Add polkit permissions for monasca-agent user
On SLES12 monasca-agent user cannot execute libvirt plugin. The problems lies in lack of permissions over 'org.libvirt.unix.monitor' in polkit. Commits adds necessary file that enables, on behalf of user who runs monasca-agent, executing commands from libvirt plugin. Change-Id: I6ab8c28dd4c913f1d21931c064de0b50435593d4
This commit is contained in:
parent
aad8bb0532
commit
95eb284575
|
@ -27,7 +27,8 @@ Url: https://wiki.openstack.org/wiki/Monasca
|
||||||
Source0: https://pypi.io/packages/source/m/%{sname}/%{sname}-%{version}.tar.gz
|
Source0: https://pypi.io/packages/source/m/%{sname}/%{sname}-%{version}.tar.gz
|
||||||
Source1: %{name}-sudoers
|
Source1: %{name}-sudoers
|
||||||
Source2: %{name}.service
|
Source2: %{name}.service
|
||||||
Source3: openstack-monasca-agent.tmpfiles
|
Source3: %{name}.tmpfiles
|
||||||
|
Source4: %{name}.polkit
|
||||||
BuildRequires: openstack-macros
|
BuildRequires: openstack-macros
|
||||||
BuildRequires: {{ py2pkg('PyYAML') }}
|
BuildRequires: {{ py2pkg('PyYAML') }}
|
||||||
BuildRequires: {{ py2pkg('devel') }}
|
BuildRequires: {{ py2pkg('devel') }}
|
||||||
|
@ -132,7 +133,10 @@ ln -sr %{buildroot}%{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||||
%endif
|
%endif
|
||||||
|
|
||||||
# systemd tmpfile
|
# systemd tmpfile
|
||||||
install -D -m 644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/openstack-monasca-agent.conf
|
install -D -m 644 %{SOURCE3} %{buildroot}%{_tmpfilesdir}/openstack-monasca-agent.conf
|
||||||
|
|
||||||
|
# polkit permissions
|
||||||
|
install -D -m 644 %{SOURCE4} %{buildroot}%{_sysconfdir}/polkit-1/rules.d/49-monasca-agent.rules
|
||||||
|
|
||||||
%pre
|
%pre
|
||||||
# create user and groups
|
# create user and groups
|
||||||
|
@ -166,6 +170,9 @@ PYTHONPATH=. NOSE_EXCLUDE=test_override_values nosetests tests -v
|
||||||
%if 0%{?suse_version}
|
%if 0%{?suse_version}
|
||||||
%{_sbindir}/rc%{name}
|
%{_sbindir}/rc%{name}
|
||||||
%endif
|
%endif
|
||||||
|
%{_sysconfdir}/polkit-1/
|
||||||
|
%{_sysconfdir}/polkit-1/rules.d/
|
||||||
|
%{_sysconfdir}/polkit-1/rules.d/49-monasca-agent.rules
|
||||||
|
|
||||||
%files -n python-%{sname}
|
%files -n python-%{sname}
|
||||||
%doc README.md
|
%doc README.md
|
||||||
|
|
|
@ -0,0 +1,6 @@
|
||||||
|
/* This rule let's monasca-agent's libvirt check monitor libvirt */
|
||||||
|
polkit.addRule(function(action, subject) {
|
||||||
|
if ((action.id == "org.libvirt.unix.monitor") && (subject.user == "monasca-agent")) {
|
||||||
|
return polkit.Result.YES;
|
||||||
|
}
|
||||||
|
});
|
Loading…
Reference in New Issue