU ]
2019-09-30 16:15:42 +03:00
attr_accessor :cmds
def initialize ( lib_location )
# Commands required to be used as root, without password, by oneadmin
@cmds = {
2020-05-11 20:03:23 +03:00
:NET = > [
'ebtables' ,
'iptables' ,
'ip6tables' ,
'ipset' ,
'ip link *' ,
2020-12-21 00:49:54 +03:00
'ip tuntap *' ,
'ip route *' ,
'ip neighbour *'
2020-05-11 20:03:23 +03:00
] ,
2023-02-07 15:11:23 +03:00
:LVM = > [
'lvcreate' , 'lvremove' , 'lvs' , 'vgdisplay' , 'lvchange' , 'lvscan' , 'lvextend'
2019-09-30 16:15:42 +03:00
] ,
2023-02-07 15:11:23 +03:00
:OVS = > [ 'ovs-ofctl' , 'ovs-vsctl' ] ,
:CEPH = > [ 'rbd' ] ,
:LXD = > [
'/snap/bin/lxc' , '/usr/bin/catfstab' , 'mount' , 'umount' , 'mkdir' , 'lsblk' ,
'losetup' , 'kpartx' , 'qemu-nbd' , 'blkid' , 'e2fsck' , 'resize2fs' , 'xfs_growfs' ,
'rbd-nbd' , 'xfs_admin' , 'tune2fs'
2019-09-30 16:15:42 +03:00
] ,
:HA = > [
'systemctl start opennebula-flow' ,
'systemctl stop opennebula-flow' ,
'systemctl start opennebula-gate' ,
'systemctl stop opennebula-gate' ,
2019-10-07 11:02:08 +03:00
'systemctl start opennebula-hem' ,
'systemctl stop opennebula-hem' ,
2020-05-18 10:44:56 +03:00
'systemctl start opennebula-showback.timer' ,
'systemctl stop opennebula-showback.timer' ,
2019-09-30 16:15:42 +03:00
'service opennebula-flow start' ,
'service opennebula-flow stop' ,
'service opennebula-gate start' ,
'service opennebula-gate stop' ,
2019-10-07 11:02:08 +03:00
'service opennebula-hem start' ,
'service opennebula-hem stop' ,
'arping' ,
2020-05-11 20:03:23 +03:00
'ip address *'
2019-09-30 16:15:42 +03:00
] ,
2023-02-07 15:11:23 +03:00
:MARKET = > [ " #{ lib_location } /sh/create_container_image.sh " ,
" #{ lib_location } /sh/create_docker_image.sh " ] ,
:FIRECRACKER = > [ '/usr/bin/jailer' ,
'/usr/sbin/one-clean-firecracker-domain' ,
'/usr/sbin/one-prepare-firecracker-domain' ] ,
:LXC = > [
'mount' , 'umount' , 'bindfs' , 'losetup' , 'qemu-nbd' , 'lxc-attach' , 'lxc-config' ,
'lxc-create' , 'lxc-destroy' , 'lxc-info' , 'lxc-ls' , 'lxc-start' , 'lxc-stop' ,
'lxc-console' , 'e2fsck' , 'resize2fs' , 'xfs_growfs' , 'rbd-nbd'
2021-03-08 13:45:50 +03:00
] ,
2022-02-17 17:51:27 +03:00
:MEM = > [ 'sysctl vm.drop_caches=3 vm.compact_memory=1' ] ,
2023-02-07 15:11:23 +03:00
:VGPU = > [ 'sudo' , '/var/tmp/one/vgpu' ]
2019-09-30 16:15:42 +03:00
}
end
# Return a list of commands full path
def aliases
cmnd_aliases = { }
cmds . keys . each do | label |
cmd_path = [ ]
cmds [ label ] . each do | cmd |
if cmd [ 0 ] == '/'
cmd_path << cmd
next
end
cmd_parts = cmd . split
cmd_parts [ 0 ] = which ( cmd_parts [ 0 ] )
if cmd_parts [ 0 ] . empty?
STDERR . puts " command not found: #{ cmd } "
exit 1
end
cmd_path << cmd_parts . join ( ' ' )
end
cmnd_aliases [ " ONE_ #{ label } " ] = cmd_path
end
cmnd_aliases
end
def which ( cmd )
` which #{ cmd } 2>/dev/null ` . strip
end
end