[
https://issues.apache.org/jira/browse/CLOUDSTACK-10283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16373613#comment-16373613
]
ASF subversion and git services commented on CLOUDSTACK-10283:
--------------------------------------------------------------
Commit f1cf5f97e97558194a813119876f56bd55d0ff2a in cloudstack's branch
refs/heads/4.11 from [~rohit.ya...@shapeblue.com]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=f1cf5f9 ]
CLOUDSTACK-10283: Sudo to setup agent keystore, fail on host add failure
This would make keystore utility scripts being executed as sudoer
in case the process uid/owner is not root but still a sudoer user.
Also fails addHost while securing a KVM host and if keystore fails to be
setup for any reason.
Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>
> Use sudo to execute keystore setup/import for kvm agents, and fail on
> keystore setup failures
> ---------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-10283
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10283
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> Addition of a KVM host creates keystore on the KVM host's
> /etc/cloudstack/agent path. The current scripts and codebase assumes that it
> will be the root user which is why the script don't call keytool with 'sudo'.
> To allow addition of host using a sudo-enabled/admin user, make suitable
> changes to the script, and also fail the addHost execution if keystore
> scripts fail (say due to permission issues etc).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
