MAAS

Merge lp:~blake-rouse/maas/fix-lease-notifier-packaging into lp:~maas-maintainers/maas/packaging

  1. fix-lease-notifier-packaging
  2. Merge into packaging
Proposed by Blake Rouse
Status: Merged
Approved by: Blake Rouse
Approved revision: no longer in the source branch.
Merged at revision: 461
Proposed branch: lp:~blake-rouse/maas/fix-lease-notifier-packaging
Merge into: lp:~maas-maintainers/maas/packaging
Diff against target: 99 lines (+22/-16)
5 files modified
debian/extras/99-maas-sudoers (+0/-1)
debian/extras/maas-rack (+21/-7)
debian/maas-dhcp.apparmor (+1/-0)
debian/maas-dhcp.maas-dhcpd.service (+0/-4)
debian/maas-dhcp.maas-dhcpd6.service (+0/-4)
To merge this branch: bzr merge lp:~blake-rouse/maas/fix-lease-notifier-packaging
Reviewer Review Type Date Requested Status
Mike Pontillo (community) Approve
Review via email: mp+289413@code.launchpad.net

Commit message

Add to apparmor profile to allow dhcpd to call maas-rackd. Fix maas-rack command to allow dhcpd user to call dhcp-notify only. Remove KillSignal from maas-dhcpd and maas-dhcpd6 as the fixed isc-dhcp-server no longer requires that kill signal to stop.

To post a comment you must log in.
Revision history for this message
Mike Pontillo (mpontillo) wrote :

Looks good.

review: Approve

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'debian/extras/99-maas-sudoers'
--- debian/extras/99-maas-sudoers 2016-03-09 19:35:04 +0000
+++ debian/extras/99-maas-sudoers 2016-03-17 19:07:30 +0000
@@ -9,7 +9,6 @@
9maas ALL= NOPASSWD: /bin/systemctl status tgt9maas ALL= NOPASSWD: /bin/systemctl status tgt
10maas ALL= NOPASSWD: /bin/systemctl start tgt10maas ALL= NOPASSWD: /bin/systemctl start tgt
11maas ALL= NOPASSWD: /usr/sbin/maas-rack11maas ALL= NOPASSWD: /usr/sbin/maas-rack
12dhcpd ALL= NOPASSWD: /usr/sbin/maas-rack
13maas ALL= NOPASSWD: SETENV: /usr/sbin/tgt-admin, /usr/bin/uec2roottar12maas ALL= NOPASSWD: SETENV: /usr/sbin/tgt-admin, /usr/bin/uec2roottar
14maas ALL= NOPASSWD: /usr/bin/lshw13maas ALL= NOPASSWD: /usr/bin/lshw
15maas ALL= NOPASSWD: /sbin/blockdev14maas ALL= NOPASSWD: /sbin/blockdev
1615
=== modified file 'debian/extras/maas-rack'
--- debian/extras/maas-rack 2016-03-07 22:01:56 +0000
+++ debian/extras/maas-rack 2016-03-17 19:07:30 +0000
@@ -15,13 +15,18 @@
1515
16import grp16import grp
17import os17import os
18import pwd
18import sys19import sys
1920
2021
21def check_user():22def check_users(users):
22 # At present, only root should execute this.23 """Check that the runnig user is in users."""
23 if os.getuid() != 0:24 uid = os.getuid()
24 raise SystemExit("This utility may only be run as root.")25 for user in users:
26 user_uid = pwd.getpwnam(user)[2]
27 if uid == user_uid:
28 return user
29 raise SystemExit("This utility may only be run as %s." % ", ".join(users))
2530
2631
27def set_group():32def set_group():
@@ -52,9 +57,18 @@
52 "removed in a future version. From now on please use 'maas-rack' "57 "removed in a future version. From now on please use 'maas-rack' "
53 "instead.\n")58 "instead.\n")
5459
55 check_user()60 # Allow dhcpd user to call dhcp-notify.
56 set_group()61 users = ["root"]
57 set_umask()62 if len(sys.argv) > 1:
63 if sys.argv[1] == "dhcp-notify":
64 users.append("dhcpd")
65
66 # Only set the group and umask when running as root.
67 if check_users(users) == "root":
68 set_group()
69 set_umask()
70
71 # Run the script.
58 run()72 run()
5973
6074
6175
=== modified file 'debian/maas-dhcp.apparmor'
--- debian/maas-dhcp.apparmor 2016-03-16 13:20:16 +0000
+++ debian/maas-dhcp.apparmor 2016-03-17 19:07:30 +0000
@@ -6,3 +6,4 @@
6/var/lib/maas/dhcp/dhcpd*.leases* lrw,6/var/lib/maas/dhcp/dhcpd*.leases* lrw,
7/var/lib/maas/dhcpd.conf r,7/var/lib/maas/dhcpd.conf r,
8/var/lib/maas/dhcpd6.conf r,8/var/lib/maas/dhcpd6.conf r,
9/usr/sbin/maas-rack Ux,
910
=== modified file 'debian/maas-dhcp.maas-dhcpd.service'
--- debian/maas-dhcp.maas-dhcpd.service 2016-03-16 14:20:34 +0000
+++ debian/maas-dhcp.maas-dhcpd.service 2016-03-17 19:07:30 +0000
@@ -9,10 +9,6 @@
9ConditionPathExists=/var/lib/maas/dhcpd-interfaces9ConditionPathExists=/var/lib/maas/dhcpd-interfaces
1010
11[Service]11[Service]
12# Kill the DHCP server with SIGKILL. Without this dhcpd can take a very long
13# time to stop, which prevents the quick reload of the dhcpd.conf that MAAS
14# requires.
15KillSignal=SIGKILL
16# Allow dhcp server to write lease and pid file as 'dhcpd' user12# Allow dhcp server to write lease and pid file as 'dhcpd' user
17ExecStartPre=/bin/mkdir -p /run/maas/dhcp13ExecStartPre=/bin/mkdir -p /run/maas/dhcp
18# The leases files need to be root:dhcpd even when dropping privileges14# The leases files need to be root:dhcpd even when dropping privileges
1915
=== modified file 'debian/maas-dhcp.maas-dhcpd6.service'
--- debian/maas-dhcp.maas-dhcpd6.service 2016-03-16 14:19:23 +0000
+++ debian/maas-dhcp.maas-dhcpd6.service 2016-03-17 19:07:30 +0000
@@ -9,10 +9,6 @@
9ConditionPathExists=/var/lib/maas/dhcpd-interfaces9ConditionPathExists=/var/lib/maas/dhcpd-interfaces
1010
11[Service]11[Service]
12# Kill the DHCP server with SIGKILL. Without this dhcpd can take a very long
13# time to stop, which prevents the quick reload of the dhcpd6.conf that MAAS
14# requires.
15KillSignal=SIGKILL
16# Allow dhcp server to write lease and pid file as 'dhcpd' user12# Allow dhcp server to write lease and pid file as 'dhcpd' user
17ExecStartPre=/bin/mkdir -p /run/maas/dhcp13ExecStartPre=/bin/mkdir -p /run/maas/dhcp
18# The leases files need to be root:dhcpd even when dropping privileges14# The leases files need to be root:dhcpd even when dropping privileges

Subscribers

People subscribed via source and target branches