ASF subversion and git services commented on CLOUDSTACK-10283:

Commit f1cf5f97e97558194a813119876f56bd55d0ff2a in cloudstack's branch 
refs/heads/4.11 from [~rohit.ya...@shapeblue.com]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=f1cf5f9 ]

CLOUDSTACK-10283: Sudo to setup agent keystore, fail on host add failure

This would make keystore utility scripts being executed as sudoer
in case the process uid/owner is not root but still a sudoer user.

Also fails addHost while securing a KVM host and if keystore fails to be
setup for any reason.

Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com>

> Use sudo to execute keystore setup/import for kvm agents, and fail on 
> keystore setup failures
> ---------------------------------------------------------------------------------------------
>                 Key: CLOUDSTACK-10283
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10283
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the 
> default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Major
>             Fix For:,
> Addition of a KVM host creates keystore on the KVM host's 
> /etc/cloudstack/agent path. The current scripts and codebase assumes that it 
> will be the root user which is why the script don't call keytool with 'sudo'. 
> To allow addition of host using a sudo-enabled/admin user, make suitable 
> changes to the script, and also fail the addHost execution if keystore 
> scripts fail (say due to permission issues etc).

This message was sent by Atlassian JIRA

Reply via email to