Revision 59bce694
Added by Alexis Mousset over 7 years ago
rudder-server-relay/SOURCES/relay-api/relay_api/remote_run.py | ||
---|---|---|
from pprint import pprint
|
||
|
||
NEXTHOP = None
|
||
RUDDER_COMMAND = "/opt/rudder/bin/rudder"
|
||
REMOTE_RUN_COMMAND = "sudo /opt/rudder/bin/rudder remote run"
|
||
|
||
def get_next_hop(nodes, my_uuid):
|
||
""" Build a dict of node_id => nexthop_id """
|
||
... | ... | |
def call_remote_run(host, uuid, classes, keep_output, asynchronous):
|
||
""" Call the remote run command locally """
|
||
if classes:
|
||
classes_parameter = "-D " + classes
|
||
classes_parameter = " -D " + classes
|
||
else:
|
||
classes_parameter = ""
|
||
|
||
return run_command(RUDDER_COMMAND + " remote run " + classes_parameter + " " + host, uuid, keep_output, asynchronous)
|
||
return run_command(REMOTE_RUN_COMMAND + classes_parameter + " " + host, uuid, keep_output, asynchronous)
|
||
|
||
def run_command(command, prefix, keep_output, asynchronous):
|
||
""" Run the given command, prefixing all output lines with prefix """
|
rudder-server-relay/SOURCES/rudder-relay.sudo | ||
---|---|---|
# Allow the relay API to trigger remote runs
|
||
rudder ALL = NOPASSWD: /opt/rudder/bin/rudder remote run *
|
rudder-server-relay/SPECS/rudder-server-relay.spec | ||
---|---|---|
Source7: rudder-networks-policy-server.conf
|
||
Source8: rudder-networks-policy-server-24.conf
|
||
Source9: rudder-relay.cron
|
||
Source10: rudder-relay.sudo
|
||
|
||
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
|
||
|
||
... | ... | |
mkdir -p %{buildroot}%{rudderlogdir}/apache2/
|
||
mkdir -p %{buildroot}/etc/sysconfig/
|
||
mkdir -p %{buildroot}/etc/cron.d/
|
||
mkdir -p %{buildroot}/etc/sudoers.d/
|
||
mkdir -p %{buildroot}%{rudderdir}/share/relay-api/
|
||
|
||
# relay api
|
||
... | ... | |
install -m 644 %{SOURCE5} %{buildroot}%{rudderdir}/etc/rudder-apache-relay-common.conf
|
||
install -m 644 %{SOURCE6} %{buildroot}/etc/sysconfig/rudder-relay-apache
|
||
install -m 644 %{SOURCE9} %{buildroot}/etc/cron.d/rudder-relay
|
||
install -m 644 %{SOURCE10} %{buildroot}/etc/sudoers.d/rudder-relay
|
||
|
||
# Copy stub rudder-networks*.conf
|
||
cp %{SOURCE2} %{buildroot}%{rudderdir}/etc/
|
||
... | ... | |
# Create the rudder user
|
||
if ! getent passwd %{rudder_user} >/dev/null; then
|
||
echo -n "INFO: Creating the %{rudder_user} user..."
|
||
useradd -r -m -g %{rudder_group} -d /var/rudder -c "Rudder,,," %{rudder_user} >/dev/null 2>&1
|
||
useradd -r -m -s /bin/false -g %{rudder_group} -d /var/rudder -c "Rudder,,," %{rudder_user} >/dev/null 2>&1
|
||
echo " Done"
|
||
fi
|
||
|
||
# Include files from /etc/sudoers.d (needed on SLES11)
|
||
if ! grep -qE "^#includedir /etc/sudoers.d$" /etc/sudoers; then
|
||
echo -e '#includedir /etc/sudoers.d' >> /etc/sudoers
|
||
fi
|
||
|
||
echo -n "INFO: Setting Apache HTTPd as a boot service..."
|
||
chkconfig --add %{apache} 2&> /dev/null
|
||
%if 0%{?rhel} && 0%{?rhel} >= 6
|
rudder-server-relay/debian/postinst | ||
---|---|---|
# Create the rudder user
|
||
if ! getent passwd rudder >/dev/null; then
|
||
echo -n "INFO: Creating the rudder user..."
|
||
useradd -r -m -g rudder -d /var/rudder -c "Rudder,,," rudder >/dev/null 2>&1
|
||
useradd -r -m -s /bin/false -g rudder -d /var/rudder -c "Rudder,,," rudder >/dev/null 2>&1
|
||
echo " Done"
|
||
fi
|
||
|
rudder-server-relay/debian/rules | ||
---|---|---|
dh_install --SOURCEDIR=$(CURDIR)/SOURCES/relay-api cleanup.sh /opt/rudder/share/relay-api/
|
||
cp $(CURDIR)/SOURCES/rudder-relay.cron $(CURDIR)/BUILD/rudder-relay
|
||
dh_install --SOURCEDIR=$(CURDIR)/BUILD/ rudder-relay /etc/cron.d/
|
||
cp $(CURDIR)/SOURCES/rudder-relay.sudo $(CURDIR)/BUILD/rudder-relay
|
||
dh_install --SOURCEDIR=$(CURDIR)/BUILD/ rudder-relay /etc/sudoers.d/
|
||
# dh_installmenu
|
||
# dh_installdebconf
|
||
# dh_installlogrotate
|
Also available in: Unified diff
Fixes #9992: Use sudo to execute rudder remote run in the API