[ https://issues.apache.org/jira/browse/CLOUDSTACK-10283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16373613#comment-16373613 ]
ASF subversion and git services commented on CLOUDSTACK-10283: -------------------------------------------------------------- Commit f1cf5f97e97558194a813119876f56bd55d0ff2a in cloudstack's branch refs/heads/4.11 from [~rohit.ya...@shapeblue.com] [ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=f1cf5f9 ] CLOUDSTACK-10283: Sudo to setup agent keystore, fail on host add failure This would make keystore utility scripts being executed as sudoer in case the process uid/owner is not root but still a sudoer user. Also fails addHost while securing a KVM host and if keystore fails to be setup for any reason. Signed-off-by: Rohit Yadav <rohit.ya...@shapeblue.com> > Use sudo to execute keystore setup/import for kvm agents, and fail on > keystore setup failures > --------------------------------------------------------------------------------------------- > > Key: CLOUDSTACK-10283 > URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10283 > Project: CloudStack > Issue Type: Bug > Security Level: Public(Anyone can view this level - this is the > default.) > Reporter: Rohit Yadav > Assignee: Rohit Yadav > Priority: Major > Fix For: 4.12.0.0, 4.11.1.0 > > > Addition of a KVM host creates keystore on the KVM host's > /etc/cloudstack/agent path. The current scripts and codebase assumes that it > will be the root user which is why the script don't call keytool with 'sudo'. > To allow addition of host using a sudo-enabled/admin user, make suitable > changes to the script, and also fail the addHost execution if keystore > scripts fail (say due to permission issues etc). -- This message was sent by Atlassian JIRA (v7.6.3#76005)