Project

General

Profile

« Previous | Next » 

Revision 59bce694

Added by Alexis Mousset over 7 years ago

Fixes #9992: Use sudo to execute rudder remote run in the API

View differences:

rudder-server-relay/SOURCES/relay-api/relay_api/remote_run.py
from pprint import pprint
NEXTHOP = None
RUDDER_COMMAND = "/opt/rudder/bin/rudder"
REMOTE_RUN_COMMAND = "sudo /opt/rudder/bin/rudder remote run"
def get_next_hop(nodes, my_uuid):
""" Build a dict of node_id => nexthop_id """
......
def call_remote_run(host, uuid, classes, keep_output, asynchronous):
""" Call the remote run command locally """
if classes:
classes_parameter = "-D " + classes
classes_parameter = " -D " + classes
else:
classes_parameter = ""
return run_command(RUDDER_COMMAND + " remote run " + classes_parameter + " " + host, uuid, keep_output, asynchronous)
return run_command(REMOTE_RUN_COMMAND + classes_parameter + " " + host, uuid, keep_output, asynchronous)
def run_command(command, prefix, keep_output, asynchronous):
""" Run the given command, prefixing all output lines with prefix """
rudder-server-relay/SOURCES/rudder-relay.sudo
# Allow the relay API to trigger remote runs
rudder ALL = NOPASSWD: /opt/rudder/bin/rudder remote run *
rudder-server-relay/SPECS/rudder-server-relay.spec
Source7: rudder-networks-policy-server.conf
Source8: rudder-networks-policy-server-24.conf
Source9: rudder-relay.cron
Source10: rudder-relay.sudo
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
......
mkdir -p %{buildroot}%{rudderlogdir}/apache2/
mkdir -p %{buildroot}/etc/sysconfig/
mkdir -p %{buildroot}/etc/cron.d/
mkdir -p %{buildroot}/etc/sudoers.d/
mkdir -p %{buildroot}%{rudderdir}/share/relay-api/
# relay api
......
install -m 644 %{SOURCE5} %{buildroot}%{rudderdir}/etc/rudder-apache-relay-common.conf
install -m 644 %{SOURCE6} %{buildroot}/etc/sysconfig/rudder-relay-apache
install -m 644 %{SOURCE9} %{buildroot}/etc/cron.d/rudder-relay
install -m 644 %{SOURCE10} %{buildroot}/etc/sudoers.d/rudder-relay
# Copy stub rudder-networks*.conf
cp %{SOURCE2} %{buildroot}%{rudderdir}/etc/
......
# Create the rudder user
if ! getent passwd %{rudder_user} >/dev/null; then
echo -n "INFO: Creating the %{rudder_user} user..."
useradd -r -m -g %{rudder_group} -d /var/rudder -c "Rudder,,," %{rudder_user} >/dev/null 2>&1
useradd -r -m -s /bin/false -g %{rudder_group} -d /var/rudder -c "Rudder,,," %{rudder_user} >/dev/null 2>&1
echo " Done"
fi
# Include files from /etc/sudoers.d (needed on SLES11)
if ! grep -qE "^#includedir /etc/sudoers.d$" /etc/sudoers; then
echo -e '#includedir /etc/sudoers.d' >> /etc/sudoers
fi
echo -n "INFO: Setting Apache HTTPd as a boot service..."
chkconfig --add %{apache} 2&> /dev/null
%if 0%{?rhel} && 0%{?rhel} >= 6
rudder-server-relay/debian/postinst
# Create the rudder user
if ! getent passwd rudder >/dev/null; then
echo -n "INFO: Creating the rudder user..."
useradd -r -m -g rudder -d /var/rudder -c "Rudder,,," rudder >/dev/null 2>&1
useradd -r -m -s /bin/false -g rudder -d /var/rudder -c "Rudder,,," rudder >/dev/null 2>&1
echo " Done"
fi
rudder-server-relay/debian/rules
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api cleanup.sh /opt/rudder/share/relay-api/
cp $(CURDIR)/SOURCES/rudder-relay.cron $(CURDIR)/BUILD/rudder-relay
dh_install --SOURCEDIR=$(CURDIR)/BUILD/ rudder-relay /etc/cron.d/
cp $(CURDIR)/SOURCES/rudder-relay.sudo $(CURDIR)/BUILD/rudder-relay
dh_install --SOURCEDIR=$(CURDIR)/BUILD/ rudder-relay /etc/sudoers.d/
# dh_installmenu
# dh_installdebconf
# dh_installlogrotate

Also available in: Unified diff