On Fri, Sep 24, 2010 at 10:19 AM, Rene Nussbaumer <[email protected]> wrote:
Hi Bevo, As René said, thanks. Also please see the developer guidelines on our website: in order to be able to apply patches you send we need a CLA to be signed. If you intend to work on getting your work merged please consider also signing that. > We are doing efforts in privilege separation which is coming in Ganeti > 2.3. The daemons will be fully separated except for ganeti-noded which > needs still root privileges to do its job. Also the SSH code has been > separated out of Ganeti core into setup-ssh which you find in the > tools directory of your Ganeti (>=2.1) installation. This was needed > to privilege separate the code as otherwise we would touch paths > (mainly /etc/ssh and ~/.ssh) outside of Ganetis territory. > Well, in this case what's touched is paths outside of the daemons (in bootstrap and at console time) which I don't think we tried to tackle yet. So it's good, if the patch can be adapted to current master and submitted. It would be nice if a few of the hard constants would be configurable, in particular: - sudo, as you said the privilege escalation command might be another one. 'su' for example. - remote user. the patch now removes 'root' making it default to "current local user", which is good, but it might need to be something else (for example you could be gntadmin, and could want to ssh to a gntslave user) - whether to use privilege escalation at all or not (or could be determined from the above values) > As we postponed the efforts on further privilege separation for > ganeti-noded until end of year you're welcome to do your own research > and efforts in regard to that and spread them back to the community > :). If you do so I would consider the master branch of our git repo to > make sure you always have the latest updates. > Yes, although this is not related to RPC privilege separation, I'd say, and covers a different use case. > This should be probably determined on configure time. Not every system > has its sudo installed at the exact same spot. > I'm not sure configure time is enough. Well, it is for the "sudo" path, but not for deciding if a particular cluster should use it or not, and which users should be used, for example. Thanks, Guido
