proxmox-mirrors/pve-manager
1
0
Fork 0
mirror of https://git.proxmox.com/git/pve-manager synced 2025-06-14 16:40:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
bfb51ac5d0
pve-manager/www/manager/node/Config.js
Thomas Lamprecht 90c75580b6 add permissions to allow non root ceph configuration 
Do not only allow root@pam to admin ceph server as some user do not
want to allow root logins and users with the Sys.Modify permission
should be able to modify ceph related stuff.

We use basically the following permissions:
 Sys.Modify:
    for any delete, add, modify action (POST, PUT, DELETE)
 Sys.Audit and Datastore.Audit:
    for any status/information view action (GET)
 Sys.Log:
    for viewing the Ceph log (was already implemented)

We have two exceptions creating and destroying osds. Those may only
be done by 'root@pam' for security reasons.

Also show users with any of those capabilities the ceph tab in the
web GUI.

Addresses bug#818
2016-02-12 08:22:16 +01:00

244 lines
5.6 KiB
JavaScript
Raw Blame History

Ext.define('PVE.node.Config', {
extend: 'PVE.panel.Config',
alias: 'widget.PVE.node.Config',
initComponent: function() {
var me = this;
var nodename = me.pveSelNode.data.node;
if (!nodename) {
throw "no node name specified";
}
var caps = Ext.state.Manager.get('GuiCap');
me.statusStore = Ext.create('PVE.data.ObjectStore', {
url: "/api2/json/nodes/" + nodename + "/status",
interval: 1000
});
var node_command = function(cmd) {
PVE.Utils.API2Request({
params: { command: cmd },
url: '/nodes/' + nodename + '/status',
method: 'POST',
waitMsgTarget: me,
failure: function(response, opts) {
Ext.Msg.alert(gettext('Error'), response.htmlStatus);
}
});
};
var actionBtn = Ext.create('Ext.Button', {
text: gettext('More'),
disabled: !caps.nodes['Sys.PowerMgmt'],
menu: new Ext.menu.Menu({
items: [
{
text: gettext('Start all VMs and Containers'),
icon: '/pve2/images/start.png',
handler: function() {
var msg = Ext.String.format(gettext("Do you really want to start all VMs and Containers on node {0}?"), nodename);
Ext.Msg.confirm(gettext('Confirm'), msg, function(btn) {
if (btn !== 'yes') {
return;
}
PVE.Utils.API2Request({
params: { force: 1 },
url: '/nodes/' + nodename + '/startall',
method: 'POST',
waitMsgTarget: me,
failure: function(response, opts) {
Ext.Msg.alert('Error', response.htmlStatus);
}
});
});
}
},
{
text: gettext('Stop all VMs and Containers'),
icon: '/pve2/images/gtk-stop.png',
handler: function() {
var msg = Ext.String.format(gettext("Do you really want to stop all VMs and Containers on node {0}?"), nodename);
Ext.Msg.confirm(gettext('Confirm'), msg, function(btn) {
if (btn !== 'yes') {
return;
}
PVE.Utils.API2Request({
url: '/nodes/' + nodename + '/stopall',
method: 'POST',
waitMsgTarget: me,
failure: function(response, opts) {
Ext.Msg.alert('Error', response.htmlStatus);
}
});
});
}
},
{
text: gettext('Migrate all VMs and Containers'),
icon: '/pve2/images/forward.png',
handler: function() {
var win = Ext.create('PVE.window.MigrateAll', {
nodename: nodename,
});
win.show();
}
}
]
})
});
var restartBtn = Ext.create('PVE.button.Button', {
text: gettext('Restart'),
disabled: !caps.nodes['Sys.PowerMgmt'],
confirmMsg: Ext.String.format(gettext("Do you really want to restart node {0}?"), nodename),
handler: function() {
node_command('reboot');
}
});
var shutdownBtn = Ext.create('PVE.button.Button', {
text: gettext('Shutdown'),
disabled: !caps.nodes['Sys.PowerMgmt'],
confirmMsg: Ext.String.format(gettext("Do you really want to shutdown node {0}?"), nodename),
handler: function() {
node_command('shutdown');
}
});
var shellBtn = Ext.create('PVE.button.ConsoleButton', {
disabled: !caps.nodes['Sys.Console'],
text: gettext('Shell'),
consoleType: 'shell',
nodename: nodename
});
me.items = [];
Ext.apply(me, {
title: gettext('Node') + " '" + nodename + "'",
hstateid: 'nodetab',
defaults: { statusStore: me.statusStore },
tbar: [ restartBtn, shutdownBtn, shellBtn, actionBtn]
});
if (caps.nodes['Sys.Audit']) {
me.items.push([
{
title: gettext('Summary'),
itemId: 'summary',
xtype: 'pveNodeSummary'
},
{
title: gettext('Services'),
itemId: 'services',
xtype: 'pveNodeServiceView'
},
{
title: gettext('Network'),
itemId: 'network',
xtype: 'pveNodeNetworkView'
},
{
title: gettext('DNS'),
itemId: 'dns',
xtype: 'pveNodeDNSView'
},
{
title: gettext('Time'),
itemId: 'time',
xtype: 'pveNodeTimeView'
}
]);
}
if (caps.nodes['Sys.Syslog']) {
me.items.push([
{
title: 'Syslog',
itemId: 'syslog',
xtype: 'pveLogView',
url: "/api2/extjs/nodes/" + nodename + "/syslog"
}
]);
}
me.items.push([
{
title: gettext('Task History'),
itemId: 'tasks',
xtype: 'pveNodeTasks'
}
]);
if (caps.nodes['Sys.Console']) {
me.items.push([
{
xtype: 'pveFirewallPanel',
title: gettext('Firewall'),
base_url: '/nodes/' + nodename + '/firewall',
fwtype: 'node',
phstateid: me.hstateid,
itemId: 'firewall'
},
{
title: gettext('Updates'),
itemId: 'apt',
xtype: 'pveNodeAPT',
nodename: nodename
},
{
title: gettext('Console'),
itemId: 'console',
xtype: 'pveNoVncConsole',
consoleType: 'shell',
nodename: nodename
}
]);
}
if (caps.nodes['Sys.Modify'] || caps.nodes['Sys.Audit'] ||
caps.nodes['Sys.Log']) {
me.items.push([{
title: 'Ceph',
itemId: 'ceph',
xtype: 'pveNodeCeph',
phstateid: me.hstateid,
nodename: nodename
}]);
}
me.items.push([
{
title: gettext('Subscription'),
itemId: 'support',
xtype: 'pveNodeSubscription',
nodename: nodename
}
]);
me.callParent();
me.statusStore.on('load', function(s, records, success) {
var uptimerec = s.data.get('uptime');
var powermgmt = uptimerec ? uptimerec.data.value : false;
if (!caps.nodes['Sys.PowerMgmt']) {
powermgmt = false;
}
restartBtn.setDisabled(!powermgmt);
shutdownBtn.setDisabled(!powermgmt);
shellBtn.setDisabled(!powermgmt);
});
me.on('afterrender', function() {
me.statusStore.startUpdate();
});
me.on('destroy', function() {
me.statusStore.stopUpdate();
});
}
});
Reference in New Issue View Git Blame Copy Permalink