public/infmap
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add sudo support for container/VM hypervisor commands
All checks were successful
Build-Publish / build (linux/amd64) (push) Successful in 4s
Details
Build-Publish / build (linux/arm64) (push) Successful in 12s
Details
Build-Publish / create-manifest (push) Successful in 2s
Details
Build-Publish / publish-template (push) Successful in 8s
Details

Browse Source
This commit is contained in:
j
2026-03-08 13:51:55 +13:00
parent 6a9a3d5901
commit 58f542b96f
2 changed files with 44 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

29
app/gather_info.sh
View File

@@ -196,9 +196,18 @@ gather_container_stats() {
[ -n "$uptime_s" ] && echo "uptime_seconds=$uptime_s"
}
# Use sudo if available and needed (infmap user won't have direct access)
_sudo() {
if [ "$(id -u)" -eq 0 ]; then
"$@"
else
sudo -n "$@" 2>/dev/null
fi
}
# Proxmox LXC (pct)
if command -v pct &>/dev/null; then
pct list 2>/dev/null | tail -n +2 | while read -r vmid status _ name _; do
_sudo pct list 2>/dev/null | tail -n +2 | while read -r vmid status _ name _; do
[ -z "$vmid" ] && continue
echo "[container:pct-${vmid}]"
echo "type=lxc"
@@ -207,14 +216,14 @@ if command -v pct &>/dev/null; then
echo "name=${name:-$vmid}"
echo "status=$status"
if [ "$status" = "running" ]; then
gather_container_stats "pct exec $vmid --"
gather_container_stats "_sudo pct exec $vmid --"
fi
done
fi
# Proxmox VMs (qm)
if command -v qm &>/dev/null; then
qm list 2>/dev/null | tail -n +2 | while read -r vmid name status _ mem _; do
_sudo qm list 2>/dev/null | tail -n +2 | while read -r vmid name status _ mem _; do
[ -z "$vmid" ] && continue
echo "[container:qm-${vmid}]"
echo "type=vm"
@@ -225,9 +234,9 @@ if command -v qm &>/dev/null; then
[ -n "$mem" ] && echo "mem_allocated_mb=$mem"
# VM stats require guest agent - best effort
if [ "$status" = "running" ]; then
agent_test=$(qm guest exec "$vmid" -- cat /proc/meminfo 2>/dev/null)
agent_test=$(_sudo qm guest exec "$vmid" -- cat /proc/meminfo 2>/dev/null)
if [ -n "$agent_test" ]; then
gather_container_stats "qm guest exec $vmid --"
gather_container_stats "_sudo qm guest exec $vmid --"
fi
fi
done
@@ -235,7 +244,7 @@ fi
# Plain LXC (lxc/lxd)
if command -v lxc &>/dev/null && ! command -v pct &>/dev/null; then
lxc list --format csv -c nsN 2>/dev/null | while IFS=',' read -r name status network; do
_sudo lxc list --format csv -c nsN 2>/dev/null | while IFS=',' read -r name status network; do
[ -z "$name" ] && continue
echo "[container:lxc-${name}]"
echo "type=lxc"
@@ -243,7 +252,7 @@ if command -v lxc &>/dev/null && ! command -v pct &>/dev/null; then
echo "name=$name"
echo "status=$status"
if [ "$status" = "RUNNING" ]; then
gather_container_stats "lxc exec $name --"
gather_container_stats "_sudo lxc exec $name --"
lxd_ip=$(echo "$network" | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)
[ -n "$lxd_ip" ] && echo "ip=$lxd_ip"
fi
@@ -252,16 +261,16 @@ fi
# libvirt VMs (virsh)
if command -v virsh &>/dev/null; then
virsh list --all --name 2>/dev/null | while read -r name; do
_sudo virsh list --all --name 2>/dev/null | while read -r name; do
[ -z "$name" ] && continue
state=$(virsh domstate "$name" 2>/dev/null | head -1)
state=$(_sudo virsh domstate "$name" 2>/dev/null | head -1)
echo "[container:virsh-${name}]"
echo "type=vm"
echo "platform=libvirt"
echo "name=$name"
echo "status=$state"
if [ "$state" = "running" ]; then
virsh_ip=$(virsh domifaddr "$name" --source agent 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)
virsh_ip=$(_sudo virsh domifaddr "$name" --source agent 2>/dev/null | grep -oE '[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+' | head -1)
[ -n "$virsh_ip" ] && echo "ip=$virsh_ip"
fi
done

26
setup-remote.sh
View File

@@ -198,6 +198,27 @@ if [ "$OS" != "openwrt" ]; then
done
fi
# --- Sudoers for container/VM commands ---
SUDOERS_FILE="/etc/sudoers.d/infmap"
SUDO_CMDS=""
# Detect which hypervisor tools are present
for cmd in pct qm lxc virsh; do
cmd_path=$(command -v "$cmd" 2>/dev/null)
if [ -n "$cmd_path" ]; then
SUDO_CMDS="${SUDO_CMDS}${USERNAME} ALL=(root) NOPASSWD: ${cmd_path}\n"
fi
done
if [ -n "$SUDO_CMDS" ]; then
printf "%b" "$SUDO_CMDS" > "$SUDOERS_FILE"
chmod 440 "$SUDOERS_FILE"
echo "Sudoers rules added for container/VM commands"
else
echo "No hypervisor tools found, skipping sudoers"
fi
# --- Summary ---
echo ""
@@ -207,6 +228,9 @@ echo " Home: $HOMEDIR"
echo " Auth: key-only (password disabled)"
echo " SSH key: restricted to 'bash -s' (no shell, no forwarding)"
echo " Packages: lm-sensors, pciutils, iproute2"
if [ -n "$SUDO_CMDS" ]; then
echo " Sudo: container/VM commands (pct, qm, lxc, virsh)"
fi
echo ""
echo "Add to your infrastructure.conf:"
echo " ${USERNAME}@$(hostname)"
echo " $(hostname)"