Re: Issue 953 in ganeti: Split-user: wconfd tries to chown its listening socket to a different user

Wed, 24 Sep 2014 07:49:00 -0700 

Updates:
        Status: Fixed
        Owner: [email protected]
Comment #3 on issue 953 by [email protected]: Split-user: wconfd tries to chown its listening socket to a different user 
https://code.google.com/p/ganeti/issues/detail?id=953

commit 4ddce51deb43bee0d5532b2b9c64d04fe65db235
Author: Apollon Oikonomopoulos <[email protected]>
Date:   Tue Sep 23 15:09:06 2014 +0300

    metad: run as root to bind port 80

    metad needs to bind port 80, so it should really startup as root. Note
    that this should ideally be fixed, either by changing the port to an
    unprivileged one, or by dropping root privileges after binding the port.
    The latter solution is the preferred one, since using port 80 is
    mandated in the design document.

    Signed-off-by: Apollon Oikonomopoulos <[email protected]>
    Signed-off-by: Klaus Aehlig <[email protected]>
    Reviewed-by: Klaus Aehlig <[email protected]>

commit 9decc439eb4a996bc5b7ac8a6852be545a494ecd
Author: Apollon Oikonomopoulos <[email protected]>
Date:   Tue Sep 23 15:09:05 2014 +0300

    WConfd: run as <prefix>-masterd by default

    Since WConfd is taking over the old masterd role, it is best to have it
    run as the old masterd user. A lot of the files (notably config.data and
    client.pem) are accessible by masterd-only.

    This is really just to ease the transition from masterd to wconfd and
    get things working again and should be re-evaluated in the long run.

    This fixes issues #952 and #953.

    Signed-off-by: Apollon Oikonomopoulos <[email protected]>
    Signed-off-by: Klaus Aehlig <[email protected]>
    Reviewed-by: Klaus Aehlig <[email protected]>

commit abd215fa17a038233d3e1d2533899f8354ad9ce4
Author: Apollon Oikonomopoulos <[email protected]>
Date:   Tue Sep 23 15:09:04 2014 +0300

    WConfd: use own server config instead of LuxiD's

    Signed-off-by: Apollon Oikonomopoulos <[email protected]>
    Signed-off-by: Klaus Aehlig <[email protected]>
    Reviewed-by: Klaus Aehlig <[email protected]>


These patches fix the situation for 2.12. The split-user roles for the new
daemons should be reevaluated for the long run. This is tracked in issue 955. 

--
You received this message because this project is configured to send all issue notifications to this address. 
You may adjust your notification preferences at:
https://code.google.com/hosting/settings

Reply via email to