Can anyone who have definitive knowledge or from cloudstack team please confirm whether following statement is true or false:
When adding a new (hypervsior) host to cluster, CloudStack management server will ssh to port 22 of new host as root user with a password. Once the initial set up completes, management sever does not need root access with password to hosts any more. (If the answer depends on the hypervisor type, please specify the details.) My cloudstack is 4.3.0 with kvm hypervisor running on rhel 6.5. In my environment, root password and /etc/ssh/sshd_config ( where PermitRootLogin is set to no) file are managed by puppet. If root access using passed to hypervisor host is one time requirement during initial setup, I can work around it, otherwise I’ll have to manage exceptions in puppet modules for my hypervisors. Thanks, Yiping From: mo <m...@daoenix.com<mailto:m...@daoenix.com>> Date: Monday, August 11, 2014 at 2:50 PM To: Yiping Zhang <yzh...@marketo.com<mailto:yzh...@marketo.com>>, "users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>" <users@cloudstack.apache.org<mailto:users@cloudstack.apache.org>> Subject: Re: adding kvm host to cluster I asked if it was necessary to always permit root access, and/or if it was okay to lock it down once setup was complete. It was told to me, that it was okay to lock it down; as root will only access it at initial setup. Therefore, with what you state; it seems to be necessary to permit access all the time? - Mo On August 11, 2014 at 5:47:42 PM, Yiping Zhang (yzh...@marketo.com<mailto:yzh...@marketo.com>) wrote: My research so far indicates that this host user has to be root, and the management server will ssh to port 22 of hypervisor hosts to do its magic. So my follow on question is: does management server require the ability to ssh to hypervisor host all the time, or just during initial setup phase ? Thanks for any clarifications, Yiping On 8/11/14, 12:44 PM, "Yiping Zhang" <yzh...@marketo.com<mailto:yzh...@marketo.com>> wrote: >Hi All: > >When adding a new kvm host to a cluster in GUI, it asks for a user name >and password. The doc just says that ³user name (usually root)². How is >this username used by management server? Can it be a non-root user ? If >so, what privileges does this user require? > >Thanks, > >Yiping
