Defaults:oneadmin !requiretty
Defaults:oneadmin secure_path = /sbin:/bin:/usr/sbin:/usr/bin

Cmnd_Alias ONE_CEPH = /usr/bin/rbd
Cmnd_Alias ONE_FIRECRACKER = /usr/bin/jailer, /usr/sbin/one-clean-firecracker-domain, /usr/sbin/one-prepare-firecracker-domain
Cmnd_Alias ONE_HA = /bin/systemctl start opennebula-flow, /bin/systemctl stop opennebula-flow, /bin/systemctl start opennebula-gate, /bin/systemctl stop opennebula-gate, /bin/systemctl start opennebula-hem, /bin/systemctl stop opennebula-hem, /bin/systemctl start opennebula-showback.timer, /bin/systemctl stop opennebula-showback.timer, /usr/sbin/service opennebula-flow start, /usr/sbin/service opennebula-flow stop, /usr/sbin/service opennebula-gate start, /usr/sbin/service opennebula-gate stop, /usr/sbin/service opennebula-hem start, /usr/sbin/service opennebula-hem stop, /usr/bin/arping, /sbin/ip address *
Cmnd_Alias ONE_LVM = /sbin/lvcreate, /sbin/lvremove, /sbin/lvs, /sbin/vgdisplay, /sbin/lvchange, /sbin/lvdisplay, /sbin/lvscan, /sbin/lvextend, /sbin/lvreduce, /bin/sync, /bin/dd, /sbin/dmsetup, /sbin/pdp-one
Cmnd_Alias ONE_LXC = /bin/mount, /bin/umount, /usr/bin/bindfs, /sbin/losetup, /usr/bin/qemu-nbd, /usr/bin/lxc-attach, /usr/bin/lxc-config, /usr/bin/lxc-create, /usr/bin/lxc-destroy, /usr/bin/lxc-info, /usr/bin/lxc-ls, /usr/bin/lxc-start, /usr/bin/lxc-stop, /usr/bin/lxc-console, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd
Cmnd_Alias ONE_LXD = /snap/bin/lxc, /usr/bin/catfstab, /bin/mount, /bin/umount, /bin/mkdir, /bin/lsblk, /sbin/losetup, /sbin/kpartx, /usr/bin/qemu-nbd, /sbin/blkid, /sbin/e2fsck, /sbin/resize2fs, /usr/sbin/xfs_growfs, /usr/bin/rbd-nbd, /usr/sbin/xfs_admin, /sbin/tune2fs
Cmnd_Alias ONE_MARKET = /usr/lib/one/sh/create_container_image.sh, /usr/lib/one/sh/create_docker_image.sh
Cmnd_Alias ONE_NET = /sbin/ebtables, /sbin/iptables, /sbin/ip6tables, /sbin/ipset, /sbin/ip link *, /sbin/ip tuntap *, /sbin/ip route *, /sbin/ip neighbour *
Cmnd_Alias ONE_OVS = /usr/bin/ovs-ofctl, /usr/bin/ovs-vsctl
Cmnd_Alias ONE_MEM = /sbin/sysctl vm.drop_caches=3 vm.compact_memory=1

#rbt: add base for all components
Cmnd_Alias ONE_BASE = /bin/md5sum, /bin/qemu-img, /bin/mount, /bin/umount, /bin/mkdir, /bin/lsblk, /bin/rm, /bin/rmdir, /sbin/pdpl-file, /bin/pdpl-ps, /sbin/pdpl-user, /bin/chown, /bin/chmod, /bin/cat, /usr/bin/lsof, /bin/touch, /usr/sbin/useradd, /usr/sbin/usermod, /usr/bin/gpasswd, /usr/sbin/chpasswd, /bin/cp, /bin/setfacl, /bin/tar, /bin/rsync, /bin/tee
oneadmin ALL=(ALL) NOPASSWD: ONE_BASE

## Command aliases are enabled individually in dedicated
## sudoers files by each OpenNebula component (server, node).
# oneadmin ALL=(ALL) NOPASSWD: ONE_CEPH, ONE_FIRECRACKER, ONE_HA, ONE_LVM, ONE_LXC, ONE_LXD, ONE_MARKET, ONE_NET, ONE_OVS, ONE_MEM
