cloudstack-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From t..@apache.org
Subject [8/50] [abbrv] git commit: refs/heads/marvin-refactor - debian: Package ulimits and sudo rules
Date Mon, 18 Mar 2013 12:27:11 GMT
debian: Package ulimits and sudo rules

The old packages used to write this data to the configuration
in a postinst file.

That was horrible to track since system administrators had no
idea what was going on.


Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/41e3db39
Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/41e3db39
Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/41e3db39

Branch: refs/heads/marvin-refactor
Commit: 41e3db39c3bc15ecd15ea0cce35376f048b51abe
Parents: a6ea691
Author: Wido den Hollander <wido@widodh.nl>
Authored: Thu Mar 14 11:04:29 2013 +0100
Committer: Wido den Hollander <wido@widodh.nl>
Committed: Thu Mar 14 15:55:32 2013 +0100

----------------------------------------------------------------------
 debian/cloudstack-management.install  |    6 ++++--
 debian/rules                          |   12 ++++++++++--
 server/conf/cloudstack-limits.conf.in |   21 +++++++++++++++++++++
 server/conf/cloudstack-sudoers.in     |   22 ++++++++++++++++++++++
 4 files changed, 57 insertions(+), 4 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/41e3db39/debian/cloudstack-management.install
----------------------------------------------------------------------
diff --git a/debian/cloudstack-management.install b/debian/cloudstack-management.install
index 12478e1..cecc311 100644
--- a/debian/cloudstack-management.install
+++ b/debian/cloudstack-management.install
@@ -5,9 +5,9 @@
 # to you under the Apache License, Version 2.0 (the
 # "License"); you may not use this file except in compliance
 # with the License.  You may obtain a copy of the License at
-# 
+#
 #   http://www.apache.org/licenses/LICENSE-2.0
-# 
+#
 # Unless required by applicable law or agreed to in writing,
 # software distributed under the License is distributed on an
 # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
@@ -18,6 +18,8 @@
 /etc/cloudstack/server/*
 /etc/cloudstack/management/*
 /etc/init.d/cloudstack-management
+/etc/security/limits.d/cloudstack-limits.conf
+/etc/sudoers.d/cloudstack
 /var/cache/cloudstack/management
 /var/cache/cloudstack/management/work
 /var/cache/cloudstack/management/temp

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/41e3db39/debian/rules
----------------------------------------------------------------------
diff --git a/debian/rules b/debian/rules
index a135601..613d76a 100755
--- a/debian/rules
+++ b/debian/rules
@@ -38,12 +38,12 @@ build-indep-stamp: configure
         -Dcs.replace.properties=replace.properties.tmp
 	touch $@
 
-clean: 
+clean:
 	dh_testdir
 	dh_testroot
 	rm -f build-arch-stamp build-indep-stamp configure-stamp
 	rm -f replace.properties.tmp
-	dh_clean 
+	dh_clean
 
 install:
 	dh_testdir
@@ -75,6 +75,8 @@ install:
 	# cloudstack-management
 	mkdir $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server
 	mkdir $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management
+	mkdir -p $(DESTDIR)/$(SYSCONFDIR)/security/limits.d/
+	mkdir -p $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/
 	mkdir -p $(DESTDIR)/usr/share/$(PACKAGE)-management
 	mkdir -p $(DESTDIR)/usr/share/$(PACKAGE)-management/webapps/client
 	mkdir $(DESTDIR)/usr/share/$(PACKAGE)-management/setup
@@ -89,6 +91,12 @@ install:
 	cp -r client/target/cloud-client-ui-$(VERSION)-SNAPSHOT/* $(DESTDIR)/usr/share/$(PACKAGE)-management/webapps/client/
 	cp server/target/conf/* $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/
 	cp client/target/conf/* $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/
+
+	# nast hack for a couple of configuration files
+	mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-limits.conf $(DESTDIR)/$(SYSCONFDIR)/security/limits.d/
+	mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-sudoers $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack
+	chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack
+
 	ln -s tomcat6-nonssl.conf $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/tomcat6.conf
 	mkdir -p $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/Catalina/localhost/client
 	install -D packaging/debian/init/cloud-management $(DESTDIR)/$(SYSCONFDIR)/init.d/$(PACKAGE)-management

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/41e3db39/server/conf/cloudstack-limits.conf.in
----------------------------------------------------------------------
diff --git a/server/conf/cloudstack-limits.conf.in b/server/conf/cloudstack-limits.conf.in
new file mode 100644
index 0000000..c28ad8c
--- /dev/null
+++ b/server/conf/cloudstack-limits.conf.in
@@ -0,0 +1,21 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# Specific limits for the CloudStack management server which
+# runs under the user 'cloud' by default
+@MSUSER hard nofile 4096
+@MSUSER soft nofile 4096

http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/41e3db39/server/conf/cloudstack-sudoers.in
----------------------------------------------------------------------
diff --git a/server/conf/cloudstack-sudoers.in b/server/conf/cloudstack-sudoers.in
new file mode 100644
index 0000000..c525d3c
--- /dev/null
+++ b/server/conf/cloudstack-sudoers.in
@@ -0,0 +1,22 @@
+# Licensed to the Apache Software Foundation (ASF) under one
+# or more contributor license agreements.  See the NOTICE file
+# distributed with this work for additional information
+# regarding copyright ownership.  The ASF licenses this file
+# to you under the Apache License, Version 2.0 (the
+# "License"); you may not use this file except in compliance
+# with the License.  You may obtain a copy of the License at
+#
+#   http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing,
+# software distributed under the License is distributed on an
+# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+# KIND, either express or implied.  See the License for the
+# specific language governing permissions and limitations
+# under the License.
+
+# The CloudStack management server needs sudo permissions
+# without a password.
+
+@MSUSER ALL =NOPASSWD : ALL
+


Mime
View raw message