CLOUDSTACK-10283: Sudo to setup agent keystore, fail on host add failure#2454
Conversation
This would make keystore utility scripts being executed as sudoer in case the process uid/owner is not root but still a sudoer user. Also fails addHost while securing a KVM host and if keystore fails to be setup for any reason. Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
|
Packaging result: ✔centos6 ✔centos7 ✔debian. JID-1715 |
|
@blueorangutan test |
|
@rhtyd a Trillian-Jenkins test job (centos7 mgmt + kvm-centos7) has been kicked to run smoke tests |
|
Trillian test result (tid-2258)
|
|
Tests and reviews are ok. I will merge this one then. |
|
@rhtyd a Jenkins job has been kicked to build packages. I'll keep you posted as I make progress. |
[CLOUDSTACK-10283] Sudo to setup agent keystore, fail on host add.
|
Packaging result: ✔centos6 ✖centos7 ✔debian. JID-1731 |
|
@rafaelweingartner can you kindly squash merge in future, otherwise, we'll have commit+merge commits on the branches that make the git graph look weird and difficult to track changes. |
|
I am sorry @rhtyd, but I find using merge commits when merging PRs a good idea. We do not have a protocol for merges yet (use or not use the merge commit). There was a thread a while ago discussing this topic in [1]. Some people preferred maintaining the merge commits when merging a PR (myself included). However, the thread died after a while, I believe the author (Daan) was busy with something else to finalize the discussion and create something formal. |
|
@rafaelweingartner feel free to rekick the discussion and start a vote. I've shared my preference with you which is based on two things - (a) allows git-users like myself who prefers to keep track of changes using command-line, (b) for maintainers who would want to backport a feature/fix which is easier if every fix/pr is a single commit than bunch of them. |
| } | ||
|
|
||
| Script script = new Script(_keystoreSetupPath, 60000, s_logger); | ||
| Script script = new Script(true, _keystoreSetupPath, 60000, s_logger); |
There was a problem hiding this comment.
@krissterckx this runs the script with sudo (when true is passed). It allows admins to add a KVM host using a non-root sudoer user (see for details https://cwiki.apache.org/confluence/display/CLOUDSTACK/Allow+non-root+user+to+add+KVM+hypervisor)
5 participants
This would make keystore utility scripts being executed as sudoer
in case the process uid/owner is not root but still a sudoer user.
Also fails addHost while securing a KVM host and if keystore fails to be
setup for any reason.
@blueorangutan package