[
https://issues.apache.org/jira/browse/CLOUDSTACK-10283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16363862#comment-16363862
]
ASF GitHub Bot commented on CLOUDSTACK-10283:
---------------------------------------------
rhtyd opened a new pull request #2454: CLOUDSTACK-10283: Sudo to setup agent
keystore, fail on host add failure
URL: https://github.com/apache/cloudstack/pull/2454
This would make keystore utility scripts being executed as sudoer
in case the process uid/owner is not root but still a sudoer user.
Also fails addHost while securing a KVM host and if keystore fails to be
setup for any reason.
@blueorangutan package
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
> Use sudo to execute keystore setup/import for kvm agents, and fail on
> keystore setup failures
> ---------------------------------------------------------------------------------------------
>
> Key: CLOUDSTACK-10283
> URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10283
> Project: CloudStack
> Issue Type: Bug
> Security Level: Public(Anyone can view this level - this is the
> default.)
> Reporter: Rohit Yadav
> Assignee: Rohit Yadav
> Priority: Major
> Fix For: 4.12.0.0, 4.11.1.0
>
>
> Addition of a KVM host creates keystore on the KVM host's
> /etc/cloudstack/agent path. The current scripts and codebase assumes that it
> will be the root user which is why the script don't call keytool with 'sudo'.
> To allow addition of host using a sudo-enabled/admin user, make suitable
> changes to the script, and also fail the addHost execution if keystore
> scripts fail (say due to permission issues etc).
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)
