parent
9f6750f9b7
commit
25941d046c
@ -0,0 +1,18 @@ |
||||
Defaults:oneadmin !requiretty |
||||
Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin |
||||
|
||||
Cmnd_Alias ONE_CEPH = /usr/bin/rbd |
||||
Cmnd_Alias ONE_FIRECRACKER = /usr/bin/jailer, /usr/sbin/one-clean-firecracker-domain, /usr/sbin/one-prepare-firecracker-domain |
||||
Cmnd_Alias ONE_HA = /bin/systemctl start opennebula-showback.timer, /bin/systemctl stop opennebula-showback.timer, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/bin/arping, /sbin/ip address * |
||||
Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvs, /sbin/vgdisplay, /sbin/lvchange, /sbin/lvscan, /sbin/lvextend |
||||
Cmnd_Alias ONE_LXC = /bin/mount, /bin/umount, /usr/bin/bindfs, /sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd |
||||
Cmnd_Alias ONE_LXD = /snap/bin/lxc, /usr/bin/catfstab, /bin/mount, /bin/umount, /bin/mkdir, /bin/lsblk, /sbin/losetup, /sbin/kpartx, /usr/bin/qemu-nbd, /sbin/blkid, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd, /usr/sbin/xfs_admin, /sbin/tune2fs |
||||
Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh |
||||
Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip6tables, /sbin/ipset, /sbin/ip link *, /sbin/ip tuntap *, /sbin/ip route *, /sbin/ip neighbour * |
||||
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl, /usr/bin/ovs-appctl |
||||
Cmnd_Alias ONE_MEM = /sbin/sysctl vm.drop_caches=3 vm.compact_memory=1 |
||||
Cmnd_Alias ONE_VGPU = /var/tmp/one/vgpu |
||||
|
||||
## Command aliases are enabled individually in dedicated |
||||
## sudoers files by each OpenNebula component (server, node). |
||||
# oneadmin ALL=(ALL) NOPASSWD: ONE_CEPH, ONE_FIRECRACKER, ONE_HA, ONE_LVM, ONE_LXC, ONE_LXD, ONE_MARKET, ONE_NET, ONE_OVS, ONE_MEM |
@ -0,0 +1,21 @@ |
||||
# Contributor: Santic <email@santic-zombie.ru> |
||||
# Maintainer: Santic <email@santic-zombie.ru> |
||||
pkgname=opennebula-node-kvm |
||||
pkgver=6.8.0 |
||||
pkgrel=1 |
||||
pkgdesc="Services for OpenNebula KVM node (Community Edition)" |
||||
url="https://opennebula.io/" |
||||
arch="noarch" |
||||
options="!check" |
||||
license="Apache" |
||||
|
||||
depends="" |
||||
|
||||
install=" |
||||
${pkgname}.post-install |
||||
${pkgname}.post-deinstall" |
||||
|
||||
source="" |
||||
|
||||
package() { |
||||
} |
@ -0,0 +1,13 @@ |
||||
#!/bin/sh |
||||
|
||||
set -e |
||||
|
||||
ONE_GROUP=cloud |
||||
ONE_USER=oneadmin |
||||
|
||||
userdel -r ${ONE_USER} 2>/dev/null && echo ">> User '${ONE_USER}' has been removed." |
||||
groupdel ${ONE_GROUP} 2>/dev/null && echo ">> Group '${ONE_GROUP}' has been removed." |
||||
|
||||
rm -rf /var/lib/one /var/run/one /var/log/one /var/lock/one 2>/dev/null |
||||
|
||||
exit 0 |
@ -0,0 +1,57 @@ |
||||
#!/bin/sh |
||||
|
||||
set -e |
||||
|
||||
ONEHOME=/var/lib/one |
||||
ONE_GROUP=cloud |
||||
ONE_USER=oneadmin |
||||
ONE_UID=9869 |
||||
ONE_GID=9869 |
||||
ONE_COMMENT="OpenNebula administrator account" |
||||
|
||||
create_cloudgroup() { |
||||
if ! getent group $ONE_GROUP > /dev/null 2>&1; then |
||||
addgroup --system --gid $ONE_GID $ONE_GROUP |
||||
fi |
||||
} |
||||
|
||||
create_oneuser() { |
||||
if ! getent passwd $ONE_USER > /dev/null 2>&1; then |
||||
adduser --system --gecos "$ONE_COMMENT" --uid $ONE_UID --ingroup $ONE_GROUP --home $ONEHOME --shell /bin/ash $ONE_USER |
||||
else |
||||
ONEHOME=`getent passwd $ONE_USER | cut -f6 -d:` |
||||
# Renable user (give him a shell) |
||||
usermod --shell /bin/ash $ONE_USER |
||||
fi |
||||
|
||||
if ! getent group disk | grep "\b$ONE_USER\b" &>/dev/null; then |
||||
usermod -a -G disk $ONE_USER |
||||
fi |
||||
} |
||||
|
||||
create_cloudgroup |
||||
create_oneuser |
||||
|
||||
# Install ~oneadmin/.ssh/config if not present on a fresh install only |
||||
if [ ! -e "${ONEHOME}/.ssh/config" ] && [ -z "$2" ]; then |
||||
if [ ! -d "${ONEHOME}/.ssh" ]; then |
||||
mkdir -p "${ONEHOME}/.ssh" |
||||
chmod 0700 "${ONEHOME}/.ssh" |
||||
chown "$ONE_USER:$ONE_GROUP" "${ONEHOME}/.ssh" |
||||
fi |
||||
cp /usr/share/one/ssh/config "${ONEHOME}/.ssh/config" |
||||
chmod 0600 "${ONEHOME}/.ssh/config" |
||||
chown "$ONE_USER:$ONE_GROUP" "${ONEHOME}/.ssh/config" |
||||
fi |
||||
|
||||
# Set permissions and owner oneadmin:cloud |
||||
for F in /var/lock/one /var/log/one /var/run/one |
||||
do |
||||
if [ ! -d "${F}" ]; then |
||||
mkdir -p "${F}" |
||||
chmod 0750 "${F}" |
||||
chown "${ONE_USER}:${ONE_GROUP}" "${F}" |
||||
fi |
||||
done |
||||
|
||||
exit 0 |
Loading…
Reference in new issue