Ken Gaillot <[email protected]> schrieb am 08.03.2017 15:50:57: > Von: Ken Gaillot <[email protected]> > An: [email protected] > Datum: 08.03.2017 15:56 > Betreff: Re: [ClusterLabs] VirtualDomain as non-root / encrypted > > On 03/08/2017 04:19 AM, [email protected] wrote: > > hi, > > > > Any ideas how to run VirtualDomain Resource as non-root user with > > encrypted transport to remote hypervisor(ssh)? > > > > i'm able to start/stop/migrate vm via libvirt as non-root, but it > > doesn't work with pacemaker - pacemaker runs VirtualDomain as root, also > > there is no option to pass user via parameter > > > > thank you! > > There's no way to do this within Pacemaker currently. The closest > workaround would be to copy the VirtualDomain agent, and edit it to > switch users before doing anything. >
thank you, we will give that a try! > Since we added the alerts feature, we've been keeping a future > enhancement in mind to allow selecting the user that alert agents run as > (currently, it's always hacluster). If we do that, the same mechanism > will likely work with resource agents as well. There is a lot of > high-priority work ahead of that, though. > > Keep in mind that some agents maintain state data somewhere like > /var/run, and they may break even if they can otherwise run as a > different user. If they offer the state location as an option, that's an > easy workaround.
_______________________________________________ Users mailing list: [email protected] http://lists.clusterlabs.org/mailman/listinfo/users Project Home: http://www.clusterlabs.org Getting started: http://www.clusterlabs.org/doc/Cluster_from_Scratch.pdf Bugs: http://bugs.clusterlabs.org
