MAAS

Merge lp:~blake-rouse/maas/fix-lease-notifier-packaging into lp:~maas-maintainers/maas/packaging

  1. fix-lease-notifier-packaging
  2. Merge into packaging
Proposed by Blake Rouse
Status: Merged
Approved by: Blake Rouse
Approved revision: no longer in the source branch.
Merged at revision: 461
Proposed branch: lp:~blake-rouse/maas/fix-lease-notifier-packaging
Merge into: lp:~maas-maintainers/maas/packaging
Diff against target: 99 lines (+22/-16)
5 files modified
debian/extras/99-maas-sudoers (+0/-1)
debian/extras/maas-rack (+21/-7)
debian/maas-dhcp.apparmor (+1/-0)
debian/maas-dhcp.maas-dhcpd.service (+0/-4)
debian/maas-dhcp.maas-dhcpd6.service (+0/-4)
To merge this branch: bzr merge lp:~blake-rouse/maas/fix-lease-notifier-packaging
Reviewer Review Type Date Requested Status
Mike Pontillo (community) Approve
Review via email: mp+289413@code.launchpad.net

Commit message

Add to apparmor profile to allow dhcpd to call maas-rackd. Fix maas-rack command to allow dhcpd user to call dhcp-notify only. Remove KillSignal from maas-dhcpd and maas-dhcpd6 as the fixed isc-dhcp-server no longer requires that kill signal to stop.

To post a comment you must log in.
Revision history for this message
Mike Pontillo (mpontillo) wrote :

Looks good.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/extras/99-maas-sudoers'
2--- debian/extras/99-maas-sudoers 2016-03-09 19:35:04 +0000
3+++ debian/extras/99-maas-sudoers 2016-03-17 19:07:30 +0000
4@@ -9,7 +9,6 @@
5 maas ALL= NOPASSWD: /bin/systemctl status tgt
6 maas ALL= NOPASSWD: /bin/systemctl start tgt
7 maas ALL= NOPASSWD: /usr/sbin/maas-rack
8-dhcpd ALL= NOPASSWD: /usr/sbin/maas-rack
9 maas ALL= NOPASSWD: SETENV: /usr/sbin/tgt-admin, /usr/bin/uec2roottar
10 maas ALL= NOPASSWD: /usr/bin/lshw
11 maas ALL= NOPASSWD: /sbin/blockdev
12
13=== modified file 'debian/extras/maas-rack'
14--- debian/extras/maas-rack 2016-03-07 22:01:56 +0000
15+++ debian/extras/maas-rack 2016-03-17 19:07:30 +0000
16@@ -15,13 +15,18 @@
17
18 import grp
19 import os
20+import pwd
21 import sys
22
23
24-def check_user():
25- # At present, only root should execute this.
26- if os.getuid() != 0:
27- raise SystemExit("This utility may only be run as root.")
28+def check_users(users):
29+ """Check that the runnig user is in users."""
30+ uid = os.getuid()
31+ for user in users:
32+ user_uid = pwd.getpwnam(user)[2]
33+ if uid == user_uid:
34+ return user
35+ raise SystemExit("This utility may only be run as %s." % ", ".join(users))
36
37
38 def set_group():
39@@ -52,9 +57,18 @@
40 "removed in a future version. From now on please use 'maas-rack' "
41 "instead.\n")
42
43- check_user()
44- set_group()
45- set_umask()
46+ # Allow dhcpd user to call dhcp-notify.
47+ users = ["root"]
48+ if len(sys.argv) > 1:
49+ if sys.argv[1] == "dhcp-notify":
50+ users.append("dhcpd")
51+
52+ # Only set the group and umask when running as root.
53+ if check_users(users) == "root":
54+ set_group()
55+ set_umask()
56+
57+ # Run the script.
58 run()
59
60
61
62=== modified file 'debian/maas-dhcp.apparmor'
63--- debian/maas-dhcp.apparmor 2016-03-16 13:20:16 +0000
64+++ debian/maas-dhcp.apparmor 2016-03-17 19:07:30 +0000
65@@ -6,3 +6,4 @@
66 /var/lib/maas/dhcp/dhcpd*.leases* lrw,
67 /var/lib/maas/dhcpd.conf r,
68 /var/lib/maas/dhcpd6.conf r,
69+/usr/sbin/maas-rack Ux,
70
71=== modified file 'debian/maas-dhcp.maas-dhcpd.service'
72--- debian/maas-dhcp.maas-dhcpd.service 2016-03-16 14:20:34 +0000
73+++ debian/maas-dhcp.maas-dhcpd.service 2016-03-17 19:07:30 +0000
74@@ -9,10 +9,6 @@
75 ConditionPathExists=/var/lib/maas/dhcpd-interfaces
76
77 [Service]
78-# Kill the DHCP server with SIGKILL. Without this dhcpd can take a very long
79-# time to stop, which prevents the quick reload of the dhcpd.conf that MAAS
80-# requires.
81-KillSignal=SIGKILL
82 # Allow dhcp server to write lease and pid file as 'dhcpd' user
83 ExecStartPre=/bin/mkdir -p /run/maas/dhcp
84 # The leases files need to be root:dhcpd even when dropping privileges
85
86=== modified file 'debian/maas-dhcp.maas-dhcpd6.service'
87--- debian/maas-dhcp.maas-dhcpd6.service 2016-03-16 14:19:23 +0000
88+++ debian/maas-dhcp.maas-dhcpd6.service 2016-03-17 19:07:30 +0000
89@@ -9,10 +9,6 @@
90 ConditionPathExists=/var/lib/maas/dhcpd-interfaces
91
92 [Service]
93-# Kill the DHCP server with SIGKILL. Without this dhcpd can take a very long
94-# time to stop, which prevents the quick reload of the dhcpd6.conf that MAAS
95-# requires.
96-KillSignal=SIGKILL
97 # Allow dhcp server to write lease and pid file as 'dhcpd' user
98 ExecStartPre=/bin/mkdir -p /run/maas/dhcp
99 # The leases files need to be root:dhcpd even when dropping privileges

Subscribers

People subscribed via source and target branches