From 485a19047dac5af86715de4173b1a28cdc1ac99a Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Thu, 15 Aug 2013 11:57:14 -0400 Subject: [PATCH 1/6] Bug #2257: convert paths in OpenNebulaNetwork.rb to relative paths --- src/vnm_mad/remotes/OpenNebulaNetwork.rb | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/src/vnm_mad/remotes/OpenNebulaNetwork.rb b/src/vnm_mad/remotes/OpenNebulaNetwork.rb index 7a228edad2..ba8b72c4f1 100644 --- a/src/vnm_mad/remotes/OpenNebulaNetwork.rb +++ b/src/vnm_mad/remotes/OpenNebulaNetwork.rb @@ -30,16 +30,16 @@ CONF = { } COMMANDS = { - :ebtables => "sudo /sbin/ebtables", - :iptables => "sudo /sbin/iptables", - :brctl => "sudo /sbin/brctl", - :ip => "sudo /sbin/ip", - :vconfig => "sudo /sbin/vconfig", + :ebtables => "sudo ebtables", + :iptables => "sudo iptables", + :brctl => "sudo brctl", + :ip => "sudo ip", + :vconfig => "sudo vconfig", :virsh => "virsh -c qemu:///system", - :xm => "sudo /usr/sbin/xm", - :ovs_vsctl=> "sudo /usr/bin/ovs-vsctl", - :ovs_ofctl=> "sudo /usr/bin/ovs-ofctl", - :lsmod => "/sbin/lsmod" + :xm => "sudo xm", + :ovs_vsctl=> "sudo ovs-vsctl", + :ovs_ofctl=> "sudo ovs-ofctl", + :lsmod => "lsmod" } class VM From a067fb082d6890fe6913806d205a5aae9c0ca63b Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Thu, 15 Aug 2013 12:04:40 -0400 Subject: [PATCH 2/6] Bug #2257: Add a sudoers file generator --- share/sudoers/sudo_commands.rb | 66 ++++++++++++++++++++++++++++++++++ 1 file changed, 66 insertions(+) create mode 100644 share/sudoers/sudo_commands.rb diff --git a/share/sudoers/sudo_commands.rb b/share/sudoers/sudo_commands.rb new file mode 100644 index 0000000000..7ab055c4d0 --- /dev/null +++ b/share/sudoers/sudo_commands.rb @@ -0,0 +1,66 @@ +#!/usr/bin/env ruby + +# -------------------------------------------------------------------------- # +# Copyright 2002-2013, OpenNebula Project (OpenNebula.org), C12G Labs # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. You may obtain # +# a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +#--------------------------------------------------------------------------- # + +require "erb" + +CMDS = { + :MISC => %w(dd mkfs sync), + :NET => %w(brctl ebtables iptables ip vconfig), + :LVM => %w(lvcreate lvremove lvrename lvs vgdisplay), + :ISCSI => %w(iscsiadm tgt-admin tgtadm), + :OVS => %w(ovs-ofctl ovs-vsctl), + :XEN => %w(xentop xl xm) +} + +abs_cmds = {} +not_found_cmds = [] + +CMDS.each do |label, cmds| + _abs_cmds = [] + + cmds.each do |cmd| + abs_cmd = `which #{cmd} 2>/dev/null` + + if !abs_cmd.empty? + _abs_cmds << abs_cmd.strip + else + not_found_cmds << cmd + end + end + + abs_cmds["ONE_#{label}"] = _abs_cmds +end + +abs_cmds.reject!{|k,v| v.empty?} + +puts ERB.new(DATA.read,nil, "<>").result(binding) + +if !not_found_cmds.empty? + STDERR.puts "\n---\n\nNot found:" + not_found_cmds.each{|cmd| STDERR.puts("- #{cmd}")} +end + +__END__ +Defaults !requiretty +Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin + +<% abs_cmds.each do |k,v| %> +Cmnd_Alias <%= k %> = <%= v.join(", ") %> +<% end %> + +oneadmin ALL=(ALL) NOPASSWD: <%= abs_cmds.keys.join(", ") %> From cb15b27ea0575bc500830c2f691895bbb86a4fad Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Thu, 15 Aug 2013 13:58:43 -0400 Subject: [PATCH 3/6] Bug #2257: deterministic output for ruby 1.8.7 --- share/sudoers/sudo_commands.rb | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) diff --git a/share/sudoers/sudo_commands.rb b/share/sudoers/sudo_commands.rb index 7ab055c4d0..0ccb905e57 100644 --- a/share/sudoers/sudo_commands.rb +++ b/share/sudoers/sudo_commands.rb @@ -18,6 +18,8 @@ require "erb" +KEYS = [:MISC , :NET , :LVM , :ISCSI , :OVS , :XEN] + CMDS = { :MISC => %w(dd mkfs sync), :NET => %w(brctl ebtables iptables ip vconfig), @@ -30,9 +32,10 @@ CMDS = { abs_cmds = {} not_found_cmds = [] -CMDS.each do |label, cmds| - _abs_cmds = [] +KEYS.each do |label| + cmds = CMDS[label] + _abs_cmds = [] cmds.each do |cmd| abs_cmd = `which #{cmd} 2>/dev/null` @@ -59,8 +62,10 @@ __END__ Defaults !requiretty Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin -<% abs_cmds.each do |k,v| %> +<% KEYS.each do |k|; v = abs_cmds["ONE_#{k}"] %> +<% if !v.nil? %> Cmnd_Alias <%= k %> = <%= v.join(", ") %> <% end %> +<% end %> -oneadmin ALL=(ALL) NOPASSWD: <%= abs_cmds.keys.join(", ") %> +oneadmin ALL=(ALL) NOPASSWD: <%= KEYS.select{|k| l="ONE_#{k}"; l if !abs_cmds[l].nil?}.join(", ") %> From 886cc05b8b21ea621c7a6e1da1c30bfdf5a4d1d1 Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Thu, 15 Aug 2013 15:05:00 -0400 Subject: [PATCH 4/6] Bug #2257: Better label for ONE commands for the sudoers file --- share/sudoers/sudo_commands.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/share/sudoers/sudo_commands.rb b/share/sudoers/sudo_commands.rb index 0ccb905e57..dc80f62681 100644 --- a/share/sudoers/sudo_commands.rb +++ b/share/sudoers/sudo_commands.rb @@ -62,10 +62,10 @@ __END__ Defaults !requiretty Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin -<% KEYS.each do |k|; v = abs_cmds["ONE_#{k}"] %> +<% KEYS.each do |k|; l = "ONE_#{k}"; v = abs_cmds[l] %> <% if !v.nil? %> -Cmnd_Alias <%= k %> = <%= v.join(", ") %> +Cmnd_Alias <%= l %> = <%= v.join(", ") %> <% end %> <% end %> -oneadmin ALL=(ALL) NOPASSWD: <%= KEYS.select{|k| l="ONE_#{k}"; l if !abs_cmds[l].nil?}.join(", ") %> +oneadmin ALL=(ALL) NOPASSWD: <%= KEYS.select{|k| !abs_cmds["ONE_#{k}"].nil?}.collect{|k| "ONE_#{k}"}.join(", ") %> From c80a94761337b85f3e070d2d351c079abc11c31c Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Thu, 15 Aug 2013 15:15:50 -0400 Subject: [PATCH 5/6] Bug #2257: Add sudoers files for all distributions --- share/pkgs/CentOS/sudoers.opennebula | 12 ++++++++++++ share/pkgs/Debian/sudoers.opennebula | 11 +++++++++++ share/pkgs/Ubuntu/sudoers.opennebula | 11 +++++++++++ share/pkgs/openSUSE/sudoers.opennebula | 11 +++++++++++ 4 files changed, 45 insertions(+) create mode 100644 share/pkgs/CentOS/sudoers.opennebula create mode 100644 share/pkgs/Debian/sudoers.opennebula create mode 100644 share/pkgs/Ubuntu/sudoers.opennebula create mode 100644 share/pkgs/openSUSE/sudoers.opennebula diff --git a/share/pkgs/CentOS/sudoers.opennebula b/share/pkgs/CentOS/sudoers.opennebula new file mode 100644 index 0000000000..4b5e6d7b4d --- /dev/null +++ b/share/pkgs/CentOS/sudoers.opennebula @@ -0,0 +1,12 @@ +Defaults !requiretty +Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin + +Cmnd_Alias ONE_MISC = /bin/dd, /sbin/mkfs, /bin/sync +Cmnd_Alias ONE_NET = /usr/sbin/brctl, /sbin/ebtables, /sbin/iptables, /sbin/ip, /sbin/vconfig +Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvrename, /sbin/lvs, /sbin/vgdisplay +Cmnd_Alias ONE_ISCSI = /sbin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm +Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl +Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm + +oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN + diff --git a/share/pkgs/Debian/sudoers.opennebula b/share/pkgs/Debian/sudoers.opennebula new file mode 100644 index 0000000000..6646e8a177 --- /dev/null +++ b/share/pkgs/Debian/sudoers.opennebula @@ -0,0 +1,11 @@ +Defaults !requiretty +Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin + +Cmnd_Alias ONE_MISC = /bin/dd, /sbin/mkfs, /bin/sync +Cmnd_Alias ONE_NET = /sbin/brctl, /sbin/ebtables, /sbin/iptables, /sbin/ip, /sbin/vconfig +Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvrename, /sbin/lvs, /sbin/vgdisplay +Cmnd_Alias ONE_ISCSI = /usr/bin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm +Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl +Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm + +oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN diff --git a/share/pkgs/Ubuntu/sudoers.opennebula b/share/pkgs/Ubuntu/sudoers.opennebula new file mode 100644 index 0000000000..6646e8a177 --- /dev/null +++ b/share/pkgs/Ubuntu/sudoers.opennebula @@ -0,0 +1,11 @@ +Defaults !requiretty +Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin + +Cmnd_Alias ONE_MISC = /bin/dd, /sbin/mkfs, /bin/sync +Cmnd_Alias ONE_NET = /sbin/brctl, /sbin/ebtables, /sbin/iptables, /sbin/ip, /sbin/vconfig +Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvrename, /sbin/lvs, /sbin/vgdisplay +Cmnd_Alias ONE_ISCSI = /usr/bin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm +Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl +Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm + +oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN diff --git a/share/pkgs/openSUSE/sudoers.opennebula b/share/pkgs/openSUSE/sudoers.opennebula new file mode 100644 index 0000000000..61a4d20462 --- /dev/null +++ b/share/pkgs/openSUSE/sudoers.opennebula @@ -0,0 +1,11 @@ +Defaults !requiretty +Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin + +Cmnd_Alias ONE_MISC = /usr/bin/dd, /sbin/mkfs, /usr/bin/sync +Cmnd_Alias ONE_NET = /sbin/brctl, /usr/sbin/ebtables, /usr/sbin/iptables, /sbin/ip, /sbin/vconfig +Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvrename, /sbin/lvs, /sbin/vgdisplay +Cmnd_Alias ONE_ISCSI = /sbin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm +Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl +Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm + +oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN From 371094bbd519b3985d9b4e40633c95a9bb557a1d Mon Sep 17 00:00:00 2001 From: Jaime Melis Date: Thu, 15 Aug 2013 15:53:47 -0400 Subject: [PATCH 6/6] Bug #2257: rename sudoers files --- share/pkgs/CentOS/{sudoers.opennebula => opennebula.sudoers} | 0 share/pkgs/Debian/{sudoers.opennebula => opennebula.sudoers} | 0 share/pkgs/Ubuntu/{sudoers.opennebula => opennebula.sudoers} | 0 share/pkgs/openSUSE/{sudoers.opennebula => opennebula.sudoers} | 0 4 files changed, 0 insertions(+), 0 deletions(-) rename share/pkgs/CentOS/{sudoers.opennebula => opennebula.sudoers} (100%) rename share/pkgs/Debian/{sudoers.opennebula => opennebula.sudoers} (100%) rename share/pkgs/Ubuntu/{sudoers.opennebula => opennebula.sudoers} (100%) rename share/pkgs/openSUSE/{sudoers.opennebula => opennebula.sudoers} (100%) diff --git a/share/pkgs/CentOS/sudoers.opennebula b/share/pkgs/CentOS/opennebula.sudoers similarity index 100% rename from share/pkgs/CentOS/sudoers.opennebula rename to share/pkgs/CentOS/opennebula.sudoers diff --git a/share/pkgs/Debian/sudoers.opennebula b/share/pkgs/Debian/opennebula.sudoers similarity index 100% rename from share/pkgs/Debian/sudoers.opennebula rename to share/pkgs/Debian/opennebula.sudoers diff --git a/share/pkgs/Ubuntu/sudoers.opennebula b/share/pkgs/Ubuntu/opennebula.sudoers similarity index 100% rename from share/pkgs/Ubuntu/sudoers.opennebula rename to share/pkgs/Ubuntu/opennebula.sudoers diff --git a/share/pkgs/openSUSE/sudoers.opennebula b/share/pkgs/openSUSE/opennebula.sudoers similarity index 100% rename from share/pkgs/openSUSE/sudoers.opennebula rename to share/pkgs/openSUSE/opennebula.sudoers