othman.suseno/calypso
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
alpha-v1.0.0
calypso/PERMISSIONS-FIX-COMPLETE.md
Othman H. Suseno 7b91e0fd24 fix storage
2026-01-09 16:54:39 +00:00

136 lines
3.8 KiB
Markdown
Raw Permalink Blame History

# Permissions Fix Complete
**Tanggal:** 2025-01-09
**Status:****FIXED**
## Problem
User `calypso` tidak memiliki permission untuk:
- Mengakses raw disk devices (`/dev/sd*`)
- Menjalankan ZFS commands (`zpool`, `zfs`)
- Membuat ZFS pools
Error yang muncul:
```
failed to create ZFS pool: cannot open '/dev/sdb': Permission denied
cannot create 'default': permission denied
```
## Solution Implemented
### 1. Group Membership ✅
User `calypso` ditambahkan ke groups:
- `disk` - Access to disk devices (`/dev/sd*`)
- `tape` - Access to tape devices
```bash
sudo usermod -aG disk,tape calypso
```
### 2. Sudoers Configuration ✅
File `/etc/sudoers.d/calypso` dibuat dengan permissions:
```sudoers
# ZFS Commands
calypso ALL=(ALL) NOPASSWD: /usr/sbin/zpool, /usr/sbin/zfs, /usr/bin/zpool, /usr/bin/zfs
# SCST Commands
calypso ALL=(ALL) NOPASSWD: /usr/sbin/scstadmin, /usr/bin/scstadmin
# Tape Utilities
calypso ALL=(ALL) NOPASSWD: /usr/bin/mtx, /usr/bin/mt, /usr/bin/sg_*, /usr/bin/sg3_utils/*
# System Monitoring
calypso ALL=(ALL) NOPASSWD: /usr/bin/systemctl status *, /usr/bin/systemctl is-active *, /usr/bin/journalctl -u *
```
### 3. Backend Code Updates ✅
**Helper Functions Added:**
```go
// zfsCommand executes a ZFS command with sudo
func zfsCommand(ctx context.Context, args ...string) *exec.Cmd {
return exec.CommandContext(ctx, "sudo", append([]string{"zfs"}, args...)...)
}
// zpoolCommand executes a ZPOOL command with sudo
func zpoolCommand(ctx context.Context, args ...string) *exec.Cmd {
return exec.CommandContext(ctx, "sudo", append([]string{"zpool"}, args...)...)
}
```
**All ZFS/ZPOOL Commands Updated:**
-`zpool create``zpoolCommand(ctx, "create", ...)`
-`zpool destroy``zpoolCommand(ctx, "destroy", ...)`
-`zpool list``zpoolCommand(ctx, "list", ...)`
-`zpool status``zpoolCommand(ctx, "status", ...)`
-`zfs create``zfsCommand(ctx, "create", ...)`
-`zfs destroy``zfsCommand(ctx, "destroy", ...)`
-`zfs set``zfsCommand(ctx, "set", ...)`
-`zfs get``zfsCommand(ctx, "get", ...)`
-`zfs list``zfsCommand(ctx, "list", ...)`
**Files Updated:**
-`backend/internal/storage/zfs.go` - All ZFS/ZPOOL commands
-`backend/internal/storage/zfs_pool_monitor.go` - Monitor commands
-`backend/internal/storage/disk.go` - Disk discovery commands
-`backend/internal/scst/service.go` - Already using sudo ✅
### 4. Service Restart ✅
Calypso API service telah di-restart dengan binary baru:
- ✅ Binary rebuilt dengan sudo support
- ✅ Service restarted
- ✅ Running successfully
## Verification
### Test ZFS Commands
```bash
# Test zpool list (should work)
sudo -u calypso sudo zpool list
# Output: no pools available (success - no error)
# Test zpool create/destroy (should work)
sudo -u calypso sudo zpool create -f test_pool /dev/sdb
sudo -u calypso sudo zpool destroy -f test_pool
# Should complete without permission errors
```
### Test Device Access
```bash
# Test device access (should work with disk group)
sudo -u calypso ls -la /dev/sdb
# Should show device (not permission denied)
```
## Current Status
**Groups:** User calypso in `disk` and `tape` groups
**Sudoers:** Configured and validated
**Backend Code:** All ZFS commands use sudo
**SCST:** Already using sudo (no changes needed)
**Service:** Restarted with new binary
**Permissions:** Fixed
## Next Steps
1. ✅ Permissions configured
2. ✅ Code updated
3. ✅ Service restarted
4. ⏭️ **Test ZFS pool creation via frontend**
## Testing
Sekarang user bisa test membuat ZFS pool via frontend:
1. Login ke portal: http://localhost/ atau http://10.10.14.18/
2. Navigate ke Storage → ZFS Pools
3. Create new pool dengan disks yang tersedia
4. Should work tanpa permission errors
---
**Status:****PERMISSIONS FIXED**
**Ready for:** ZFS pool creation via frontend
Reference in New Issue View Git Blame Copy Permalink