From 36615328d12d8bb7c042eb712f2428cdb1d8c68d Mon Sep 17 00:00:00 2001 From: Rohit Yadav Date: Fri, 22 May 2015 14:36:16 +0100 Subject: [PATCH] CLOUDSTACK-8339: Allow non-root users to add KVM host This allows non-root users to add KVM hosts, the user should be an admin or added to sudoers to execute sudo cloudstack-setup-agent. Signed-off-by: Rohit Yadav --- agent/bindir/cloudstack-agent-profile.sh.in | 20 +++++++++++++++++++ debian/cloudstack-agent.install | 1 + debian/rules | 2 ++ packaging/centos63/cloud.spec | 3 +++ .../discoverer/LibvirtServerDiscoverer.java | 8 ++++++-- 5 files changed, 32 insertions(+), 2 deletions(-) create mode 100644 agent/bindir/cloudstack-agent-profile.sh.in diff --git a/agent/bindir/cloudstack-agent-profile.sh.in b/agent/bindir/cloudstack-agent-profile.sh.in new file mode 100644 index 000000000000..93b10b3f3256 --- /dev/null +++ b/agent/bindir/cloudstack-agent-profile.sh.in @@ -0,0 +1,20 @@ +#!/bin/bash +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# need access to lsmod for adding host as non-root +PATH=$PATH:/sbin diff --git a/debian/cloudstack-agent.install b/debian/cloudstack-agent.install index d708514fd14b..94dd30d15d98 100644 --- a/debian/cloudstack-agent.install +++ b/debian/cloudstack-agent.install @@ -18,6 +18,7 @@ /etc/cloudstack/agent/agent.properties /etc/cloudstack/agent/environment.properties /etc/cloudstack/agent/log4j-cloud.xml +/etc/profile.d/cloudstack-agent-profile.sh /etc/init.d/cloudstack-agent /usr/bin/cloudstack-setup-agent /usr/bin/cloudstack-ssh diff --git a/debian/rules b/debian/rules index 774670f7d7a7..3801ae2421ee 100755 --- a/debian/rules +++ b/debian/rules @@ -63,6 +63,7 @@ install: # cloudstack-agent mkdir $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/agent + mkdir $(DESTDIR)/$(SYSCONFDIR)/profile.d mkdir $(DESTDIR)/var/log/$(PACKAGE)/agent mkdir $(DESTDIR)/usr/share/$(PACKAGE)-agent mkdir $(DESTDIR)/usr/share/$(PACKAGE)-agent/plugins @@ -72,6 +73,7 @@ install: install -D packaging/debian/init/cloud-agent $(DESTDIR)/$(SYSCONFDIR)/init.d/$(PACKAGE)-agent install -D agent/target/transformed/cloud-setup-agent $(DESTDIR)/usr/bin/cloudstack-setup-agent install -D agent/target/transformed/cloud-ssh $(DESTDIR)/usr/bin/cloudstack-ssh + install -D agent/target/transformed/cloudstack-agent-profile.sh $(DESTDIR)/$(SYSCONFDIR)/profile.d/cloudstack-agent-profile.sh install -D agent/target/transformed/cloudstack-agent-upgrade $(DESTDIR)/usr/bin/cloudstack-agent-upgrade install -D agent/target/transformed/libvirtqemuhook $(DESTDIR)/usr/share/$(PACKAGE)-agent/lib/ install -D agent/target/transformed/* $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/agent diff --git a/packaging/centos63/cloud.spec b/packaging/centos63/cloud.spec index cfbe79dadc35..3efa54eff9fe 100644 --- a/packaging/centos63/cloud.spec +++ b/packaging/centos63/cloud.spec @@ -238,6 +238,7 @@ mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/mnt mkdir -p ${RPM_BUILD_ROOT}%{_localstatedir}/%{name}/management mkdir -p ${RPM_BUILD_ROOT}%{_initrddir} mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/sysconfig +mkdir -p ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d # Common mkdir -p ${RPM_BUILD_ROOT}%{_datadir}/%{name}-common/scripts @@ -345,6 +346,7 @@ install -D agent/target/transformed/cloud-setup-agent ${RPM_BUILD_ROOT}%{_bindir install -D agent/target/transformed/cloudstack-agent-upgrade ${RPM_BUILD_ROOT}%{_bindir}/%{name}-agent-upgrade install -D agent/target/transformed/libvirtqemuhook ${RPM_BUILD_ROOT}%{_datadir}/%{name}-agent/lib/libvirtqemuhook install -D agent/target/transformed/cloud-ssh ${RPM_BUILD_ROOT}%{_bindir}/%{name}-ssh +install -D agent/target/transformed/cloudstack-agent-profile.sh ${RPM_BUILD_ROOT}%{_sysconfdir}/profile.d/%{name}-agent-profile.sh install -D plugins/hypervisors/kvm/target/cloud-plugin-hypervisor-kvm-%{_maventag}.jar ${RPM_BUILD_ROOT}%{_datadir}/%name-agent/lib/cloud-plugin-hypervisor-kvm-%{_maventag}.jar cp plugins/hypervisors/kvm/target/dependencies/* ${RPM_BUILD_ROOT}%{_datadir}/%{name}-agent/lib @@ -648,6 +650,7 @@ fi %attr(0755,root,root) %{_bindir}/%{name}-agent-upgrade %attr(0755,root,root) %{_bindir}/%{name}-ssh %attr(0755,root,root) %{_sysconfdir}/init.d/%{name}-agent +%attr(0644,root,root) %{_sysconfdir}/profile.d/%{name}-agent-profile.sh %attr(0755,root,root) %{_datadir}/%{name}-common/scripts/network/cisco %config(noreplace) %{_sysconfdir}/%{name}/agent %dir %{_localstatedir}/log/%{name}/agent diff --git a/server/src/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java b/server/src/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java index 350b9a72ca1d..d266938af5a7 100644 --- a/server/src/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java +++ b/server/src/com/cloud/hypervisor/kvm/discoverer/LibvirtServerDiscoverer.java @@ -205,10 +205,14 @@ public boolean processTimeout(long agentId, long seq) { parameters += " --guestNic=" + kvmGuestNic; parameters += " --hypervisor=" + cluster.getHypervisorType().toString().toLowerCase(); + String setupAgentCommand = "cloudstack-setup-agent "; + if (!username.equals("root")) { + setupAgentCommand = "sudo cloudstack-setup-agent "; + } if (!SSHCmdHelper.sshExecuteCmd(sshConnection, - "cloudstack-setup-agent " + parameters, 3)) { + setupAgentCommand + parameters, 3)) { s_logger.info("cloudstack agent setup command failed: " - + "cloudstack-setup-agent " + parameters); + + setupAgentCommand + parameters); return null; }