mirror of
https://github.com/OpenNebula/one.git
synced 2024-12-22 13:33:52 +03:00
146dfe6a09
This commit adds the following features using the vlan_filter capabilities of the Linux Bridge: * 802.1Q driver, support for QinQ. This is not a full implementation compared to the vSwitch as there is no native support in the linux bridge: - VLAN_ID is the (outer/C-VLAN) tag implemented by tagging the PHY_DEV interface - CVLANS are the customer tags, any other VLAN is filtered out in the bridge * bridge driver, support for vlan filtering (VLAN_TAGGED_ID) only the specified tags are allowed in the trunk. Additionally this commits includes linting of some files. (cherry picked from commit e379bd66842dc4aa256e1c503ca425553d02bf9b)
19 lines
2.3 KiB
Plaintext
19 lines
2.3 KiB
Plaintext
Defaults:oneadmin !requiretty
|
|
Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin
|
|
|
|
Cmnd_Alias ONE_CEPH = /usr/bin/rbd
|
|
Cmnd_Alias ONE_HA = /usr/bin/systemctl start opennebula-flow, /usr/bin/systemctl stop opennebula-flow, /usr/bin/systemctl start opennebula-gate, /usr/bin/systemctl stop opennebula-gate, /usr/bin/systemctl start opennebula-hem, /usr/bin/systemctl stop opennebula-hem, /usr/bin/systemctl start opennebula-showback.timer, /usr/bin/systemctl stop opennebula-showback.timer, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/sbin/arping, /usr/sbin/ip address *
|
|
Cmnd_Alias ONE_LVM = /usr/sbin/lvcreate, /usr/sbin/lvremove, /usr/sbin/lvs, /usr/sbin/vgdisplay, /usr/sbin/lvchange, /usr/sbin/lvscan, /usr/sbin/lvextend
|
|
Cmnd_Alias ONE_LXC = /usr/bin/mount, /usr/bin/umount, /usr/bin/bindfs, /usr/sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /usr/sbin/e2fsck, /usr/sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd
|
|
Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh
|
|
Cmnd_Alias ONE_NET = /usr/sbin/ebtables, /usr/sbin/iptables, /usr/sbin/ip6tables, /usr/sbin/ipset, /usr/sbin/ip link *, /usr/sbin/ip neighbour *, /usr/sbin/ip route *, /usr/sbin/ip rule *, /usr/sbin/ip tuntap *, /usr/sbin/nft, /var/tmp/one/vnm/tproxy, /usr/sbin/bridge vlan *
|
|
Cmnd_Alias ONE_NETNS = /usr/sbin/ip netns add *, /usr/sbin/ip netns delete *, /usr/sbin/ip netns pids *, /var/tmp/one/vnm/ip_netns_exec ip address *, /var/tmp/one/vnm/ip_netns_exec ip link *, /var/tmp/one/vnm/ip_netns_exec ip -j link show *, /var/tmp/one/vnm/ip_netns_exec ip route *
|
|
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /usr/bin/ovs-appctl
|
|
Cmnd_Alias ONE_MEM = /usr/sbin/sysctl vm.drop_caches=3 vm.compact_memory=1
|
|
Cmnd_Alias ONE_VGPU = /var/tmp/one/vgpu
|
|
|
|
## Command aliases are enabled individually in dedicated
|
|
## sudoers files by each OpenNebula component (server, node).
|
|
# oneadmin ALL=(ALL) NOPASSWD: ONE_CEPH, ONE_HA, ONE_LVM, ONE_LXC, ONE_MARKET, ONE_NET, ONE_OVS, ONE_MEM
|
|
# oneadmin ALL=(ALL) NOPASSWD:SETENV: ONE_NETNS
|