----- Original Message -----
> From: "Adam Litke" <a...@us.ibm.com>
> To: vdsm-devel@lists.fedorahosted.org
> Sent: Tuesday, November 22, 2011 4:29:41 PM
> Subject: MOM integration questions
> Hi guys,
> I've got MOM up and running as a vdsm thread but I've hit two small
> problems.
> I'll bounce them around on the list to see if people have some ideas.
> 1.) Libvirt SASL authentication
> I was able to easily modify MOM to connect to libvirt by hardcoding
> the vdsm
> credentials.  Obviously this is not an acceptable long-term solution.
>  What is
> the best way to share the vdsm libvirt password with MOM in a way
> that does not
> compromise security?  Whatever method we choose should not involve
> vdsm-specific
> changes to MOM.  For starters I think I will just place the username
> and
> password in the mom.conf file.  We could make this file readable only
> by the
> vdsm user.  Thoughts?

Is it safe just to read it from /etc/pki/vdsm/keys/libvirt_password 

What's the reason for not wanting VDSM specific changes in MOM, is this project 
is part of oVirt then we can always assume VDSM is present.
> 2.) Permissions
> The first error I noticed was MOM failing to adjust KSM via sysfs:
> 2011-11-22 10:13:48,313 - mom.Controllers.KSM - WARNING - KSM: Failed
> to write
> /sys/kernel/mm/ksm/run: Permission denied
> MOM is used to running as root so that it can adjust these settings.
>  I would
> prefer not to complicate the MOM architecture by having a separate
> process that
> receives instructions from the main MOM thread and then applies the
> requested
> changes as root.
> Another solution would be to allow MOM to run as a completely
> separate daemon
> (as it has been originally doing).  In this scenario, vdsm would
> reconfigure MOM
> by replacing the default configuration file and policy.  vdsm could
> then
> interact with the running momd via the existing xmlrpc interface.
> Thoughts on these issues?
> --
> Adam Litke <a...@us.ibm.com>
> IBM Linux Technology Center
> _______________________________________________
> vdsm-devel mailing list
> vdsm-devel@lists.fedorahosted.org
> https://fedorahosted.org/mailman/listinfo/vdsm-devel
vdsm-devel mailing list

Reply via email to