calypso/PERMISSIONS-FIX-COMPLETE.md

Permissions Fix Complete

Tanggal: 2025-01-09
Status: ✅ FIXED

Problem

User calypso tidak memiliki permission untuk:

• Mengakses raw disk devices (/dev/sd*)
• Menjalankan ZFS commands (zpool, zfs)
• Membuat ZFS pools

Error yang muncul:

failed to create ZFS pool: cannot open '/dev/sdb': Permission denied
cannot create 'default': permission denied

Solution Implemented

1. Group Membership ✅

User calypso ditambahkan ke groups:

• disk - Access to disk devices (/dev/sd*)
• tape - Access to tape devices

sudo usermod -aG disk,tape calypso

2. Sudoers Configuration ✅

File /etc/sudoers.d/calypso dibuat dengan permissions:

# ZFS Commands
calypso ALL=(ALL) NOPASSWD: /usr/sbin/zpool, /usr/sbin/zfs, /usr/bin/zpool, /usr/bin/zfs

# SCST Commands  
calypso ALL=(ALL) NOPASSWD: /usr/sbin/scstadmin, /usr/bin/scstadmin

# Tape Utilities
calypso ALL=(ALL) NOPASSWD: /usr/bin/mtx, /usr/bin/mt, /usr/bin/sg_*, /usr/bin/sg3_utils/*

# System Monitoring
calypso ALL=(ALL) NOPASSWD: /usr/bin/systemctl status *, /usr/bin/systemctl is-active *, /usr/bin/journalctl -u *

3. Backend Code Updates ✅

Helper Functions Added:

// zfsCommand executes a ZFS command with sudo
func zfsCommand(ctx context.Context, args ...string) *exec.Cmd {
	return exec.CommandContext(ctx, "sudo", append([]string{"zfs"}, args...)...)
}

// zpoolCommand executes a ZPOOL command with sudo
func zpoolCommand(ctx context.Context, args ...string) *exec.Cmd {
	return exec.CommandContext(ctx, "sudo", append([]string{"zpool"}, args...)...)
}

All ZFS/ZPOOL Commands Updated:

• ✅ zpool create → zpoolCommand(ctx, "create", ...)
• ✅ zpool destroy → zpoolCommand(ctx, "destroy", ...)
• ✅ zpool list → zpoolCommand(ctx, "list", ...)
• ✅ zpool status → zpoolCommand(ctx, "status", ...)
• ✅ zfs create → zfsCommand(ctx, "create", ...)
• ✅ zfs destroy → zfsCommand(ctx, "destroy", ...)
• ✅ zfs set → zfsCommand(ctx, "set", ...)
• ✅ zfs get → zfsCommand(ctx, "get", ...)
• ✅ zfs list → zfsCommand(ctx, "list", ...)

Files Updated:

• ✅ backend/internal/storage/zfs.go - All ZFS/ZPOOL commands
• ✅ backend/internal/storage/zfs_pool_monitor.go - Monitor commands
• ✅ backend/internal/storage/disk.go - Disk discovery commands
• ✅ backend/internal/scst/service.go - Already using sudo ✅

4. Service Restart ✅

Calypso API service telah di-restart dengan binary baru:

• ✅ Binary rebuilt dengan sudo support
• ✅ Service restarted
• ✅ Running successfully

Verification

Test ZFS Commands

# Test zpool list (should work)
sudo -u calypso sudo zpool list
# Output: no pools available (success - no error)

# Test zpool create/destroy (should work)
sudo -u calypso sudo zpool create -f test_pool /dev/sdb
sudo -u calypso sudo zpool destroy -f test_pool
# Should complete without permission errors

Test Device Access

# Test device access (should work with disk group)
sudo -u calypso ls -la /dev/sdb
# Should show device (not permission denied)

Current Status

✅ Groups: User calypso in disk and tape groups
✅ Sudoers: Configured and validated
✅ Backend Code: All ZFS commands use sudo
✅ SCST: Already using sudo (no changes needed)
✅ Service: Restarted with new binary
✅ Permissions: Fixed

Next Steps

1. ✅ Permissions configured
2. ✅ Code updated
3. ✅ Service restarted
4. ⏭️ Test ZFS pool creation via frontend

Testing

Sekarang user bisa test membuat ZFS pool via frontend:

1. Login ke portal: http://localhost/ atau http://10.10.14.18/
2. Navigate ke Storage → ZFS Pools
3. Create new pool dengan disks yang tersedia
4. Should work tanpa permission errors

---

Status: ✅ PERMISSIONS FIXED
Ready for: ZFS pool creation via frontend