Hi guys,

I've got MOM up and running as a vdsm thread but I've hit two small problems.
I'll bounce them around on the list to see if people have some ideas.

1.) Libvirt SASL authentication

I was able to easily modify MOM to connect to libvirt by hardcoding the vdsm
credentials.  Obviously this is not an acceptable long-term solution.  What is
the best way to share the vdsm libvirt password with MOM in a way that does not
compromise security?  Whatever method we choose should not involve vdsm-specific
changes to MOM.  For starters I think I will just place the username and
password in the mom.conf file.  We could make this file readable only by the
vdsm user.  Thoughts?

2.) Permissions

The first error I noticed was MOM failing to adjust KSM via sysfs:

2011-11-22 10:13:48,313 - mom.Controllers.KSM - WARNING - KSM: Failed to write
/sys/kernel/mm/ksm/run: Permission denied

MOM is used to running as root so that it can adjust these settings.  I would
prefer not to complicate the MOM architecture by having a separate process that
receives instructions from the main MOM thread and then applies the requested
changes as root.

Another solution would be to allow MOM to run as a completely separate daemon
(as it has been originally doing).  In this scenario, vdsm would reconfigure MOM
by replacing the default configuration file and policy.  vdsm could then
interact with the running momd via the existing xmlrpc interface.

Thoughts on these issues?

Adam Litke <a...@us.ibm.com>
IBM Linux Technology Center

vdsm-devel mailing list

Reply via email to