shaba/one
1
0
Fork 0
mirror of https://github.com/OpenNebula/one.git synced 2025-03-20 10:50:08 +03:00
Code Releases Wiki Activity

Bug #2724: Add resource provider ALL to users group on bootstrap

Browse Source
This commit is contained in:
Carlos Martín 2014-02-19 16:49:26 +01:00
parent def8fa4490
commit 0a71139b34
6 changed files with 163 additions and 191 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
include/RequestManagerGroup.h
View File

@ -104,9 +104,6 @@ protected:
virtual int edit_resource_provider(
Group* group, int zone_id, int cluster_id, string& error_msg) = 0;
virtual int edit_acl_rules(
int group_id, int zone_id, int cluster_id, string& error_msg) = 0;
};
/* ------------------------------------------------------------------------- */
@ -125,9 +122,6 @@ public:
int edit_resource_provider(
Group* group, int zone_id, int cluster_id, string& error_msg);
int edit_acl_rules(
int group_id, int zone_id, int cluster_id, string& error_msg);
};
/* ------------------------------------------------------------------------- */
@ -146,9 +140,6 @@ public:
int edit_resource_provider(
Group* group, int zone_id, int cluster_id, string& error_msg);
int edit_acl_rules(
int group_id, int zone_id, int cluster_id, string& error_msg);
};
/* -------------------------------------------------------------------------- */

14
src/acl/AclManager.cc
View File

@ -96,17 +96,7 @@ AclManager::AclManager(
zone_id,
error_str);
// Users in USERS can deploy VMs in any HOST
// @1 HOST/* MANAGE #<local-zone>
add_rule(AclRule::GROUP_ID |
1,
AclRule::ALL_ID |
PoolObjectSQL::HOST,
AuthRequest::MANAGE,
AclRule::INDIVIDUAL_ID |
zone_id,
error_str);
// * DOCUMENT/* CREATE #<local-zone>
add_rule(AclRule::ALL_ID,
AclRule::ALL_ID |
PoolObjectSQL::DOCUMENT,
@ -115,7 +105,7 @@ AclManager::AclManager(
zone_id,
error_str);
// @<gid> ZONE/#<zone> USE *
// * ZONE/* USE *
add_rule(AclRule::ALL_ID,
AclRule::ALL_ID |
PoolObjectSQL::ZONE,

102
src/group/Group.cc
View File

@ -317,6 +317,11 @@ int Group::from_xml(const string& xml)
int Group::add_resource_provider(int zone_id, int cluster_id, string& error_msg)
{
AclManager* aclm = Nebula::instance().get_aclm();
int rc = 0;
long long mask_prefix;
pair<set<pair<int, int> >::iterator,bool> ret;
ret = providers.insert(pair<int,int>(zone_id, cluster_id));
@ -327,6 +332,51 @@ int Group::add_resource_provider(int zone_id, int cluster_id, string& error_msg)
return -1;
}
if (cluster_id == ClusterPool::ALL_RESOURCES)
{
mask_prefix = AclRule::ALL_ID;
}
else
{
mask_prefix = AclRule::CLUSTER_ID | cluster_id;
}
// @<gid> HOST/%<cid> MANAGE #<zone>
rc += aclm->add_rule(
AclRule::GROUP_ID |
oid,
mask_prefix |
PoolObjectSQL::HOST,
AuthRequest::MANAGE,
AclRule::INDIVIDUAL_ID |
zone_id,
error_msg);
// @<gid> DATASTORE+NET/%<cid> USE #<zone>
rc += aclm->add_rule(
AclRule::GROUP_ID |
oid,
mask_prefix |
PoolObjectSQL::DATASTORE |
PoolObjectSQL::NET,
AuthRequest::USE,
AclRule::INDIVIDUAL_ID |
zone_id,
error_msg);
if (rc != 0)
{
return -1;
}
return 0;
}
@ -335,11 +385,63 @@ int Group::add_resource_provider(int zone_id, int cluster_id, string& error_msg)
int Group::del_resource_provider(int zone_id, int cluster_id, string& error_msg)
{
AclManager* aclm = Nebula::instance().get_aclm();
int rc = 0;
long long mask_prefix;
if( providers.erase(pair<int,int>(zone_id, cluster_id)) != 1 )
{
error_msg = "Resource provider is not assigned to this group";
return -1;
}
if (cluster_id == ClusterPool::ALL_RESOURCES)
{
mask_prefix = AclRule::ALL_ID;
}
else
{
mask_prefix = AclRule::CLUSTER_ID | cluster_id;
}
// @<gid> HOST/%<cid> MANAGE #<zid>
rc += aclm->del_rule(
AclRule::GROUP_ID |
oid,
mask_prefix |
PoolObjectSQL::HOST,
AuthRequest::MANAGE,
AclRule::INDIVIDUAL_ID |
zone_id,
error_msg);
// @<gid> DATASTORE+NET/%<cid> USE #<zid>
rc += aclm->del_rule(
AclRule::GROUP_ID |
oid,
mask_prefix |
PoolObjectSQL::DATASTORE |
PoolObjectSQL::NET,
AuthRequest::USE,
AclRule::INDIVIDUAL_ID |
zone_id,
error_msg);
if (rc != 0)
{
return -1;
}
return 0;
}

6
src/group/GroupPool.cc
View File

@ -77,6 +77,12 @@ GroupPool::GroupPool(SqlDB * db,
goto error_groups;
}
group = get(rc, true);
group->add_resource_provider(Nebula::instance().get_zone_id(), ClusterPool::ALL_RESOURCES, error_str);
group->unlock();
set_update_lastOID(99);
}

105
src/nebula/Nebula.cc
View File

@ -377,6 +377,59 @@ void Nebula::start(bool bootstrap_only)
return;
}
// -----------------------------------------------------------
// Close stds, we no longer need them
// -----------------------------------------------------------
fd = open("/dev/null", O_RDWR);
dup2(fd,0);
dup2(fd,1);
dup2(fd,2);
close(fd);
fcntl(0,F_SETFD,0); // Keep them open across exec funcs
fcntl(1,F_SETFD,0);
fcntl(2,F_SETFD,0);
// -----------------------------------------------------------
// Block all signals before creating any Nebula thread
// -----------------------------------------------------------
sigfillset(&mask);
pthread_sigmask(SIG_BLOCK, &mask, NULL);
// -----------------------------------------------------------
//Managers
// -----------------------------------------------------------
MadManager::mad_manager_system_init();
time_t timer_period;
time_t monitor_period;
nebula_configuration->get("MANAGER_TIMER", timer_period);
nebula_configuration->get("MONITORING_INTERVAL", monitor_period);
// ---- ACL Manager ----
try
{
aclm = new AclManager(db, zone_id, is_federation_slave(), timer_period);
}
catch (bad_alloc&)
{
throw;
}
rc = aclm->start();
if ( rc != 0 )
{
throw runtime_error("Could not start the ACL Manager");
}
// -----------------------------------------------------------
// Pools
// -----------------------------------------------------------
@ -487,41 +540,6 @@ void Nebula::start(bool bootstrap_only)
throw;
}
// -----------------------------------------------------------
// Close stds, we no longer need them
// -----------------------------------------------------------
fd = open("/dev/null", O_RDWR);
dup2(fd,0);
dup2(fd,1);
dup2(fd,2);
close(fd);
fcntl(0,F_SETFD,0); // Keep them open across exec funcs
fcntl(1,F_SETFD,0);
fcntl(2,F_SETFD,0);
// -----------------------------------------------------------
// Block all signals before creating any Nebula thread
// -----------------------------------------------------------
sigfillset(&mask);
pthread_sigmask(SIG_BLOCK, &mask, NULL);
// -----------------------------------------------------------
//Managers
// -----------------------------------------------------------
MadManager::mad_manager_system_init();
time_t timer_period;
time_t monitor_period;
nebula_configuration->get("MANAGER_TIMER", timer_period);
nebula_configuration->get("MONITORING_INTERVAL", monitor_period);
// ---- Virtual Machine Manager ----
try
@ -698,23 +716,6 @@ void Nebula::start(bool bootstrap_only)
}
}
// ---- ACL Manager ----
try
{
aclm = new AclManager(db, zone_id, is_federation_slave(), timer_period);
}
catch (bad_alloc&)
{
throw;
}
rc = aclm->start();
if ( rc != 0 )
{
throw runtime_error("Could not start the ACL Manager");
}
// ---- Image Manager ----
try
{

118
src/rm/RequestManagerGroup.cc
View File

@ -197,8 +197,6 @@ void GroupEditProvider::request_execute(
return;
}
edit_acl_rules(group_id, zone_id, cluster_id, error_str);
success_response(cluster_id, att);
}
@ -214,124 +212,8 @@ int GroupAddProvider::edit_resource_provider(
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int GroupAddProvider::edit_acl_rules(
int group_id, int zone_id, int cluster_id, string& error_msg)
{
int rc = 0;
long long mask_prefix;
if (cluster_id == ClusterPool::ALL_RESOURCES)
{
mask_prefix = AclRule::ALL_ID;
}
else
{
mask_prefix = AclRule::CLUSTER_ID | cluster_id;
}
// @<gid> HOST/%<cid> MANAGE #<zone>
rc += aclm->add_rule(
AclRule::GROUP_ID |
group_id,
mask_prefix |
PoolObjectSQL::HOST,
AuthRequest::MANAGE,
AclRule::INDIVIDUAL_ID |
zone_id,
error_msg);
// @<gid> DATASTORE+NET/%<cid> USE #<zone>
rc += aclm->add_rule(
AclRule::GROUP_ID |
group_id,
mask_prefix |
PoolObjectSQL::DATASTORE |
PoolObjectSQL::NET,
AuthRequest::USE,
AclRule::INDIVIDUAL_ID |
zone_id,
error_msg);
if (rc != 0)
{
return -1;
}
return 0;
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int GroupDelProvider::edit_resource_provider(
Group* group, int zone_id, int cluster_id, string& error_msg)
{
return group->del_resource_provider(zone_id, cluster_id, error_msg);
}
/* -------------------------------------------------------------------------- */
/* -------------------------------------------------------------------------- */
int GroupDelProvider::edit_acl_rules(
int group_id, int zone_id, int cluster_id, string& error_msg)
{
int rc = 0;
long long mask_prefix;
if (cluster_id == ClusterPool::ALL_RESOURCES)
{
mask_prefix = AclRule::ALL_ID;
}
else
{
mask_prefix = AclRule::CLUSTER_ID | cluster_id;
}
// @<gid> HOST/%<cid> MANAGE #<zid>
rc += aclm->del_rule(
AclRule::GROUP_ID |
group_id,
mask_prefix |
PoolObjectSQL::HOST,
AuthRequest::MANAGE,
AclRule::INDIVIDUAL_ID |
zone_id,
error_msg);
// @<gid> DATASTORE+NET/%<cid> USE #<zid>
rc += aclm->del_rule(
AclRule::GROUP_ID |
group_id,
mask_prefix |
PoolObjectSQL::DATASTORE |
PoolObjectSQL::NET,
AuthRequest::USE,
AclRule::INDIVIDUAL_ID |
zone_id,
error_msg);
if (rc != 0)
{
return -1;
}
return 0;
}