diff --git a/src/acl/AclManager.cc b/src/acl/AclManager.cc index 61b9a0832f..d6a9338a8f 100644 --- a/src/acl/AclManager.cc +++ b/src/acl/AclManager.cc @@ -64,10 +64,20 @@ AclManager::AclManager(SqlDB * _db) : db(_db), lastOID(-1) if (lastOID == -1) { - // Add a default rule - // @1 VM+NET+IMAGE+TEMPLATE/* CREATE+INFO_POOL_MINE + // Add a default rules for the ACL engine string error_str; - add_rule(0x200000001LL, 0x2d400000000LL, 0x41LL, error_str); + + // Users in group USERS can create and look at standard resources + // @1 VM+NET+IMAGE+TEMPLATE/* CREATE+INFO_POOL_MINE + add_rule(0x0000000200000001LL, + 0x000002d400000000LL, + 0x0000000000000041LL, error_str); + + // Users in USERS can deploy VMs in any HOST + // @1 HOST/* USE + add_rule(0x0000000200000001LL, + 0x0000002400000000LL, + 0x0000000000000004LL, error_str); } } diff --git a/src/authm/AuthManager.cc b/src/authm/AuthManager.cc index 7880a5be53..86d286b61c 100644 --- a/src/authm/AuthManager.cc +++ b/src/authm/AuthManager.cc @@ -82,15 +82,20 @@ void AuthRequest::add_auth(Object ob, gid == GroupPool::ONEADMIN_ID || // User is the owner of the object, for certain operations - ( owner == uid && - ( op == DELETE || op == USE || op == MANAGE || - op == INFO || op == INSTANTIATE ) + ( owner == uid && + ( op == DELETE || op == USE || op == MANAGE || + op == INFO || op == INSTANTIATE ) ) || // Object is public and user is in its group, for certain operations - ( pub && ( gid == ob_gid ) && - (op == USE || op == INSTANTIATE || op == INFO ) && - (ob == NET || ob == IMAGE || ob == TEMPLATE) + ( pub && ( gid == ob_gid ) && + ( op == USE || op == INSTANTIATE || op == INFO ) && + ( ob == NET || ob == IMAGE || ob == TEMPLATE) + ) || + + // User can show and MANAGE (change passwd) their own information + ( uid == ob_id_int && ob == USER && + ( op == INFO || op == MANAGE ) ) ) { diff --git a/src/cli/etc/onegroup.yaml b/src/cli/etc/onegroup.yaml index b2b27d1026..96fc7a2e73 100644 --- a/src/cli/etc/onegroup.yaml +++ b/src/cli/etc/onegroup.yaml @@ -8,12 +8,7 @@ :size: 15 :left: true -:USER: - :desc: Username of the Group owner - :size: 8 - :left: true - :default: - :ID -- :USER - :NAME + diff --git a/src/cli/etc/oneimage.yaml b/src/cli/etc/oneimage.yaml index 520131c0ea..c632dd5669 100644 --- a/src/cli/etc/oneimage.yaml +++ b/src/cli/etc/oneimage.yaml @@ -5,7 +5,7 @@ :NAME: :desc: Name of the Image - :size: 12 + :size: 16 :left: true :USER: @@ -24,7 +24,7 @@ :REGTIME: :desc: Registration time of the Image - :size: 20 + :size: 16 :PUBLIC: :desc: Whether the Image is public or not diff --git a/src/cli/etc/onevnet.yaml b/src/cli/etc/onevnet.yaml index b35d75d920..4193798813 100644 --- a/src/cli/etc/onevnet.yaml +++ b/src/cli/etc/onevnet.yaml @@ -32,7 +32,7 @@ :PUBLIC: :desc: Whether the Virtual Network is public or not - :size: 1 + :size: 3 :LEASES: :desc: Number of this Virtual Networks given leases diff --git a/src/cli/one_helper.rb b/src/cli/one_helper.rb index 9920c2eba7..683d71f83f 100644 --- a/src/cli/one_helper.rb +++ b/src/cli/one_helper.rb @@ -331,11 +331,11 @@ EOT "OpenNebula #{poolname} name or id" end - def OpenNebulaHelper.public_to_str(str) + def OpenNebulaHelper.boolean_to_str(str) if str.to_i == 1 - public_str = "Y" + "Yes" else - public_str = "N" + "No" end end diff --git a/src/cli/one_helper/onegroup_helper.rb b/src/cli/one_helper/onegroup_helper.rb index 0710e8a920..867020c6d0 100644 --- a/src/cli/one_helper/onegroup_helper.rb +++ b/src/cli/one_helper/onegroup_helper.rb @@ -68,12 +68,7 @@ class OneGroupHelper < OpenNebulaHelper::OneHelper d["NAME"] end - column :USER, "Username of the Group owner", :left, - :size=>8 do |d| - helper.user_name(d, options) - end - - default :ID, :USER, :NAME + default :ID, :NAME end if top diff --git a/src/cli/one_helper/oneimage_helper.rb b/src/cli/one_helper/oneimage_helper.rb index a446078726..2c06a64a78 100644 --- a/src/cli/one_helper/oneimage_helper.rb +++ b/src/cli/one_helper/oneimage_helper.rb @@ -25,10 +25,6 @@ class OneImageHelper < OpenNebulaHelper::OneHelper "oneimage.yaml" end - def self.persistent_to_str(str) - str.to_i==1 ? "Yes" : "No" - end - def self.state_to_str(id) id = id.to_i state_str = Image::IMAGE_STATES[id] @@ -63,15 +59,18 @@ class OneImageHelper < OpenNebulaHelper::OneHelper CLIHelper.print_header(str_h1 % "IMAGE #{image['ID']} INFORMATION") puts str % ["ID", image.id.to_s] puts str % ["NAME", image.name] - puts str % ["TYPE", image.type_str] + puts str % ["USER", image['UNAME']] + puts str % ["GROUP", image['GNAME']] + puts str % ["TYPE", image.type_str] puts str % ["REGISTER TIME", OpenNebulaHelper.time_to_str(image['REGTIME'])] - puts str % ["PUBLIC", OpenNebulaHelper.public_to_str(image['PUBLIC'])] + puts str % ["PUBLIC", + OpenNebulaHelper.boolean_to_str(image['PUBLIC'])] puts str % ["PERSISTENT", - OneImageHelper.persistent_to_str(image["PERSISTENT"])] - puts str % ["SOURCE", image['SOURCE']] + OpenNebulaHelper.boolean_to_str(image["PERSISTENT"])] + puts str % ["SOURCE", image['SOURCE']] puts str % ["STATE", image.short_state_str] - puts str % ["RUNNING_VMS", image['RUNNING_VMS']] + puts str % ["RUNNING_VMS", image['RUNNING_VMS']] puts CLIHelper.print_header(str_h1 % "IMAGE TEMPLATE",false) @@ -110,12 +109,12 @@ class OneImageHelper < OpenNebulaHelper::OneHelper column :PUBLIC, "Whether the Image is public or not", :size=>3 do |d| - OpenNebulaHelper.public_to_str(d["PUBLIC"]) + OpenNebulaHelper.boolean_to_str(d["PUBLIC"]) end column :PERSISTENT, "Whether the Image is persistent or not", :size=>3 do |d| - OneImageHelper.persistent_to_str(d["PERSISTENT"]) + OpenNebulaHelper.boolean_to_str(d["PERSISTENT"]) end column :STAT, "State of the Image", :size=>4 do |d| diff --git a/src/cli/one_helper/onetemplate_helper.rb b/src/cli/one_helper/onetemplate_helper.rb index 05199685c7..c1f24ac553 100644 --- a/src/cli/one_helper/onetemplate_helper.rb +++ b/src/cli/one_helper/onetemplate_helper.rb @@ -48,10 +48,12 @@ class OneTemplateHelper < OpenNebulaHelper::OneHelper str_h1 % "TEMPLATE #{template['ID']} INFORMATION") puts str % ["ID", template.id.to_s] puts str % ["NAME", template.name] + puts str % ["USER", template['UNAME']] + puts str % ["GROUP", template['GNAME']] puts str % ["REGISTER TIME", OpenNebulaHelper.time_to_str(template['REGTIME'])] puts str % ["PUBLIC", - OpenNebulaHelper.public_to_str(template['PUBLIC'])] + OpenNebulaHelper.boolean_to_str(template['PUBLIC'])] puts CLIHelper.print_header(str_h1 % "TEMPLATE CONTENTS",false) @@ -85,7 +87,7 @@ class OneTemplateHelper < OpenNebulaHelper::OneHelper column :PUBLIC, "Whether the Template is public or not", :size=>3 do |d| - OpenNebulaHelper.public_to_str(d["PUBLIC"]) + OpenNebulaHelper.boolean_to_str(d["PUBLIC"]) end default :ID, :USER, :GROUP, :NAME, :REGTIME, :PUBLIC diff --git a/src/cli/one_helper/oneuser_helper.rb b/src/cli/one_helper/oneuser_helper.rb index 7550d667b0..24f2fd87e1 100644 --- a/src/cli/one_helper/oneuser_helper.rb +++ b/src/cli/one_helper/oneuser_helper.rb @@ -70,16 +70,10 @@ class OneUserHelper < OpenNebulaHelper::OneHelper CLIHelper.print_header(str_h1 % "USER #{user['ID']} INFORMATION") puts str % ["ID", user.id.to_s] puts str % ["NAME", user.name] - puts str % ["MAIN_GROUP", user.gid] + puts str % ["GROUP", user.gid] puts str % ["PASSWORD", user['PASSWORD']] - puts str % ["ENABLED", user['ENABLED']] - puts - - CLIHelper.print_header(str_h1 % "GROUPS", false) - CLIHelper.print_header("%-15s %-20s" % ["ID","NAME"]) - user.group_ids.each do |gid| - puts "%-15s %-20s" % [gid, self.gid_to_str(gid.to_s)] - end + puts str % ["ENABLED", + OpenNebulaHelper.boolean_to_str(user['ENABLED'])] end def format_pool(pool, options, top=false) diff --git a/src/cli/one_helper/onevm_helper.rb b/src/cli/one_helper/onevm_helper.rb index 7215a7a547..ed05c6cdcc 100644 --- a/src/cli/one_helper/onevm_helper.rb +++ b/src/cli/one_helper/onevm_helper.rb @@ -70,6 +70,8 @@ class OneVMHelper < OpenNebulaHelper::OneHelper str_h1 % "VIRTUAL MACHINE #{vm['ID']} INFORMATION") puts str % ["ID", vm.id.to_s] puts str % ["NAME", vm.name] + puts str % ["USER", vm['UNAME']] + puts str % ["GROUP", vm['GNAME']] puts str % ["STATE", vm.state_str] puts str % ["LCM_STATE", vm.lcm_state_str] puts str % ["HOSTNAME", @@ -78,7 +80,8 @@ class OneVMHelper < OpenNebulaHelper::OneHelper puts str % ["START TIME", OpenNebulaHelper.time_to_str(vm['STIME'])] puts str % ["END TIME", OpenNebulaHelper.time_to_str(vm['ETIME'])] value=vm['DEPLOY_ID'] - puts str % ["DEPLOY ID:", value=="" ? "-" : value] + puts str % ["DEPLOY ID", value=="" ? "-" : value] + puts CLIHelper.print_header(str_h1 % "VIRTUAL MACHINE MONITORING",false) @@ -208,7 +211,7 @@ class OneVMHelper < OpenNebulaHelper::OneHelper vm_hash=vm.to_hash - history=vm_hash['VM']['HISTORY_RECORDS']['HISTORY'] + history=[vm_hash['VM']['HISTORY_RECORDS']['HISTORY']].flatten table.show(history) end diff --git a/src/cli/one_helper/onevnet_helper.rb b/src/cli/one_helper/onevnet_helper.rb index 1afa5f1dfa..3d46a45aad 100644 --- a/src/cli/one_helper/onevnet_helper.rb +++ b/src/cli/one_helper/onevnet_helper.rb @@ -52,9 +52,11 @@ class OneVNetHelper < OpenNebulaHelper::OneHelper ["VIRTUAL NETWORK #{vn.id.to_s} INFORMATION"]) str="%-10s: %-20s" - puts str % ["ID: ", vn.id.to_s] - puts str % ["UID: ", vn["UID"]] - puts str % ["PUBLIC", OpenNebulaHelper.public_to_str(vn['PUBLIC'])] + puts str % ["ID", vn.id.to_s] + puts str % ["USER", vn['UNAME']] + puts str % ["GROUP", vn['GNAME']] + puts str % ["PUBLIC", OpenNebulaHelper.boolean_to_str(vn['PUBLIC'])] + puts CLIHelper.print_header(str_h1 % ["VIRTUAL NETWORK TEMPLATE"], false) @@ -106,7 +108,7 @@ class OneVNetHelper < OpenNebulaHelper::OneHelper column :PUBLIC, "Whether the Virtual Network is public or not", :size=>1 do |d| - OpenNebulaHelper.public_to_str(d['PUBLIC']) + OpenNebulaHelper.boolean_to_str(d['PUBLIC']) end column :LEASES, "Number of this Virtual Network's given leases", diff --git a/src/cli/oneuser b/src/cli/oneuser index 6fba896458..ffb4346786 100755 --- a/src/cli/oneuser +++ b/src/cli/oneuser @@ -137,8 +137,10 @@ cmd=CommandParser::CmdParser.new(ARGV) do Shows information for the given User EOT - command :show, show_desc, :userid, :options=>OpenNebulaHelper::XML do - helper.show_resource(args[0],options) + command :show, show_desc, [:userid, nil], + :options=>OpenNebulaHelper::XML do + user=args[0] || OpenNebula::User::SELF + helper.show_resource(user,options) end end diff --git a/src/cli/onevm b/src/cli/onevm index 7321fe3059..57e8ce3b51 100755 --- a/src/cli/onevm +++ b/src/cli/onevm @@ -314,7 +314,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do command :chown, chown_desc, [:range, :vmid_list], :userid, [:groupid,nil] do - gid = args[2].nil? ? -1 : args[2].to_id + gid = args[2].nil? ? -1 : args[2].to_i helper.perform_actions(args[0],options,"Owner/Group changed") do |vm| vm.chown(args[1].to_i, gid) end diff --git a/src/cli/onevnet b/src/cli/onevnet index f876579190..5376291da9 100755 --- a/src/cli/onevnet +++ b/src/cli/onevnet @@ -148,7 +148,7 @@ cmd=CommandParser::CmdParser.new(ARGV) do command :chown, chown_desc, [:range, :vnid_list], :userid, [:groupid,nil] do - gid = args[2].nil? ? -1 : args[2].to_id + gid = args[2].nil? ? -1 : args[2].to_i helper.perform_actions(args[0],options,"Owner/Group changed") do |vn| vn.chown(args[1].to_i, gid) end diff --git a/src/cloud/ec2/bin/econe-describe-instances b/src/cloud/ec2/bin/econe-describe-instances index 2508060976..7fa9bacc3e 100755 --- a/src/cloud/ec2/bin/econe-describe-instances +++ b/src/cloud/ec2/bin/econe-describe-instances @@ -33,7 +33,7 @@ List and describe running instances Usage: econe-describe-instances [OPTIONS] - + Options: --help, -h @@ -95,7 +95,7 @@ begin end rescue Exception => e exit -1 -end +end auth = "#{access}:#{secret}" if secret && access @@ -116,11 +116,11 @@ end instances = rc['reservationSet']['item'][0]['instancesSet']['item'] owner = rc['reservationSet']['item'][0]['ownerId'] -fmt = "%-12s %-13s %-13s %-13s %-15s %-10s" +fmt = "%-10s %-11s %-13s %-11s %-15s %-10s" if headers puts fmt % ["Owner", "Id", "ImageId", "State", "IP", "Type"] - puts "------------------------------------------------------------------------------------------------------------" + puts "-----------------------------------------------------------------------------------" end if instances diff --git a/src/cloud/ec2/bin/econe-server b/src/cloud/ec2/bin/econe-server index 106c51aa50..008d236916 100755 --- a/src/cloud/ec2/bin/econe-server +++ b/src/cloud/ec2/bin/econe-server @@ -1,4 +1,4 @@ -#! /bin/sh +#! /bin/sh # -------------------------------------------------------------------------- # # Copyright 2002-2011, OpenNebula Project Leads (OpenNebula.org) # @@ -16,11 +16,11 @@ # limitations under the License. # #--------------------------------------------------------------------------- # -if [ -z "$ONE_LOCATION" ]; then +if [ -z "$ONE_LOCATION" ]; then ECONE_PID=/var/run/one/econe-server.pid ECONE_SERVER=/usr/lib/one/ruby/cloud/econe/econe-server.rb ECONE_LOCK_FILE=/var/lock/one/.econe.lock - ECONE_LOG=/var/log/one/econe-server.log + ECONE_LOG=/var/log/one/econe-server.log ECONE_ETC=/etc/one/econe.conf else ECONE_PID=$ONE_LOCATION/var/econe-server.pid @@ -28,21 +28,21 @@ else ECONE_LOCK_FILE=$ONE_LOCATION/var/.econe.lock ECONE_LOG=$ONE_LOCATION/var/econe-server.log ECONE_ETC=$ONE_LOCATION/etc/econe.conf -fi +fi setup() { eval `grep ^IMAGE_DIR= $ECONE_ETC` export TMPDIR=$IMAGE_DIR/tmp mkdir -p $TMPDIR - + if [ -f $ECONE_LOCK_FILE ]; then if [ -f $ECONE_PID ]; then ONEPID=`cat $ECONE_PID` ps $ECONE_PID > /dev/null 2>&1 if [ $? -eq 0 ]; then echo "econe-server is still running (PID:$ECONE_PID). Please try 'occi-server stop' first." - exit 1 + exit 1 fi fi echo "Stale .lock detected. Erasing it." @@ -54,30 +54,32 @@ start() { if [ ! -f "$ECONE_SERVER" ]; then echo "Can not find $ECONE_SERVER." - exit 1 + exit 1 fi - + # Start the econe-server daemon - ruby $ECONE_SERVER > $ECONE_LOG 2>&1 & - + ruby $ECONE_SERVER > $ECONE_LOG 2>&1 & + LASTRC=$? LASTPID=$! if [ $LASTRC -ne 0 ]; then - echo "Error executing $ECONE_SERVER" - exit 1 + echo "Error executing econe-server." + echo "Check $ECONE_LOG for more information" + exit 1 else echo $LASTPID > $ECONE_PID fi - - sleep 1 + + sleep 2 ps $LASTPID > /dev/null 2>&1 - + if [ $? -ne 0 ]; then - echo "Error executing $ECONE_SERVER." + echo "Error executing econe-server." + echo "Check $ECONE_LOG for more information" exit 1 fi - + echo "econe-server started" } diff --git a/src/cloud/ec2/etc/templates/m1.small.erb b/src/cloud/ec2/etc/templates/m1.small.erb index b2f47f269a..57fbb2cfc2 100644 --- a/src/cloud/ec2/etc/templates/m1.small.erb +++ b/src/cloud/ec2/etc/templates/m1.small.erb @@ -5,7 +5,7 @@ NAME = eco-vm CPU = 0.2 MEMORY = 256 -#Put here specific OS configurations for the cloud hypervisors +# Put here specific OS configurations for the cloud hypervisors #OS = [ kernel = /vmlinuz, # initrd = /initrd.img, # root = sda1, @@ -13,7 +13,8 @@ MEMORY = 256 DISK = [ IMAGE_ID = <%= erb_vm_info[:img_id] %> ] -NIC=[NETWORK="Public EC2"] +# Put here the ID of the VNET with the IPs for the EC2 VMs +NIC=[NETWORK_ID=] IMAGE_ID = <%= erb_vm_info[:ec2_img_id] %> INSTANCE_TYPE = <%= erb_vm_info[:instance_type ]%> diff --git a/src/cloud/ec2/lib/EC2QueryClient.rb b/src/cloud/ec2/lib/EC2QueryClient.rb index 0cbc7fdb54..f39e525741 100644 --- a/src/cloud/ec2/lib/EC2QueryClient.rb +++ b/src/cloud/ec2/lib/EC2QueryClient.rb @@ -48,7 +48,8 @@ module EC2QueryClient elsif ENV["EC2_ACCESS_KEY"] and ENV["EC2_SECRET_KEY"] ec2auth = [ENV["EC2_ACCESS_KEY"], ENV["EC2_SECRET_KEY"]] else - ec2auth=CloudClient::get_one_auth + ec2auth = CloudClient::get_one_auth + ec2auth[1] = Digest::SHA1.hexdigest(ec2auth[1]) end if !ec2auth @@ -56,7 +57,7 @@ module EC2QueryClient end @access_key_id = ec2auth[0] - @access_key_secret = Digest::SHA1.hexdigest(ec2auth[1]) + @access_key_secret = ec2auth[1] # Server location diff --git a/src/oca/ruby/OpenNebula/User.rb b/src/oca/ruby/OpenNebula/User.rb index f87cdf4597..a2425f7bcc 100644 --- a/src/oca/ruby/OpenNebula/User.rb +++ b/src/oca/ruby/OpenNebula/User.rb @@ -31,6 +31,8 @@ module OpenNebula :delgroup => "user.delgroup" } + SELF = -1 + # Creates a User description with just its identifier # this method should be used to create plain User objects. # +id+ the id of the user @@ -60,7 +62,7 @@ module OpenNebula # --------------------------------------------------------------------- # XML-RPC Methods for the User Object # --------------------------------------------------------------------- - + # Retrieves the information of the given User. def info() super(USER_METHODS[:info], 'USER') diff --git a/src/oca/ruby/OpenNebula/XMLUtils.rb b/src/oca/ruby/OpenNebula/XMLUtils.rb index fbdee3b79e..912c2e4561 100644 --- a/src/oca/ruby/OpenNebula/XMLUtils.rb +++ b/src/oca/ruby/OpenNebula/XMLUtils.rb @@ -214,14 +214,15 @@ module OpenNebula str_line << n.collect {|n2| if n2 && n2.class==REXML::Element - str = ind_tab + n2.name + "=" - str += n2.text if n2.text + str = "" + str << ind_tab << n2.name << '=' + str << attr_to_str(n2.text) if n2.text str end - }.compact.join(","+ind_enter) + }.compact.join(','+ind_enter) str_line<<" ]" else - str_line<get(oid,true); if ( object == 0 ) diff --git a/src/rm/RequestManagerVMTemplate.cc b/src/rm/RequestManagerVMTemplate.cc index bf87b51847..ec409a06f0 100644 --- a/src/rm/RequestManagerVMTemplate.cc +++ b/src/rm/RequestManagerVMTemplate.cc @@ -27,6 +27,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList string name = xmlrpc_c::value_string(paramList.getString(2)); int rc, ouid, ogid, vid; + bool pub; Nebula& nd = Nebula::instance(); VirtualMachinePool* vmpool = nd.get_vmpool(); @@ -51,6 +52,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList tmpl = rtmpl->clone_template(); ouid = rtmpl->get_uid(); ogid = rtmpl->get_gid(); + pub = rtmpl->isPublic(); rtmpl->unlock(); @@ -61,7 +63,7 @@ void VMTemplateInstantiate::request_execute(xmlrpc_c::paramList const& paramList { AuthRequest ar(att.uid, att.gid); - ar.add_auth(auth_object, id, ogid, auth_op, ouid, false); + ar.add_auth(auth_object, id, ogid, auth_op, ouid, pub); VirtualMachine::set_auth_request(att.uid, ar, tmpl);