Skip to content

Commit 870e189

Browse files
rsafonsecaDaanHoogland
rsafonseca
authored and
DaanHoogland
committed
Use same sudoers config for all distros Cleanup buggy code for sudoers file editing
Signed-off-by: Daan Hoogland <daan@onecht.net> This closes apache#332
1 parent c45c9bf commit 870e189

8 files changed

Lines changed: 13 additions & 56 deletions

File tree

debian/rules

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -71,8 +71,8 @@ override_dh_auto_install:
7171

7272
# nast hack for a couple of configuration files
7373
mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-limits.conf $(DESTDIR)/$(SYSCONFDIR)/security/limits.d/
74-
mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-sudoers $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack
75-
chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack
74+
mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-sudoers $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/$(PACKAGE)
75+
chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/$(PACKAGE)
7676

7777
ln -s tomcat6-nonssl.conf $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/tomcat6.conf
7878
ln -s server-nonssl.xml $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/server.xml

packaging/centos63/cloud.spec

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -225,6 +225,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/management
225225
mkdir -p ${RPM_BUILD_ROOT}%{_initrddir}
226226
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
227227
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d
228+
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d
228229

229230
# Common
230231
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts
@@ -297,6 +298,7 @@ install -D client/target/pythonlibs/jasypt-1.9.2.jar ${RPM_BUILD_ROOT}%{_datadir
297298
install -D packaging/centos63/cloud-ipallocator.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-ipallocator
298299
install -D packaging/centos63/cloud-management.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-management
299300
install -D packaging/centos63/cloud-management.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}-management
301+
install -D server/target/conf/cloudstack-sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
300302
install -D packaging/centos63/tomcat.sh ${RPM_BUILD_ROOT}%{_initrddir}/tomcat.sh
301303

302304
chmod 770 ${RPM_BUILD_ROOT}%{_sysconfdir}/%{name}/management/Catalina
@@ -532,6 +534,7 @@ fi
532534
%dir %attr(0770,root,cloud) %{_localstatedir}/cache/%{name}/management/temp
533535
%dir %attr(0770,root,cloud) %{_localstatedir}/log/%{name}/management
534536
%config(noreplace) %{_sysconfdir}/sysconfig/%{name}-management
537+
%config(noreplace) %{_sysconfdir}/sudoers.d/%{name}-management
535538
%config(noreplace) %attr(0640,root,cloud) %{_sysconfdir}/%{name}/management/db.properties
536539
%config(noreplace) %{_sysconfdir}/%{name}/management/log4j-cloud.xml
537540
%config(noreplace) %{_sysconfdir}/%{name}/management/tomcat6-nonssl.conf

packaging/centos7/cloud-management.sudoers

Lines changed: 0 additions & 22 deletions
This file was deleted.

packaging/centos7/cloud.spec

Lines changed: 2 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -199,6 +199,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/management
199199
mkdir -p ${RPM_BUILD_ROOT}%{_initrddir}
200200
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig
201201
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d
202+
mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d
202203

203204
# Common
204205
mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts
@@ -272,8 +273,8 @@ install -D client/target/pythonlibs/jasypt-1.9.2.jar ${RPM_BUILD_ROOT}%{_datadir
272273

273274
install -D packaging/centos7/cloud-ipallocator.rc ${RPM_BUILD_ROOT}%{_initrddir}/%{name}-ipallocator
274275
install -D packaging/centos7/cloud-management.sysconfig ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig/%{name}-management
276+
install -D server/target/conf/cloudstack-sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
275277
install -D packaging/centos7/cloud-management.service ${RPM_BUILD_ROOT}%{_unitdir}/%{name}-management.service
276-
install -D packaging/centos7/cloud-management.sudoers ${RPM_BUILD_ROOT}%{_sysconfdir}/sudoers.d/%{name}-management
277278
install -D packaging/centos7/cloud.limits ${RPM_BUILD_ROOT}%{_sysconfdir}/security/limits.d/cloud
278279
touch ${RPM_BUILD_ROOT}%{_localstatedir}/run/%{name}-management.pid
279280

python/lib/cloudutils/configFileOps.py

Lines changed: 0 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -175,11 +175,3 @@ def backup(self):
175175
self.add_lines(oldLine, False)
176176
else:
177177
self.replace_lines(newLine, oldLine, False)
178-
179-
if __name__ == '__main__':
180-
cfo = configFileOps("./sudoers")
181-
#cloud ALL = NOPASSWD : ALL
182-
cfo.addEntry("cloud ALL ", "NOPASSWD : ALL")
183-
cfo.rmEntry("Defaults", "requiretty", " ")
184-
#cfo.addEntry("zone", "test", " ")
185-
cfo.save()

python/lib/cloudutils/serviceConfig.py

Lines changed: 0 additions & 18 deletions
Original file line numberDiff line numberDiff line change
@@ -721,24 +721,6 @@ def config(self):
721721
def restore(self):
722722
return True
723723

724-
725-
class sudoersConfig(serviceCfgBase):
726-
def __init__(self, syscfg):
727-
super(sudoersConfig, self).__init__(syscfg)
728-
self.serviceName = "sudoers"
729-
def config(self):
730-
try:
731-
cfo = configFileOps("/etc/sudoers", self)
732-
cfo.addEntry("cloud ALL ", "NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount, /usr/bin/keytool")
733-
cfo.rmEntry("Defaults", "requiretty", " ")
734-
cfo.save()
735-
return True
736-
except:
737-
raise
738-
739-
def restore(self):
740-
return True
741-
742724
class firewallConfigServer(firewallConfigBase):
743725
def __init__(self, syscfg):
744726
super(firewallConfigServer, self).__init__(syscfg)

python/lib/cloudutils/syscfg.py

Lines changed: 2 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -206,12 +206,10 @@ class sysConfigServerRedhat(sysConfigServer):
206206
def __init__(self, glbEnv):
207207
super(sysConfigServerRedhat, self).__init__(glbEnv)
208208
self.svo = serviceOpsRedhat()
209-
self.services = [sudoersConfig(self),
210-
firewallConfigServer(self)]
209+
self.services = [firewallConfigServer(self)]
211210

212211
class sysConfigServerUbuntu(sysConfigServer):
213212
def __init__(self, glbEnv):
214213
super(sysConfigServerUbuntu, self).__init__(glbEnv)
215214
self.svo = serviceOpsUbuntu()
216-
self.services = [sudoersConfig(self),
217-
ubuntuFirewallConfigServer(self)]
215+
self.services = [ubuntuFirewallConfigServer(self)]

server/conf/cloudstack-sudoers.in

Lines changed: 4 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -18,5 +18,8 @@
1818
# The CloudStack management server needs sudo permissions
1919
# without a password.
2020

21-
@MSUSER@ ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount, /bin/umount
21+
Cmnd_Alias CLOUDSTACK = /bin/mkdir, /bin/mount, /bin/umount, /bin/cp, /bin/chmod, /usr/bin/keytool, /bin/keytool
2222

23+
Defaults:@MSUSER@ !requiretty
24+
25+
@MSUSER@ ALL=(root) NOPASSWD:CLOUDSTACK

0 commit comments

Comments
 (0)