From cf0d1465dfc45f50c7c92d49c98410951f8a8f12 Mon Sep 17 00:00:00 2001 From: Vlastimil Holer Date: Mon, 30 Sep 2019 15:15:42 +0200 Subject: [PATCH] B #3046: Review sudoers (#3786) --- share/pkgs/CentOS/opennebula.sudoers | 14 -- share/pkgs/Debian7/opennebula.sudoers | 14 -- share/pkgs/Debian8-systemd | 1 - share/pkgs/Debian8/opennebula | 128 ------------------ share/pkgs/Debian8/opennebula-econe | 106 --------------- share/pkgs/Debian8/opennebula-flow | 94 ------------- share/pkgs/Debian8/opennebula-gate | 94 ------------- share/pkgs/Debian8/opennebula-novnc | 105 -------------- share/pkgs/Debian8/opennebula-sunstone | 108 --------------- share/pkgs/Ubuntu-systemd | 1 - share/pkgs/Ubuntu/opennebula.sudoers | 14 -- share/pkgs/openSUSE/opennebula.sudoers | 13 -- share/pkgs/openSUSE/systemd/econe.service | 20 --- share/pkgs/openSUSE/systemd/one.service | 30 ---- .../openSUSE/systemd/one_scheduler.service | 20 --- share/pkgs/openSUSE/systemd/onedsetup | 109 --------------- share/pkgs/openSUSE/systemd/oneflow.service | 20 --- share/pkgs/openSUSE/systemd/onegate.service | 20 --- share/pkgs/openSUSE/systemd/onetmpdirs | 2 - share/pkgs/openSUSE/systemd/sunstone.service | 21 --- share/pkgs/services/legacy/README.txt | 1 + .../legacy/centos6}/opennebula | 0 .../legacy/centos6}/opennebula-econe | 0 .../legacy/centos6}/opennebula-flow | 0 .../legacy/centos6}/opennebula-gate | 0 .../legacy/centos6}/opennebula-novnc | 0 .../legacy/centos6}/opennebula-sunstone | 0 .../legacy/debian}/opennebula | 0 .../legacy/debian}/opennebula-econe | 0 .../legacy/debian}/opennebula-flow | 0 .../legacy/debian}/opennebula-gate | 0 .../legacy/debian}/opennebula-novnc | 0 .../legacy/debian}/opennebula-sunstone | 0 .../legacy/ubuntu}/opennebula | 0 .../legacy/ubuntu}/opennebula-econe | 0 .../legacy/ubuntu}/opennebula-flow | 0 .../legacy/ubuntu}/opennebula-gate | 0 .../legacy/ubuntu}/opennebula-novnc | 0 .../legacy/ubuntu}/opennebula-sunstone | 0 .../systemd}/opennebula-econe.service | 0 .../systemd}/opennebula-flow.service | 0 .../systemd}/opennebula-gate.service | 0 .../systemd}/opennebula-hem.service | 0 .../systemd}/opennebula-novnc.service | 0 .../systemd}/opennebula-scheduler.service | 0 .../systemd}/opennebula-sunstone.service | 0 .../systemd}/opennebula.service | 0 share/pkgs/sudoers/centos/opennebula | 13 ++ .../debian/opennebula} | 16 +-- share/pkgs/sudoers/opennebula-node | 1 + share/pkgs/sudoers/opennebula-node-lxd | 1 + share/pkgs/sudoers/opennebula-server | 1 + .../opennebula-node.conf | 0 .../{CentOS7 => tmpfiles}/opennebula.conf | 0 share/sudoers/sudo_commands.rb | 80 +++-------- share/sudoers/sudoers.rb | 87 ++++++++++++ src/tm_mad/fs_lvm/clone | 2 +- src/tm_mad/fs_lvm/delete | 2 +- src/tm_mad/fs_lvm/mkimage | 2 +- src/tm_mad/fs_lvm/mv | 8 +- src/tm_mad/fs_lvm/postmigrate | 2 +- src/tm_mad/fs_lvm/premigrate | 2 +- src/tm_mad/fs_lvm/resize | 2 +- src/vmm_mad/remotes/lib/lxd/opennebula-lxd | 22 --- 64 files changed, 140 insertions(+), 1036 deletions(-) delete mode 100644 share/pkgs/CentOS/opennebula.sudoers delete mode 100644 share/pkgs/Debian7/opennebula.sudoers delete mode 120000 share/pkgs/Debian8-systemd delete mode 100755 share/pkgs/Debian8/opennebula delete mode 100755 share/pkgs/Debian8/opennebula-econe delete mode 100755 share/pkgs/Debian8/opennebula-flow delete mode 100755 share/pkgs/Debian8/opennebula-gate delete mode 100755 share/pkgs/Debian8/opennebula-novnc delete mode 100755 share/pkgs/Debian8/opennebula-sunstone delete mode 120000 share/pkgs/Ubuntu-systemd delete mode 100644 share/pkgs/Ubuntu/opennebula.sudoers delete mode 100644 share/pkgs/openSUSE/opennebula.sudoers delete mode 100644 share/pkgs/openSUSE/systemd/econe.service delete mode 100644 share/pkgs/openSUSE/systemd/one.service delete mode 100644 share/pkgs/openSUSE/systemd/one_scheduler.service delete mode 100644 share/pkgs/openSUSE/systemd/onedsetup delete mode 100644 share/pkgs/openSUSE/systemd/oneflow.service delete mode 100644 share/pkgs/openSUSE/systemd/onegate.service delete mode 100644 share/pkgs/openSUSE/systemd/onetmpdirs delete mode 100644 share/pkgs/openSUSE/systemd/sunstone.service create mode 100644 share/pkgs/services/legacy/README.txt rename share/pkgs/{CentOS => services/legacy/centos6}/opennebula (100%) rename share/pkgs/{CentOS => services/legacy/centos6}/opennebula-econe (100%) rename share/pkgs/{CentOS => services/legacy/centos6}/opennebula-flow (100%) rename share/pkgs/{CentOS => services/legacy/centos6}/opennebula-gate (100%) rename share/pkgs/{CentOS => services/legacy/centos6}/opennebula-novnc (100%) rename share/pkgs/{CentOS => services/legacy/centos6}/opennebula-sunstone (100%) rename share/pkgs/{Debian7 => services/legacy/debian}/opennebula (100%) rename share/pkgs/{Debian7 => services/legacy/debian}/opennebula-econe (100%) rename share/pkgs/{Debian7 => services/legacy/debian}/opennebula-flow (100%) rename share/pkgs/{Debian7 => services/legacy/debian}/opennebula-gate (100%) rename share/pkgs/{Debian7 => services/legacy/debian}/opennebula-novnc (100%) rename share/pkgs/{Debian7 => services/legacy/debian}/opennebula-sunstone (100%) rename share/pkgs/{Ubuntu => services/legacy/ubuntu}/opennebula (100%) rename share/pkgs/{Ubuntu => services/legacy/ubuntu}/opennebula-econe (100%) rename share/pkgs/{Ubuntu => services/legacy/ubuntu}/opennebula-flow (100%) rename share/pkgs/{Ubuntu => services/legacy/ubuntu}/opennebula-gate (100%) rename share/pkgs/{Ubuntu => services/legacy/ubuntu}/opennebula-novnc (100%) mode change 100644 => 100755 rename share/pkgs/{Ubuntu => services/legacy/ubuntu}/opennebula-sunstone (100%) rename share/pkgs/{CentOS7 => services/systemd}/opennebula-econe.service (100%) rename share/pkgs/{CentOS7 => services/systemd}/opennebula-flow.service (100%) rename share/pkgs/{CentOS7 => services/systemd}/opennebula-gate.service (100%) rename share/pkgs/{CentOS7 => services/systemd}/opennebula-hem.service (100%) rename share/pkgs/{CentOS7 => services/systemd}/opennebula-novnc.service (100%) rename share/pkgs/{CentOS7 => services/systemd}/opennebula-scheduler.service (100%) rename share/pkgs/{CentOS7 => services/systemd}/opennebula-sunstone.service (100%) rename share/pkgs/{CentOS7 => services/systemd}/opennebula.service (100%) create mode 100644 share/pkgs/sudoers/centos/opennebula rename share/pkgs/{Debian8/opennebula.sudoers => sudoers/debian/opennebula} (58%) create mode 100644 share/pkgs/sudoers/opennebula-node create mode 100644 share/pkgs/sudoers/opennebula-node-lxd create mode 100644 share/pkgs/sudoers/opennebula-server rename share/pkgs/{CentOS7 => tmpfiles}/opennebula-node.conf (100%) rename share/pkgs/{CentOS7 => tmpfiles}/opennebula.conf (100%) create mode 100644 share/sudoers/sudoers.rb delete mode 100644 src/vmm_mad/remotes/lib/lxd/opennebula-lxd diff --git a/share/pkgs/CentOS/opennebula.sudoers b/share/pkgs/CentOS/opennebula.sudoers deleted file mode 100644 index 384788064d..0000000000 --- a/share/pkgs/CentOS/opennebula.sudoers +++ /dev/null @@ -1,14 +0,0 @@ -Defaults:oneadmin !requiretty -Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin - -Cmnd_Alias ONE_MISC = /sbin/mkfs, /bin/sync, /sbin/mkswap -Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip6tables, /sbin/ip, /usr/sbin/ipset, /usr/sbin/arping -Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvs, /sbin/vgdisplay, /sbin/lvchange, /sbin/lvscan, /sbin/lvextend -Cmnd_Alias ONE_ISCSI = /sbin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm -Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl -Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm -Cmnd_Alias ONE_CEPH = /usr/bin/rbd -Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh -Cmnd_Alias ONE_HA = /usr/bin/systemctl start opennebula-flow, /usr/bin/systemctl stop opennebula-flow, /usr/bin/systemctl start opennebula-gate, /usr/bin/systemctl stop opennebula-gate, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop - -oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN, ONE_CEPH, ONE_MARKET, ONE_HA diff --git a/share/pkgs/Debian7/opennebula.sudoers b/share/pkgs/Debian7/opennebula.sudoers deleted file mode 100644 index 2009e5b942..0000000000 --- a/share/pkgs/Debian7/opennebula.sudoers +++ /dev/null @@ -1,14 +0,0 @@ -Defaults:oneadmin !requiretty -Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin - -Cmnd_Alias ONE_MISC = /sbin/mkfs, /bin/sync, /sbin/mkswap -Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip, /usr/sbin/ipset, /usr/bin/arping -Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvs, /sbin/vgdisplay, /sbin/lvchange, /sbin/lvscan, /sbin/lvextend -Cmnd_Alias ONE_ISCSI = /usr/bin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm -Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl -Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm -Cmnd_Alias ONE_CEPH = /usr/bin/rbd -Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh -Cmnd_Alias ONE_HA = /bin/systemctl start opennebula-flow, /bin/systemctl stop opennebula-flow, /bin/systemctl start opennebula-gate, /bin/systemctl stop opennebula-gate, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop - -oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN, ONE_CEPH, ONE_MARKET, ONE_HA diff --git a/share/pkgs/Debian8-systemd b/share/pkgs/Debian8-systemd deleted file mode 120000 index e094175afa..0000000000 --- a/share/pkgs/Debian8-systemd +++ /dev/null @@ -1 +0,0 @@ -CentOS7 \ No newline at end of file diff --git a/share/pkgs/Debian8/opennebula b/share/pkgs/Debian8/opennebula deleted file mode 100755 index 4f37595238..0000000000 --- a/share/pkgs/Debian8/opennebula +++ /dev/null @@ -1,128 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: opennebula -# Required-Start: $remote_fs $syslog -# Required-Stop: $remote_fs $syslog -# Should-Start: mysql -# Should-Stop: mysql -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: OpenNebula init script -# Description: OpenNebula cloud initialisation script -### END INIT INFO - -# Author: Soren Hansen - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="OpenNebula cloud" -NAME=one -DAEMON=/usr/bin/$NAME -DAEMON_ARGS="" -PIDFILE=/var/run/$NAME.pid -SCRIPTNAME=/etc/init.d/$NAME - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - mkdir -p /var/run/one /var/lock/one - chown oneadmin /var/run/one /var/lock/one - su oneadmin -s /bin/sh -c 'one start' -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - su oneadmin -s /bin/sh -c 'one stop' -} - -do_start_sched() -{ - su oneadmin -s /bin/sh -c 'one start-sched' -} - -do_stop_sched() -{ - su oneadmin -s /bin/sh -c 'one stop-sched' -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - status_of_proc "oned" "$NAME" && exit 0 || exit $? - ;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - restart-sched) - log_daemon_msg "Restarting scheduler" - do_stop_sched - case "$?" in - 0|1) - do_start_sched - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload|status}" >&2 - exit 3 - ;; -esac - -: diff --git a/share/pkgs/Debian8/opennebula-econe b/share/pkgs/Debian8/opennebula-econe deleted file mode 100755 index 31003b2b0d..0000000000 --- a/share/pkgs/Debian8/opennebula-econe +++ /dev/null @@ -1,106 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: opennebula-econe -# Required-Start: $remote_fs -# Required-Stop: $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: ECONE Server init script -# Description: OpenNebula ECONE service initialisation script -### END INIT INFO - -# Author: Tino Vázquez - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="ECONE Service" -NAME=econe-server -DAEMON=/usr/bin/$NAME -DAEMON_ARGS="" -SCRIPTNAME=/etc/init.d/$NAME -PID_FILE=/var/run/one/econe-server.pid - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - mkdir -p /var/run/one /var/lock/one /var/log/one - chown oneadmin /var/run/one /var/lock/one /var/log/one - su oneadmin -s /bin/sh -c "$DAEMON start" -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - su oneadmin -s /bin/sh -c "$DAEMON stop" -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - ECONE_PID=`cat $PID_FILE` - kill -0 $ECONE_PID > /dev/null 2>&1 - if [ "$?" -eq "0" ]; then - log_daemon_msg "$NAME is running" - log_end_msg 0 - else - log_daemon_msg "$NAME is not running" - log_end_msg 1 - fi - ;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/share/pkgs/Debian8/opennebula-flow b/share/pkgs/Debian8/opennebula-flow deleted file mode 100755 index 6467dd9476..0000000000 --- a/share/pkgs/Debian8/opennebula-flow +++ /dev/null @@ -1,94 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: opennebula-flow -# Required-Start: $remote_fs -# Required-Stop: $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: OneFlow init script -# Description: OpenNebula OneFlow service initialisation script -### END INIT INFO - -# Author: Tino Vázquez - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="OneFlow Service" -NAME=oneflow-server -DAEMON=/usr/bin/$NAME -DAEMON_ARGS="" -SCRIPTNAME=/etc/init.d/$NAME - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - mkdir -p /var/run/one /var/lock/one /var/log/one - chown oneadmin /var/run/one /var/lock/one /var/log/one - su oneadmin -s /bin/sh -c "$DAEMON start" -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - su oneadmin -s /bin/sh -c "$DAEMON stop" -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/share/pkgs/Debian8/opennebula-gate b/share/pkgs/Debian8/opennebula-gate deleted file mode 100755 index 613f2614ef..0000000000 --- a/share/pkgs/Debian8/opennebula-gate +++ /dev/null @@ -1,94 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: opennebula-gate -# Required-Start: $remote_fs -# Required-Stop: $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: OneGate init script -# Description: OpenNebula OneGate service initialisation script -### END INIT INFO - -# Author: Tino Vázquez - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="OneGate Service" -NAME=onegate-server -DAEMON=/usr/bin/$NAME -DAEMON_ARGS="" -SCRIPTNAME=/etc/init.d/$NAME - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - mkdir -p /var/run/one /var/lock/one /var/log/one - chown oneadmin /var/run/one /var/lock/one /var/log/one - su oneadmin -s /bin/sh -c "$DAEMON start" -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - su oneadmin -s /bin/sh -c "$DAEMON stop" -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/share/pkgs/Debian8/opennebula-novnc b/share/pkgs/Debian8/opennebula-novnc deleted file mode 100755 index f583a5fe1c..0000000000 --- a/share/pkgs/Debian8/opennebula-novnc +++ /dev/null @@ -1,105 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: opennebula-novnc -# Required-Start: $remote_fs -# Required-Stop: $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: novnc init script -# Description: OpenNebula novnc server -### END INIT INFO - -# Author: Arnold Bechtoldt - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="OpenNebula novnc server" -NAME=novnc-server -DAEMON=/usr/bin/$NAME -DAEMON_ARGS="" -SCRIPTNAME=/etc/init.d/opennebula-novnc - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - mkdir -p /var/lock/one /var/log/one - chown oneadmin /var/lock/one /var/log/one - su oneadmin -s /bin/sh -c "$DAEMON start" -} - -# -# Function that retrives the status of the daemon/service -# -do_status() -{ - su oneadmin -s /bin/sh -c "$DAEMON status" -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - su oneadmin -s /bin/sh -c "$DAEMON stop" -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - do_status && exit 0 || exit $? - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/share/pkgs/Debian8/opennebula-sunstone b/share/pkgs/Debian8/opennebula-sunstone deleted file mode 100755 index 34e9e1fbfb..0000000000 --- a/share/pkgs/Debian8/opennebula-sunstone +++ /dev/null @@ -1,108 +0,0 @@ -#! /bin/sh -### BEGIN INIT INFO -# Provides: opennebula-sunstone -# Required-Start: $remote_fs -# Required-Stop: $remote_fs -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: Sunstone init script -# Description: OpenNebula Sunstone web interface cloud initialisation script -### END INIT INFO - -# Author: Jaime Melis - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -DESC="Sunstone Web interface" -NAME=sunstone-server -DAEMON=/usr/bin/$NAME -DAEMON_ARGS="" -SCRIPTNAME=/etc/init.d/opennebula-sunstone -PID_FILE=/var/run/one/sunstone.pid - -# Exit if the package is not installed -[ -x "$DAEMON" ] || exit 0 - -# Load the VERBOSE setting and other rcS variables -. /lib/init/vars.sh - -# Define LSB log_* functions. -# Depend on lsb-base (>= 3.0-6) to ensure that this file is present. -. /lib/lsb/init-functions - -# -# Function that starts the daemon/service -# -do_start() -{ - service opennebula-novnc start - mkdir -p /var/run/one /var/lock/one /var/log/one - chown oneadmin /var/run/one /var/lock/one /var/log/one - su oneadmin -s /bin/sh -c "$DAEMON start-sunstone" -} - -# -# Function that stops the daemon/service -# -do_stop() -{ - su oneadmin -s /bin/sh -c "$DAEMON stop-sunstone" - service opennebula-novnc stop -} - -case "$1" in - start) - [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME" - do_start - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - stop) - [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME" - do_stop - case "$?" in - 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;; - 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;; - esac - ;; - status) - SUNSTONE_PID=`cat $PID_FILE` - kill -0 $SUNSTONE_PID > /dev/null 2>&1 - if [ "$?" -eq "0" ]; then - log_daemon_msg "$NAME is running" - log_end_msg 0 - else - log_daemon_msg "$NAME is not running" - log_end_msg 1 - fi - ;; - restart|force-reload) - # - # If the "reload" option is implemented then remove the - # 'force-reload' alias - # - log_daemon_msg "Restarting $DESC" "$NAME" - do_stop - case "$?" in - 0|1) - do_start - case "$?" in - 0) log_end_msg 0 ;; - 1) log_end_msg 1 ;; # Old process is still running - *) log_end_msg 1 ;; # Failed to start - esac - ;; - *) - # Failed to stop - log_end_msg 1 - ;; - esac - ;; - *) - echo "Usage: $SCRIPTNAME {start|stop|status|restart|force-reload}" >&2 - exit 3 - ;; -esac - -: diff --git a/share/pkgs/Ubuntu-systemd b/share/pkgs/Ubuntu-systemd deleted file mode 120000 index e094175afa..0000000000 --- a/share/pkgs/Ubuntu-systemd +++ /dev/null @@ -1 +0,0 @@ -CentOS7 \ No newline at end of file diff --git a/share/pkgs/Ubuntu/opennebula.sudoers b/share/pkgs/Ubuntu/opennebula.sudoers deleted file mode 100644 index c41e3633a5..0000000000 --- a/share/pkgs/Ubuntu/opennebula.sudoers +++ /dev/null @@ -1,14 +0,0 @@ -Defaults:oneadmin !requiretty -Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin - -Cmnd_Alias ONE_MISC = /sbin/mkfs, /bin/sync, /sbin/mkswap -Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip6tables, /sbin/ip, /sbin/ipset, /usr/bin/arping -Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvs, /sbin/vgdisplay, /sbin/lvchange, /sbin/lvscan, /sbin/lvextend -Cmnd_Alias ONE_ISCSI = /usr/bin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm -Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl -Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm -Cmnd_Alias ONE_CEPH = /usr/bin/rbd -Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh -Cmnd_Alias ONE_HA = /bin/systemctl start opennebula-flow, /bin/systemctl stop opennebula-flow, /bin/systemctl start opennebula-gate, /bin/systemctl stop opennebula-gate, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop - -oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN, ONE_CEPH, ONE_MARKET, ONE_HA diff --git a/share/pkgs/openSUSE/opennebula.sudoers b/share/pkgs/openSUSE/opennebula.sudoers deleted file mode 100644 index e3e2865edd..0000000000 --- a/share/pkgs/openSUSE/opennebula.sudoers +++ /dev/null @@ -1,13 +0,0 @@ -Defaults:oneadmin !requiretty -Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin - -Cmnd_Alias ONE_MISC = /sbin/mkfs, /usr/bin/sync -Cmnd_Alias ONE_NET = /usr/sbin/ebtables, /usr/sbin/iptables, /usr/sbin/ip6tables, /sbin/ip, /usr/sbin/arping -Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvs, /sbin/vgdisplay, /sbin/lvchange, /sbin/lvscan, /sbin/lvextend -Cmnd_Alias ONE_ISCSI = /sbin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm -Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl -Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm -Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh -Cmnd_Alias ONE_HA = /usr/bin/systemctl start opennebula-flow, /usr/bin/systemctl stop opennebula-flow, /usr/bin/systemctl start opennebula-gate, /usr/bin/systemctl stop opennebula-gate, /sbin/service opennebula-flow start, /sbin/service opennebula-flow stop, /sbin/service opennebula-gate start, /sbin/service opennebula-gate stop - -oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN, ONE_MARKET, ONE_HA diff --git a/share/pkgs/openSUSE/systemd/econe.service b/share/pkgs/openSUSE/systemd/econe.service deleted file mode 100644 index cd739bca66..0000000000 --- a/share/pkgs/openSUSE/systemd/econe.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=OpenNebula EC2 Interface Service -After=syslog.target -After=network.target -After=one.service -After=one_scheduler.service -BindTo=one.service -!ConditionFileExists=/var/lock/one/.econe.lock - -[Service] -ExecStart=/bin/bash -c "/usr/bin/econe-server start" -ExecStartPost=/usr/bin/touch /var/lock/one/.econe.lock -ExecStop=/bin/kill -INT $MAINPID -PIDFile=/var/run/one/econe.pid -Type=simple -Group=cloud -User=oneadmin - -[Install] -WantedBy=multi-user.target diff --git a/share/pkgs/openSUSE/systemd/one.service b/share/pkgs/openSUSE/systemd/one.service deleted file mode 100644 index d4d1480ef5..0000000000 --- a/share/pkgs/openSUSE/systemd/one.service +++ /dev/null @@ -1,30 +0,0 @@ -[Unit] -Description=OpenNebula Cloud Controller Daemon -After=syslog.target -After=network.target -After=remote-fs.target -Before=one_scheduler.service -# Do not start if the scheduler does not exist -ConditionFileIsExecutable=/usr/bin/mm_sched -# Directory lock and run directories must exist -ConditionPathIsDirectory=/var/lock/one -ConditionPathIsDirectory=/var/run/one -# The PID file for the process should not exist, we either have a -# running process or the previous run did not exit cleanly -!ConditionPathExists=/var/run/one/oned.pid - -[Service] -# Start daemon in foreground mode, when starting as forking process the -# daemon shuts down without obvious reason. -ExecStart=/usr/bin/oned -f -# Log file location must exist -ExecStartPre=/bin/mkdir -p /var/log/one -ExecStartPre=/bin/chown oneadmin:cloud /var/log/one -ExecStop=/bin/kill -TERM $MAINPID -PIDFile=/var/run/one/oned.pid -Type=simple -Group=cloud -User=oneadmin - -[Install] -WantedBy=multi-user.target diff --git a/share/pkgs/openSUSE/systemd/one_scheduler.service b/share/pkgs/openSUSE/systemd/one_scheduler.service deleted file mode 100644 index 6beed9519b..0000000000 --- a/share/pkgs/openSUSE/systemd/one_scheduler.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=OpenNebula Cloud Scheduler Daemon -After=syslog.target -After=network.target -After=remote-fs.target -After=one.service -BindTo=one.service -!ConditionFileExists=/var/run/one/sched.pid - -[Service] -EnvironmentFile=/etc/one/oned.conf -ExecStart=/usr/bin/mm_sched -p $PORT -t 30 -m 300 -d 30 -h 1 -ExecStop=/bin/kill -TERM $MAINPID -PIDFile=/var/run/one/sched.pid -Type=simple -Group=cloud -User=oneadmin - -[Install] -WantedBy=multi-user.target diff --git a/share/pkgs/openSUSE/systemd/onedsetup b/share/pkgs/openSUSE/systemd/onedsetup deleted file mode 100644 index 65e0f9fb3e..0000000000 --- a/share/pkgs/openSUSE/systemd/onedsetup +++ /dev/null @@ -1,109 +0,0 @@ -#!/bin/bash - -# -------------------------------------------------------------------------- # -# Licensed under the Apache License, Version 2.0 (the "License"); you may # -# not use this file except in compliance with the License. You may obtain # -# a copy of the License at # -# # -# http://www.apache.org/licenses/LICENSE-2.0 # -# # -# Unless required by applicable law or agreed to in writing, software # -# distributed under the License is distributed on an "AS IS" BASIS, # -# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # -# See the License for the specific language governing permissions and # -# limitations under the License. # -#--------------------------------------------------------------------------- # - -# One time setup for oned -KILL_9_SECONDS=10 - -LOCK_FILE=/var/lock/one/one -LOCK_FILE_DIR=/var/lock/one - -ONE_PID=/var/run/one/oned.pid -ONE_CONF=/etc/one/oned.conf -ONE_DB=/var/lib/one/one.db - -ONED=/usr/bin/oned - -PORT=$(sed -n '/^[ \t]*PORT/s/^.*PORT\s*=\s*\([0-9]\+\)\s*.*$/\1/p' $ONE_CONF) - -if [ $? -ne 0 ]; then - echo "Can not find PORT in $ONE_CONF." - exit 1 -fi - -if [ ! -d $LOCK_FILE_DIR ]; then - mkdir $LOCK_FILE_DIR > /dev/null 2>&1 - if [ $? -eq 0 ]; then - echo "Could not create lock file directory: $LOCK_FILE_DIR" - exit 1 - fi -fi - -if [ -f $LOCK_FILE ]; then - if [ -f $ONE_PID ]; then - ONEPID=`cat $ONE_PID` - ps $ONEPID > /dev/null 2>&1 - if [ $? -eq 0 ]; then - echo "oned already running thus it is configured, nothing to do exiting" - exit 0 - fi - fi - echo "Stale .lock detected. Erasing it." - rm $LOCK_FILE -fi - -if [ ! -x "$ONED" ]; then - echo "Can not find $ONED." - exit 1 -fi - -if [ ! -f "$ONE_DB" ]; then - if [ ! -f "$HOME/.one/one_auth" ]; then - if [ -z "$ONE_AUTH" ]; then - echo "You should have ONE_AUTH set the first time you start" - echo "OpenNebula as it is used to set the credentials for" - echo "the administrator user." - exit 1 - fi - fi -fi - -if [ ! -d /var/lock/one ]; then - mkdir /var/lock/one > /dev/null 2>&1 - if [ $? -ne 0 ]; then - echo "Could not create necessary lock directory: /var/lock/one" - exit 1 - fi -fi - -# Start the one daemon -$ONED -i 2>&1 & -STARTED=$? -CURPID=$! - -if [ $STARTED -ne 0 ]; then - echo "Error executing $ONED : Initial setup failed" - exit 1 -fi - -# Give oned a chance to do it's thing... -sleep 5 - -# OK we're all done here -# Just in case the process gets stuck, kill it -kill -TERM $CURPID > /dev/null 2>&1 - -counter=0 -while ps $CURPID > /dev/null 2>&1; do - let counter=counter+1 - if [ $counter -gt $KILL_9_SECONDS ]; then - kill -9 $CURPID > /dev/null 2>&1 - break - fi - sleep 1 -done - -# If the lock file is left over remove it -rm -f /var/lock/one/one diff --git a/share/pkgs/openSUSE/systemd/oneflow.service b/share/pkgs/openSUSE/systemd/oneflow.service deleted file mode 100644 index 619ed4b16b..0000000000 --- a/share/pkgs/openSUSE/systemd/oneflow.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=OpenNebula Flow Service for multi tier applications -After=syslog.target -After=network.target -After=one.service -After=one_scheduler.service -BindTo=one.service -!ConditionFileExists=/var/lock/one/.oneflow.lock - -[Service] -ExecStart=/bin/bash -c "/usr/bin/oneflow-server start" -ExecStartPost=/usr/bin/touch /var/lock/one/.oneflow.lock -ExecStop=/bin/kill -INT $MAINPID -PIDFile=/var/run/one/oneflow.pid -Type=simple -Group=cloud -User=oneadmin - -[Install] -WantedBy=multi-user.target diff --git a/share/pkgs/openSUSE/systemd/onegate.service b/share/pkgs/openSUSE/systemd/onegate.service deleted file mode 100644 index eebea7c256..0000000000 --- a/share/pkgs/openSUSE/systemd/onegate.service +++ /dev/null @@ -1,20 +0,0 @@ -[Unit] -Description=OpenNebula Gate Service for Service monitoring -After=syslog.target -After=network.target -After=one.service -After=one_scheduler.service -BindTo=one.service -!ConditionFileExists=/var/lock/one/.onegate.lock - -[Service] -ExecStart=/bin/bash -c "/usr/bin/onegate-server start" -ExecStartPost=/usr/bin/touch /var/lock/one/.onegate.lock -ExecStop=/bin/kill -INT $MAINPID -PIDFile=/var/run/one/onegate.pid -Type=simple -Group=cloud -User=oneadmin - -[Install] -WantedBy=multi-user.target diff --git a/share/pkgs/openSUSE/systemd/onetmpdirs b/share/pkgs/openSUSE/systemd/onetmpdirs deleted file mode 100644 index f008276aa5..0000000000 --- a/share/pkgs/openSUSE/systemd/onetmpdirs +++ /dev/null @@ -1,2 +0,0 @@ -d /var/lock/one 0755 oneadmin cloud -d /var/run/one 0755 oneadmin cloud diff --git a/share/pkgs/openSUSE/systemd/sunstone.service b/share/pkgs/openSUSE/systemd/sunstone.service deleted file mode 100644 index aacc050fcc..0000000000 --- a/share/pkgs/openSUSE/systemd/sunstone.service +++ /dev/null @@ -1,21 +0,0 @@ -[Unit] -Description=OpenNebula Web UI Server -After=syslog.target -After=network.target -After=one.service -After=one_scheduler.service -BindTo=one.service -!ConditionFileExists=/var/lock/one/.sunstone.lock - -[Service] -ExecStart=/bin/bash -c "sleep 5; /usr/bin/ruby /usr/lib/one/sunstone/sunstone-server.rb > /var/log/one/sunstone.log 2>&1" -ExecStop=/bin/kill -INT $MAINPID -PIDFile=/var/run/one/sunstone.pid -Type=simple -Group=cloud -User=oneadmin - -[Install] -WantedBy=multi-user.target - - diff --git a/share/pkgs/services/legacy/README.txt b/share/pkgs/services/legacy/README.txt new file mode 100644 index 0000000000..e9d4a3b274 --- /dev/null +++ b/share/pkgs/services/legacy/README.txt @@ -0,0 +1 @@ +Please note these service scripts are not actively maintained. diff --git a/share/pkgs/CentOS/opennebula b/share/pkgs/services/legacy/centos6/opennebula similarity index 100% rename from share/pkgs/CentOS/opennebula rename to share/pkgs/services/legacy/centos6/opennebula diff --git a/share/pkgs/CentOS/opennebula-econe b/share/pkgs/services/legacy/centos6/opennebula-econe similarity index 100% rename from share/pkgs/CentOS/opennebula-econe rename to share/pkgs/services/legacy/centos6/opennebula-econe diff --git a/share/pkgs/CentOS/opennebula-flow b/share/pkgs/services/legacy/centos6/opennebula-flow similarity index 100% rename from share/pkgs/CentOS/opennebula-flow rename to share/pkgs/services/legacy/centos6/opennebula-flow diff --git a/share/pkgs/CentOS/opennebula-gate b/share/pkgs/services/legacy/centos6/opennebula-gate similarity index 100% rename from share/pkgs/CentOS/opennebula-gate rename to share/pkgs/services/legacy/centos6/opennebula-gate diff --git a/share/pkgs/CentOS/opennebula-novnc b/share/pkgs/services/legacy/centos6/opennebula-novnc similarity index 100% rename from share/pkgs/CentOS/opennebula-novnc rename to share/pkgs/services/legacy/centos6/opennebula-novnc diff --git a/share/pkgs/CentOS/opennebula-sunstone b/share/pkgs/services/legacy/centos6/opennebula-sunstone similarity index 100% rename from share/pkgs/CentOS/opennebula-sunstone rename to share/pkgs/services/legacy/centos6/opennebula-sunstone diff --git a/share/pkgs/Debian7/opennebula b/share/pkgs/services/legacy/debian/opennebula similarity index 100% rename from share/pkgs/Debian7/opennebula rename to share/pkgs/services/legacy/debian/opennebula diff --git a/share/pkgs/Debian7/opennebula-econe b/share/pkgs/services/legacy/debian/opennebula-econe similarity index 100% rename from share/pkgs/Debian7/opennebula-econe rename to share/pkgs/services/legacy/debian/opennebula-econe diff --git a/share/pkgs/Debian7/opennebula-flow b/share/pkgs/services/legacy/debian/opennebula-flow similarity index 100% rename from share/pkgs/Debian7/opennebula-flow rename to share/pkgs/services/legacy/debian/opennebula-flow diff --git a/share/pkgs/Debian7/opennebula-gate b/share/pkgs/services/legacy/debian/opennebula-gate similarity index 100% rename from share/pkgs/Debian7/opennebula-gate rename to share/pkgs/services/legacy/debian/opennebula-gate diff --git a/share/pkgs/Debian7/opennebula-novnc b/share/pkgs/services/legacy/debian/opennebula-novnc similarity index 100% rename from share/pkgs/Debian7/opennebula-novnc rename to share/pkgs/services/legacy/debian/opennebula-novnc diff --git a/share/pkgs/Debian7/opennebula-sunstone b/share/pkgs/services/legacy/debian/opennebula-sunstone similarity index 100% rename from share/pkgs/Debian7/opennebula-sunstone rename to share/pkgs/services/legacy/debian/opennebula-sunstone diff --git a/share/pkgs/Ubuntu/opennebula b/share/pkgs/services/legacy/ubuntu/opennebula similarity index 100% rename from share/pkgs/Ubuntu/opennebula rename to share/pkgs/services/legacy/ubuntu/opennebula diff --git a/share/pkgs/Ubuntu/opennebula-econe b/share/pkgs/services/legacy/ubuntu/opennebula-econe similarity index 100% rename from share/pkgs/Ubuntu/opennebula-econe rename to share/pkgs/services/legacy/ubuntu/opennebula-econe diff --git a/share/pkgs/Ubuntu/opennebula-flow b/share/pkgs/services/legacy/ubuntu/opennebula-flow similarity index 100% rename from share/pkgs/Ubuntu/opennebula-flow rename to share/pkgs/services/legacy/ubuntu/opennebula-flow diff --git a/share/pkgs/Ubuntu/opennebula-gate b/share/pkgs/services/legacy/ubuntu/opennebula-gate similarity index 100% rename from share/pkgs/Ubuntu/opennebula-gate rename to share/pkgs/services/legacy/ubuntu/opennebula-gate diff --git a/share/pkgs/Ubuntu/opennebula-novnc b/share/pkgs/services/legacy/ubuntu/opennebula-novnc old mode 100644 new mode 100755 similarity index 100% rename from share/pkgs/Ubuntu/opennebula-novnc rename to share/pkgs/services/legacy/ubuntu/opennebula-novnc diff --git a/share/pkgs/Ubuntu/opennebula-sunstone b/share/pkgs/services/legacy/ubuntu/opennebula-sunstone similarity index 100% rename from share/pkgs/Ubuntu/opennebula-sunstone rename to share/pkgs/services/legacy/ubuntu/opennebula-sunstone diff --git a/share/pkgs/CentOS7/opennebula-econe.service b/share/pkgs/services/systemd/opennebula-econe.service similarity index 100% rename from share/pkgs/CentOS7/opennebula-econe.service rename to share/pkgs/services/systemd/opennebula-econe.service diff --git a/share/pkgs/CentOS7/opennebula-flow.service b/share/pkgs/services/systemd/opennebula-flow.service similarity index 100% rename from share/pkgs/CentOS7/opennebula-flow.service rename to share/pkgs/services/systemd/opennebula-flow.service diff --git a/share/pkgs/CentOS7/opennebula-gate.service b/share/pkgs/services/systemd/opennebula-gate.service similarity index 100% rename from share/pkgs/CentOS7/opennebula-gate.service rename to share/pkgs/services/systemd/opennebula-gate.service diff --git a/share/pkgs/CentOS7/opennebula-hem.service b/share/pkgs/services/systemd/opennebula-hem.service similarity index 100% rename from share/pkgs/CentOS7/opennebula-hem.service rename to share/pkgs/services/systemd/opennebula-hem.service diff --git a/share/pkgs/CentOS7/opennebula-novnc.service b/share/pkgs/services/systemd/opennebula-novnc.service similarity index 100% rename from share/pkgs/CentOS7/opennebula-novnc.service rename to share/pkgs/services/systemd/opennebula-novnc.service diff --git a/share/pkgs/CentOS7/opennebula-scheduler.service b/share/pkgs/services/systemd/opennebula-scheduler.service similarity index 100% rename from share/pkgs/CentOS7/opennebula-scheduler.service rename to share/pkgs/services/systemd/opennebula-scheduler.service diff --git a/share/pkgs/CentOS7/opennebula-sunstone.service b/share/pkgs/services/systemd/opennebula-sunstone.service similarity index 100% rename from share/pkgs/CentOS7/opennebula-sunstone.service rename to share/pkgs/services/systemd/opennebula-sunstone.service diff --git a/share/pkgs/CentOS7/opennebula.service b/share/pkgs/services/systemd/opennebula.service similarity index 100% rename from share/pkgs/CentOS7/opennebula.service rename to share/pkgs/services/systemd/opennebula.service diff --git a/share/pkgs/sudoers/centos/opennebula b/share/pkgs/sudoers/centos/opennebula new file mode 100644 index 0000000000..c1534c117c --- /dev/null +++ b/share/pkgs/sudoers/centos/opennebula @@ -0,0 +1,13 @@ +Defaults:oneadmin !requiretty +Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin + +Cmnd_Alias ONE_CEPH = /usr/bin/rbd +Cmnd_Alias ONE_HA = /usr/bin/systemctl start opennebula-flow, /usr/bin/systemctl stop opennebula-flow, /usr/bin/systemctl start opennebula-gate, /usr/bin/systemctl stop opennebula-gate, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/arping +Cmnd_Alias ONE_LVM = /usr/sbin/lvcreate, /usr/sbin/lvremove, /usr/sbin/lvs, /usr/sbin/vgdisplay, /usr/sbin/lvchange, /usr/sbin/lvscan, /usr/sbin/lvextend +Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh +Cmnd_Alias ONE_NET = /usr/sbin/ebtables, /usr/sbin/iptables, /usr/sbin/ip6tables, /usr/sbin/ip, /usr/sbin/ipset +Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl + +## Command aliases are enabled individually in dedicated +## sudoers files by each OpenNebula component (server, node). +# oneadmin ALL=(ALL) NOPASSWD: ONE_CEPH, ONE_HA, ONE_LVM, ONE_MARKET, ONE_NET, ONE_OVS diff --git a/share/pkgs/Debian8/opennebula.sudoers b/share/pkgs/sudoers/debian/opennebula similarity index 58% rename from share/pkgs/Debian8/opennebula.sudoers rename to share/pkgs/sudoers/debian/opennebula index c41e3633a5..c92c9ddb36 100644 --- a/share/pkgs/Debian8/opennebula.sudoers +++ b/share/pkgs/sudoers/debian/opennebula @@ -1,14 +1,14 @@ Defaults:oneadmin !requiretty Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin -Cmnd_Alias ONE_MISC = /sbin/mkfs, /bin/sync, /sbin/mkswap -Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip6tables, /sbin/ip, /sbin/ipset, /usr/bin/arping -Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvs, /sbin/vgdisplay, /sbin/lvchange, /sbin/lvscan, /sbin/lvextend -Cmnd_Alias ONE_ISCSI = /usr/bin/iscsiadm, /usr/sbin/tgt-admin, /usr/sbin/tgtadm -Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl -Cmnd_Alias ONE_XEN = /usr/sbin/xentop, /usr/sbin/xl, /usr/sbin/xm Cmnd_Alias ONE_CEPH = /usr/bin/rbd +Cmnd_Alias ONE_HA = /bin/systemctl start opennebula-flow, /bin/systemctl stop opennebula-flow, /bin/systemctl start opennebula-gate, /bin/systemctl stop opennebula-gate, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/bin/arping +Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvs, /sbin/vgdisplay, /sbin/lvchange, /sbin/lvscan, /sbin/lvextend +Cmnd_Alias ONE_LXD = /snap/bin/lxc, /usr/bin/catfstab, /bin/mount, /bin/umount, /bin/mkdir, /bin/lsblk, /sbin/losetup, /sbin/kpartx, /usr/bin/qemu-nbd, /sbin/blkid, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd, /usr/sbin/xfs_admin, /sbin/tune2fs Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh -Cmnd_Alias ONE_HA = /bin/systemctl start opennebula-flow, /bin/systemctl stop opennebula-flow, /bin/systemctl start opennebula-gate, /bin/systemctl stop opennebula-gate, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop +Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip6tables, /sbin/ip, /sbin/ipset +Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl -oneadmin ALL=(ALL) NOPASSWD: ONE_MISC, ONE_NET, ONE_LVM, ONE_ISCSI, ONE_OVS, ONE_XEN, ONE_CEPH, ONE_MARKET, ONE_HA +## Command aliases are enabled individually in dedicated +## sudoers files by each OpenNebula component (server, node). +# oneadmin ALL=(ALL) NOPASSWD: ONE_CEPH, ONE_HA, ONE_LVM, ONE_LXD, ONE_MARKET, ONE_NET, ONE_OVS diff --git a/share/pkgs/sudoers/opennebula-node b/share/pkgs/sudoers/opennebula-node new file mode 100644 index 0000000000..2f0b3e7970 --- /dev/null +++ b/share/pkgs/sudoers/opennebula-node @@ -0,0 +1 @@ +oneadmin ALL=(ALL:ALL) NOPASSWD: ONE_CEPH, ONE_NET, ONE_OVS, ONE_LVM diff --git a/share/pkgs/sudoers/opennebula-node-lxd b/share/pkgs/sudoers/opennebula-node-lxd new file mode 100644 index 0000000000..a7fd1dce39 --- /dev/null +++ b/share/pkgs/sudoers/opennebula-node-lxd @@ -0,0 +1 @@ +oneadmin ALL=(ALL:ALL) NOPASSWD: ONE_LXD diff --git a/share/pkgs/sudoers/opennebula-server b/share/pkgs/sudoers/opennebula-server new file mode 100644 index 0000000000..afbe9a61a4 --- /dev/null +++ b/share/pkgs/sudoers/opennebula-server @@ -0,0 +1 @@ +oneadmin ALL=(ALL) NOPASSWD: ONE_CEPH, ONE_HA, ONE_MARKET diff --git a/share/pkgs/CentOS7/opennebula-node.conf b/share/pkgs/tmpfiles/opennebula-node.conf similarity index 100% rename from share/pkgs/CentOS7/opennebula-node.conf rename to share/pkgs/tmpfiles/opennebula-node.conf diff --git a/share/pkgs/CentOS7/opennebula.conf b/share/pkgs/tmpfiles/opennebula.conf similarity index 100% rename from share/pkgs/CentOS7/opennebula.conf rename to share/pkgs/tmpfiles/opennebula.conf diff --git a/share/sudoers/sudo_commands.rb b/share/sudoers/sudo_commands.rb index aa69404322..ccd5430782 100755 --- a/share/sudoers/sudo_commands.rb +++ b/share/sudoers/sudo_commands.rb @@ -16,78 +16,34 @@ # limitations under the License. # #--------------------------------------------------------------------------- # -ONE_LOCATION=ENV["ONE_LOCATION"] +ONE_LOCATION = ENV['ONE_LOCATION'] if !ONE_LOCATION - LIB_LOCATION="/usr/lib/one" + LIB_LOCATION = '/usr/lib/one' else - LIB_LOCATION=ONE_LOCATION+"/lib" + LIB_LOCATION = ONE_LOCATION + '/lib' end -require "erb" +require 'erb' +require_relative 'sudoers' -CMDS = { - :MISC => %w(mkfs sync mkswap), - :NET => %w(ebtables iptables ip6tables ip ipset arping), - :LVM => %w(lvcreate lvremove lvs vgdisplay lvchange lvscan lvextend), - :ISCSI => %w(iscsiadm tgt-admin tgtadm), - :OVS => %w(ovs-ofctl ovs-vsctl), - :XEN => %w(xentop xl xm), - :CEPH => %w(rbd), - :MARKET => %W{#{LIB_LOCATION}/sh/create_container_image.sh}, - :HA => [ - 'systemctl start opennebula-flow', - 'systemctl stop opennebula-flow', - 'systemctl start opennebula-gate', - 'systemctl stop opennebula-gate', - 'service opennebula-flow start', - 'service opennebula-flow stop', - 'service opennebula-gate start', - 'service opennebula-gate stop' - ], -} +sudoers = Sudoers.new LIB_LOCATION +aliases = sudoers.aliases +aliases.reject! {|_k, v| v.empty? } -KEYS = CMDS.keys - -abs_cmds = {} -not_found_cmds = [] - -KEYS.each do |label| - cmds = CMDS[label] - - _abs_cmds = [] - cmds.each do |cmd| - cmd_parts = cmd.split - abs_cmd = `which #{cmd_parts[0]} 2>/dev/null` - - if !abs_cmd.empty? - cmd_parts[0] = abs_cmd.strip - _abs_cmds << cmd_parts.join(' ') - else - not_found_cmds << cmd - end - end - - abs_cmds["ONE_#{label}"] = _abs_cmds -end - -abs_cmds.reject!{|k,v| v.empty?} - -puts ERB.new(DATA.read,nil, "<>").result(binding) - -if !not_found_cmds.empty? - STDERR.puts "\n---\n\nNot found:" - not_found_cmds.each{|cmd| STDERR.puts("- #{cmd}")} -end +puts ERB.new(DATA.read, nil, '<>').result(binding) __END__ -Defaults !requiretty -Defaults secure_path = /sbin:/bin:/usr/sbin:/usr/bin +Defaults:oneadmin !requiretty +Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin -<% KEYS.each do |k|; l = "ONE_#{k}"; v = abs_cmds[l] %> -<% if !v.nil? %> +<% cmd_sets = sudoers.cmds.keys.sort %> +<% cmd_sets.each do |k|; l = "ONE_#{k}"; v = aliases[l] %> +<% if !v.nil? %> Cmnd_Alias <%= l %> = <%= v.join(", ") %> -<% end %> +<% end %> <% end %> -oneadmin ALL=(ALL) NOPASSWD: <%= KEYS.select{|k| !abs_cmds["ONE_#{k}"].nil?}.collect{|k| "ONE_#{k}"}.join(", ") %> +## Command aliases are enabled individually in dedicated +## sudoers files by each OpenNebula component (server, node). +# oneadmin ALL=(ALL) NOPASSWD: <%= cmd_sets.each.sort.collect{|k| "ONE_#{k}"}.join(", ") %> diff --git a/share/sudoers/sudoers.rb b/share/sudoers/sudoers.rb new file mode 100644 index 0000000000..2782e1b3fb --- /dev/null +++ b/share/sudoers/sudoers.rb @@ -0,0 +1,87 @@ +# -------------------------------------------------------------------------- # +# Copyright 2002-2019, OpenNebula Project, OpenNebula Systems # +# # +# Licensed under the Apache License, Version 2.0 (the "License"); you may # +# not use this file except in compliance with the License. You may obtain # +# a copy of the License at # +# # +# http://www.apache.org/licenses/LICENSE-2.0 # +# # +# Unless required by applicable law or agreed to in writing, software # +# distributed under the License is distributed on an "AS IS" BASIS, # +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # +# See the License for the specific language governing permissions and # +# limitations under the License. # +#--------------------------------------------------------------------------- # + +# Holds configuration about sudoers requirements for OpeNebula +class Sudoers + + NODECMDS = [:NET, :OVS, :LVM, :LXD] + + attr_accessor :cmds + + def initialize(lib_location) + # Commands required to be used as root, without password, by oneadmin + @cmds = { + :NET => %w[ebtables iptables ip6tables ip ipset], + :LVM => %w[ + lvcreate lvremove lvs vgdisplay lvchange lvscan lvextend + ], + :OVS => %w[ovs-ofctl ovs-vsctl], + :CEPH => %w[rbd], + :LXD => %w[ + /snap/bin/lxc /usr/bin/catfstab mount umount mkdir lsblk losetup + kpartx qemu-nbd blkid e2fsck resize2fs xfs_growfs rbd-nbd + xfs_admin tune2fs + ], + :HA => [ + 'systemctl start opennebula-flow', + 'systemctl stop opennebula-flow', + 'systemctl start opennebula-gate', + 'systemctl stop opennebula-gate', + 'service opennebula-flow start', + 'service opennebula-flow stop', + 'service opennebula-gate start', + 'service opennebula-gate stop', + 'arping' + ], + :MARKET => %W[#{lib_location}/sh/create_container_image.sh] + } + end + + # Return a list of commands full path + def aliases + cmnd_aliases = {} + + cmds.keys.each do |label| + cmd_path = [] + + cmds[label].each do |cmd| + if cmd[0] == '/' + cmd_path << cmd + next + end + + cmd_parts = cmd.split + cmd_parts[0] = which(cmd_parts[0]) + + if cmd_parts[0].empty? + STDERR.puts "command not found: #{cmd}" + exit 1 + end + + cmd_path << cmd_parts.join(' ') + end + + cmnd_aliases["ONE_#{label}"] = cmd_path + end + + cmnd_aliases + end + + def which(cmd) + `which #{cmd} 2>/dev/null`.strip + end + +end diff --git a/src/tm_mad/fs_lvm/clone b/src/tm_mad/fs_lvm/clone index 7ff624a935..82acd5d53c 100755 --- a/src/tm_mad/fs_lvm/clone +++ b/src/tm_mad/fs_lvm/clone @@ -113,7 +113,7 @@ DEV="/dev/${VG_NAME}/${LV_NAME}" # Execute lvcreate with a lock in the frontend CREATE_CMD=$(cat </dev/null; then - ${SUDO} ${SYNC} + ${SYNC} ${SUDO} ${LVSCAN} ${SUDO} ${LVCHANGE} -ay "\${DEV}" fi diff --git a/src/tm_mad/fs_lvm/mkimage b/src/tm_mad/fs_lvm/mkimage index 5271abe0a3..c70cb2c256 100755 --- a/src/tm_mad/fs_lvm/mkimage +++ b/src/tm_mad/fs_lvm/mkimage @@ -64,7 +64,7 @@ DEV="/dev/${VG_NAME}/${LV_NAME}" # Execute lvcreate with a lock in the frontend CREATE_CMD=$(cat <