MAAS

Merge lp:~andreserl/maas/packaging_enable_authbind into lp:~maas-maintainers/maas/packaging

  1. packaging_enable_authbind
  2. Merge into packaging
Proposed by Andres Rodriguez
Status: Merged
Approved by: Andres Rodriguez
Approved revision: 217
Merged at revision: 214
Proposed branch: lp:~andreserl/maas/packaging_enable_authbind
Merge into: lp:~maas-maintainers/maas/packaging
Diff against target: 90 lines (+27/-2)
5 files modified
debian/changelog (+5/-1)
debian/control (+1/-0)
debian/maas-cluster-controller.maas-cluster-celery.upstart (+1/-1)
debian/maas-cluster-controller.postinst (+15/-0)
debian/maas-cluster-controller.postrm (+5/-0)
To merge this branch: bzr merge lp:~andreserl/maas/packaging_enable_authbind
Reviewer Review Type Date Requested Status
Diogo Matsubara (community) Approve
Review via email: mp+197937@code.launchpad.net

Commit message

* Make use of authbind to allow maas-cluster-celery bind port as non-root.
  - debian/control: Depends on authbind for maas-cluster-controller.
  - debian/maas-cluster-controller.{postinst,postrm}: Handle creation
    and removal of required authbind file.

To post a comment you must log in.
lp:~andreserl/maas/packaging_enable_authbind updated
215. By Andres Rodriguez

Update branch rev

216. By Andres Rodriguez

Update ubuntu rev

217. By Andres Rodriguez

* Make use of authbind to allow maas-cluster-celery bind port as non-root.
  - debian/control: Depends on authbind for maas-cluster-controller.
  - debian/maas-cluster-controller.{postinst,postrm}: Handle creation
    and removal of required authbind file.

Revision history for this message
Diogo Matsubara (matsubara) wrote :

I tested this change in the QA lab and it fixes the provisioningserver.tasks.periodic_probe_dhcp celery task failure <http://pastebin.ubuntu.com/6525577/>

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2013-11-13 14:57:27 +0000
3+++ debian/changelog 2013-12-05 19:05:25 +0000
4@@ -1,4 +1,4 @@
5-maas (1.4+bzr1701+dfsg-0ubuntu2) UNRELEASED; urgency=low
6+maas (1.4+bzr1761+dfsg-0ubuntu1) UNRELEASED; urgency=low
7
8 * UNRELEASED
9
10@@ -8,6 +8,10 @@
11 [ Andres Rodriguez ]
12 * debian/maas-region-controller.postinst: Allo default-maas-url debconf
13 option to be preseeded.
14+ * Make use of authbind to allow maas-cluster-celery bind port as non-root.
15+ - debian/control: Depends on authbind for maas-cluster-controller.
16+ - debian/maas-cluster-controller.{postinst,postrm}: Handle creation
17+ and removal of required authbind file.
18
19 -- Andres Rodriguez <andreserl@ubuntu.com> Thu, 10 Oct 2013 17:07:51 -0400
20
21
22=== modified file 'debian/control'
23--- debian/control 2013-10-07 19:58:03 +0000
24+++ debian/control 2013-12-05 19:05:25 +0000
25@@ -166,6 +166,7 @@
26 Package: maas-cluster-controller
27 Architecture: all
28 Depends: apache2,
29+ authbind,
30 bind9utils,
31 distro-info,
32 freeipmi-tools,
33
34=== modified file 'debian/maas-cluster-controller.maas-cluster-celery.upstart'
35--- debian/maas-cluster-controller.maas-cluster-celery.upstart 2012-12-13 09:52:54 +0000
36+++ debian/maas-cluster-controller.maas-cluster-celery.upstart 2013-12-05 19:05:25 +0000
37@@ -26,5 +26,5 @@
38 # Allow the cluster-controller process to read CLUSTER_UUID as set
39 # in that config file.
40 export CLUSTER_UUID
41- exec /usr/sbin/maas-provision start-cluster-controller $MAAS_URL -u maas -g maas
42+ exec /usr/bin/authbind --deep /usr/sbin/maas-provision start-cluster-controller $MAAS_URL -u maas -g maas
43 end script
44
45=== modified file 'debian/maas-cluster-controller.postinst'
46--- debian/maas-cluster-controller.postinst 2013-10-08 13:50:53 +0000
47+++ debian/maas-cluster-controller.postinst 2013-12-05 19:05:25 +0000
48@@ -94,6 +94,20 @@
49 esac
50 }
51
52+configure_cluster_authbind() {
53+ MAAS_UID="`id -u maas`"
54+ if [ ! -f "/etc/authbind/byuid/$MAAS_UID" ]; then
55+ if [ ! -d "/etc/authbind/byuid" ]; then
56+ mkdir -p /etc/authbind/byuid
57+ chmod 755 /etc/authbind
58+ chmod 755 /etc/authbind/byuid
59+ fi
60+ echo '0.0.0.0/0:68,68' >/etc/authbind/byuid/$MAAS_UID
61+ chown maas:maas /etc/authbind/byuid/$MAAS_UID
62+ chmod 700 /etc/authbind/byuid/$MAAS_UID
63+ fi
64+}
65+
66 restart_apache2(){
67 if [ -x /usr/sbin/invoke-rc.d ]; then
68 invoke-rc.d apache2 restart || true
69@@ -139,6 +153,7 @@
70 /etc/maas/maas_cluster.conf
71
72 configure_cluster_uuid
73+ configure_cluster_authbind
74 enable_apache_version_mod
75 configure_cluster_http
76 restart_apache2
77
78=== modified file 'debian/maas-cluster-controller.postrm'
79--- debian/maas-cluster-controller.postrm 2013-07-29 19:50:11 +0000
80+++ debian/maas-cluster-controller.postrm 2013-12-05 19:05:25 +0000
81@@ -35,4 +35,9 @@
82 rm -rf /etc/tgt/conf.d/maas.conf
83 fi
84
85+ # Remove authbind
86+ MAAS_UID="`id -u maas`"
87+ if [ -f "/etc/authbind/byuid/$MAAS_UID" ]; then
88+ rm -rf /etc/authbind/byuid/$MAAS_UID
89+ fi
90 esac

Subscribers

People subscribed via source and target branches

to all changes: