RE: Use /etc/origin/master/files without sudo

Mon, 15 Feb 2016 01:24:01 -0800 

I understand, but than I'm unable to perform a command like this:
oadm ca create-server-cert --signer-cert=ca.crt \
    --signer-key=ca.key --signer-serial=ca.serial.txt \
    --hostnames="docker-registry.default.svc.cluster.local,${RESULT}" \
    --cert=registry.crt --key=registry.key

Because it's not permitted to read/use the ca.crt etc.

From: [email protected]
Date: Tue, 9 Feb 2016 11:45:37 -0500
Subject: Re: Use /etc/origin/master/files without sudo
To: [email protected]

Depends on what you're using these files for... for dev, 755 is fine. For 
production, you should be guarding the keys closely, and probably requiring 
sudo access to read/write/sign certs.

On Tue, Feb 9, 2016 at 10:18 AM, Den Cowboy <[email protected]> wrote:



Thanks. Is there a recommended chmod-command to perform on the the files in 
/master. Because chmod 755 +R worked but is unsave I think

From: [email protected]
Date: Tue, 9 Feb 2016 10:15:19 -0500
Subject: Re: Use /etc/origin/master/files without sudo
To: [email protected]

sure, or write the initial config without using sudo and just run the server 
with sudo

On Tue, Feb 9, 2016 at 10:09 AM, Den Cowboy <[email protected]> wrote:



Thanks. And is it a right approach to set permissions on the files in the 
/master? (when you don't use your own certs)

From: [email protected]
Date: Tue, 9 Feb 2016 09:57:15 -0500
Subject: Re: Use /etc/origin/master/files without sudo
To: [email protected]
CC: [email protected]

Generating a certificate requires write permissions on the ca.serial.txt file 
to record the fact that another certificate was signed using the CA.

On Tue, Feb 9, 2016 at 9:54 AM, Den Cowboy <[email protected]> wrote:



What's the best way to use this files without using sudo?
I performed a chmod + r on it.

But when I try the following without sudo:
$ oadm ca create-server-cert --signer-cert=ca.crt \
>     --signer-key=ca.key --signer-serial=ca.serial.txt \
>     --hostnames='docker-registry.default.svc.cluster.local,172.30.21.34' \
>     --cert=registry.crt --key=registry.key
panic: runtime error: invalid memory address or nil pointer dereference
[signal 0xb code=0x1 addr=0x0 pc=0xcf747c]

goroutine 1 [running]:
github.com/openshift/origin/pkg/cmd/server/crypto.encodeCertificates(0xc2084a84c0,
 0x2, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0)
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_build/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:467
 +0x2bc
github.com/openshift/origin/pkg/cmd/server/crypto.writeCertificates(0x7fff9db9d68e,
 0xc, 0xc2084a84c0, 0x2, 0x2, 0x0, 0x0)
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_build/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:501
 +0xdf
github.com/openshift/origin/pkg/cmd/server/crypto.(*TLSCertificateConfig).writeCertConfig(0xc2083c0690,
 0x7fff9db9d68e, 0xc, 0x7fff9db9d6a1, 0xc, 0x0, 0x0)
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_build/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:71
 +0x67
github.com/openshift/origin/pkg/cmd/server/crypto.(*CA).MakeServerCert(0xc2083c0750,
 0x7fff9db9d68e, 0xc, 0x7fff9db9d6a1, 0xc, 0xc2083c0780, 0x1, 0x0, 0x0)
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_build/src/github.com/openshift/origin/pkg/cmd/server/crypto/crypto.go:258
 +0x5b2
github.com/openshift/origin/pkg/cmd/server/admin.CreateServerCertOptions.CreateServerCert(0xc20847fcc0,
 0x7fff9db9d68e, 0xc, 0x7fff9db9d6a1, 0xc, 0xc2084e6060, 0x2, 0x2, 0x1, 
0x7f6276ae9530, ...)
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_build/src/github.com/openshift/origin/pkg/cmd/server/admin/create_servercert.go:116
 +0x224
github.com/openshift/origin/pkg/cmd/server/admin.func·015(0xc2084c7e00, 
0xc2081d3c20, 0x0, 0x6)
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_build/src/github.com/openshift/origin/pkg/cmd/server/admin/create_servercert.go:59
 +0x139
github.com/spf13/cobra.(*Command).execute(0xc2084c7e00, 0xc2081d3b60, 0x6, 0x6, 
0x0, 0x0)
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_thirdpartyhacks/src/github.com/spf13/cobra/command.go:572
 +0x82f
github.com/spf13/cobra.(*Command).ExecuteC(0xc2084a2200, 0xc2084c7e00, 0x0, 0x0)
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_thirdpartyhacks/src/github.com/spf13/cobra/command.go:662
 +0x4db
github.com/spf13/cobra.(*Command).Execute(0xc2084a2200, 0x0, 0x0)
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_thirdpartyhacks/src/github.com/spf13/cobra/command.go:618
 +0x3a
main.main()
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_build/src/github.com/openshift/origin/cmd/openshift/openshift.go:22
 +0x175

goroutine 5 [syscall]:
os/signal.loop()
    /usr/lib/golang/src/os/signal/signal_unix.go:21 +0x1f
created by os/signal.init·1
    /usr/lib/golang/src/os/signal/signal_unix.go:27 +0x35

goroutine 10 [chan receive]:
github.com/golang/glog.(*loggingT).flushDaemon(0x4c5e680)
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_thirdpartyhacks/src/github.com/golang/glog/glog.go:879
 +0x78
created by github.com/golang/glog.init·1
    
/builddir/build/BUILD/origin-git-0.ce0e67f/_thirdpartyhacks/src/github.com/golang/glog/glog.go:410
 +0x2a7

goroutine 17 [syscall, locked to thread]:
runtime.goexit()
    /usr/lib/golang/src/runtime/asm_amd64.s:2232 +0x1
                                          

_______________________________________________

users mailing list

[email protected]

http://lists.openshift.redhat.com/openshiftmm/listinfo/users



                                          

                                          

                                          
_______________________________________________
users mailing list
[email protected]
http://lists.openshift.redhat.com/openshiftmm/listinfo/users

Reply via email to