On 03/08/2017 04:19 AM, [email protected] wrote: > hi, > > Any ideas how to run VirtualDomain Resource as non-root user with > encrypted transport to remote hypervisor(ssh)? > > i'm able to start/stop/migrate vm via libvirt as non-root, but it > doesn't work with pacemaker - pacemaker runs VirtualDomain as root, also > there is no option to pass user via parameter > > thank you!
There's no way to do this within Pacemaker currently. The closest workaround would be to copy the VirtualDomain agent, and edit it to switch users before doing anything. Since we added the alerts feature, we've been keeping a future enhancement in mind to allow selecting the user that alert agents run as (currently, it's always hacluster). If we do that, the same mechanism will likely work with resource agents as well. There is a lot of high-priority work ahead of that, though. Keep in mind that some agents maintain state data somewhere like /var/run, and they may break even if they can otherwise run as a different user. If they offer the state location as an option, that's an easy workaround. _______________________________________________ Users mailing list: [email protected] http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
