debian: Package ulimits and sudo rules The old packages used to write this data to the configuration in a postinst file.
That was horrible to track since system administrators had no idea what was going on. Project: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/commit/41e3db39 Tree: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/tree/41e3db39 Diff: http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/diff/41e3db39 Branch: refs/heads/marvin-refactor Commit: 41e3db39c3bc15ecd15ea0cce35376f048b51abe Parents: a6ea691 Author: Wido den Hollander <w...@widodh.nl> Authored: Thu Mar 14 11:04:29 2013 +0100 Committer: Wido den Hollander <w...@widodh.nl> Committed: Thu Mar 14 15:55:32 2013 +0100 ---------------------------------------------------------------------- debian/cloudstack-management.install | 6 ++++-- debian/rules | 12 ++++++++++-- server/conf/cloudstack-limits.conf.in | 21 +++++++++++++++++++++ server/conf/cloudstack-sudoers.in | 22 ++++++++++++++++++++++ 4 files changed, 57 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/41e3db39/debian/cloudstack-management.install ---------------------------------------------------------------------- diff --git a/debian/cloudstack-management.install b/debian/cloudstack-management.install index 12478e1..cecc311 100644 --- a/debian/cloudstack-management.install +++ b/debian/cloudstack-management.install @@ -5,9 +5,9 @@ # to you under the Apache License, Version 2.0 (the # "License"); you may not use this file except in compliance # with the License. You may obtain a copy of the License at -# +# # http://www.apache.org/licenses/LICENSE-2.0 -# +# # Unless required by applicable law or agreed to in writing, # software distributed under the License is distributed on an # "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY @@ -18,6 +18,8 @@ /etc/cloudstack/server/* /etc/cloudstack/management/* /etc/init.d/cloudstack-management +/etc/security/limits.d/cloudstack-limits.conf +/etc/sudoers.d/cloudstack /var/cache/cloudstack/management /var/cache/cloudstack/management/work /var/cache/cloudstack/management/temp http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/41e3db39/debian/rules ---------------------------------------------------------------------- diff --git a/debian/rules b/debian/rules index a135601..613d76a 100755 --- a/debian/rules +++ b/debian/rules @@ -38,12 +38,12 @@ build-indep-stamp: configure -Dcs.replace.properties=replace.properties.tmp touch $@ -clean: +clean: dh_testdir dh_testroot rm -f build-arch-stamp build-indep-stamp configure-stamp rm -f replace.properties.tmp - dh_clean + dh_clean install: dh_testdir @@ -75,6 +75,8 @@ install: # cloudstack-management mkdir $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server mkdir $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management + mkdir -p $(DESTDIR)/$(SYSCONFDIR)/security/limits.d/ + mkdir -p $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/ mkdir -p $(DESTDIR)/usr/share/$(PACKAGE)-management mkdir -p $(DESTDIR)/usr/share/$(PACKAGE)-management/webapps/client mkdir $(DESTDIR)/usr/share/$(PACKAGE)-management/setup @@ -89,6 +91,12 @@ install: cp -r client/target/cloud-client-ui-$(VERSION)-SNAPSHOT/* $(DESTDIR)/usr/share/$(PACKAGE)-management/webapps/client/ cp server/target/conf/* $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/ cp client/target/conf/* $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/ + + # nast hack for a couple of configuration files + mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-limits.conf $(DESTDIR)/$(SYSCONFDIR)/security/limits.d/ + mv $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/server/cloudstack-sudoers $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack + chmod 0440 $(DESTDIR)/$(SYSCONFDIR)/sudoers.d/cloudstack + ln -s tomcat6-nonssl.conf $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/tomcat6.conf mkdir -p $(DESTDIR)/$(SYSCONFDIR)/$(PACKAGE)/management/Catalina/localhost/client install -D packaging/debian/init/cloud-management $(DESTDIR)/$(SYSCONFDIR)/init.d/$(PACKAGE)-management http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/41e3db39/server/conf/cloudstack-limits.conf.in ---------------------------------------------------------------------- diff --git a/server/conf/cloudstack-limits.conf.in b/server/conf/cloudstack-limits.conf.in new file mode 100644 index 0000000..c28ad8c --- /dev/null +++ b/server/conf/cloudstack-limits.conf.in @@ -0,0 +1,21 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# Specific limits for the CloudStack management server which +# runs under the user 'cloud' by default +@MSUSER hard nofile 4096 +@MSUSER soft nofile 4096 http://git-wip-us.apache.org/repos/asf/incubator-cloudstack/blob/41e3db39/server/conf/cloudstack-sudoers.in ---------------------------------------------------------------------- diff --git a/server/conf/cloudstack-sudoers.in b/server/conf/cloudstack-sudoers.in new file mode 100644 index 0000000..c525d3c --- /dev/null +++ b/server/conf/cloudstack-sudoers.in @@ -0,0 +1,22 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. + +# The CloudStack management server needs sudo permissions +# without a password. + +@MSUSER ALL =NOPASSWD : ALL +
