cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Hugo Trippaers <HTrippa...@schubergphilis.com>
Subject Re: SystemVM keypair setting in developer mode
Date Tue, 15 Jan 2013 21:17:03 GMT
I ran into the same problem as well, but I didn't do the check where it came from. I just "fixed"
it in the openvswitch branch and continued working.

I think it's a plain and simple mistake.

Cheers,

Hugo

Verstuurd vanaf mijn iPad

Op 15 jan. 2013 om 22:08 heeft "Marcus Sorensen" <shadowsor@gmail.com> het volgende
geschreven:

> Yes, I just got bitten by this as well. I'm hoping Alex can comment on the
> commit because I'm not super familiar with this or what was being fixed by
> the change to an OR. It used to be that they keys would generate if you
> were running as user 'cloud' OR the developer configuration flag was set.
> This was accomplished with an &&, which is confusing. The commit changed it
> to an ||, which means that it only sets up the keys if you're running as
> user 'cloud' AND the developer flag is set.
> 
> Went from:
> 
> if (!username.equalsIgnoreCase("cloud") && !devel) {
> 
> to:
> 
> if (!username.equalsIgnoreCase("cloud") || !devel) {
> 
> I think this will actually break KVM altogether in 4.1, because now the
> management server needs to be run as user cloud AND the devel flag has to
> be set in order to generate keys.
> 
> This sounds lame, but I was confused enough by that if statement that I put
> it into some test code to verify:
> 
> public class TestCase {
>   public static void main(String[] args) {
>        String username = args[0];
>        String devel = args[1];
>        if (!username.equalsIgnoreCase("cloud") || !devel.equals("1")) {
>             System.out.println("skipping keys");
>        } else {
>             System.out.println("generating keys");
>        }
>   }
> }
> 
> How it was, looks right. If you're running as cloud it will generate
> regardless, otherwise the dev flag has to be set:
> 
> marcus@mlsorensen-bsdesk:~$ java TestCase cloud 0
> generating keys
> marcus@mlsorensen-bsdesk:~$ java TestCase cloud 1
> generating keys
> marcus@mlsorensen-bsdesk:~$ java TestCase root 0
> skipping keys
> marcus@mlsorensen-bsdesk:~$ java TestCase root 1
> generating keys
> 
> How it is now. You have to be cloud and you need to have the dev flag set:
> 
> marcus@mlsorensen-bsdesk:~$ java TestCase cloud 0
> skipping keys
> marcus@mlsorensen-bsdesk:~$ java TestCase cloud 1
> generating keys
> marcus@mlsorensen-bsdesk:~$ java TestCase root 0
> skipping keys
> marcus@mlsorensen-bsdesk:~$ java TestCase root 1
> skipping keys
> 
> 
> On Wed, Dec 19, 2012 at 10:34 PM, Dave Cahill <dcahill@midokura.jp> wrote:
> 
>> Hi,
>> 
>> There seem to be crossed wires about systemVM keypairs and whether the
>> management server can be run as a user other than "cloud".
>> 
>> On Nov 1st, in the mailing list thread "Setting the ssh.publickey and
>> ssh.privatekey options", we decided that if a user is in developer mode
>> (used mvn -P developer -pl developer -Ddeploydb), the "developer" key
>> should be inserted into the database, allowing systemvm keypairs to be set
>> even if the user is not "cloud". This was reviewed (
>> https://reviews.apache.org/r/7861/) and committed (
>> 
>> https://github.com/apache/incubator-cloudstack/commit/476e771c1c8f81b87a77883922bc1b35dea213fc
>> ).
>> 
>> However, a Dec 1st commit changes the condition from:
>> Disallow setting systemvm keypairs if the user is not "cloud" user AND is
>> not in developer mode
>> to
>> Disallow setting systemvm keypairs if the user is not "cloud" user OR is
>> not in developer mode
>> 
>> This effectively means the management server can't be run as a non-cloud
>> user.
>> 
>> I can't tell form the commit message if this effect is intentional:
>> "Removed that darn exceptions when cloudstack is running in windows. It's a
>> simple or check that was written as an and check"
>> 
>> https://github.com/apache/incubator-cloudstack/commit/6036f73725889b3557263e1a4a80106f11217974
>> 
>> Anyone have any insights?
>> 
>> Thanks,
>> Dave.
>> 

Mime
View raw message