cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From remibergsma <...@git.apache.org>
Subject [GitHub] cloudstack pull request: CLOUDSTACK-8339: Allow non-root users to ...
Date Sun, 24 May 2015 18:16:06 GMT
Github user remibergsma commented on the pull request:

    https://github.com/apache/cloudstack/pull/288#issuecomment-105045696
  
    @bhaisaab, I tested your patch and ran to an issue where a TTY is required to run sudo,
but not requested. The host cannot be added.
    
    Logs:
    ```
    2015-05-24 13:48:44,175 DEBUG [c.c.u.s.SSHCmdHelper] (ApiServer-8:ctx-0b7d379a ctx-5e04fa3a)
sudo cloudstack-setup-agent  -m 192.168.22.61 -z 1 -p 1 -c 1 -g 57acd541-cd37-34ea-af6a-dc6ecd007325
-a --pubNic=cloudbr0 --prvNi
    c=cloudbr0 --guestNic=cloudbr0 --hypervisor=kvm output:sudo: sorry, you must have a tty
to run sudo
    ```
    Because it always uses 'sudo' you cannot add a host as 'root' nor as other user. To test:
    
    ```
    [root@cs1 ~]# ssh root@kvm1 sudo whoami
    root@kvm1's password: 
    sudo: sorry, you must have a tty to run sudo
    ```
    
    Two possible solutions:
    1. Specify -t parameter or similar to request a TTY:
    
    ```
    [root@cs1 ~]# ssh -t root@kvm1 sudo whoami
    root@kvm1's password: 
    root
    Connection to kvm1 closed.
    ```
    
    I prefer this solution since we then solve it on the CloudStack side. Alternatively, one
can remove the TTY requirement from /etc/sudoers file:
    
    ```
    Defaults    requiretty
    ```
    
    I've continued my tests with altering the /etc/sudoers file and then I can add the host
as user 'root' again, and also as user 'cloud' that I added to the /etc/sudoers file to allow
it root without a password.
    
    Result:
    
    ```
    [root@kvm2 ~]# ps aux | grep cloud
    root     23044  0.7  0.0 133128  4748 ?        Ss   14:03   0:00 sshd: cloud [priv]
    cloud    23048  0.0  0.0 133128  2216 ?        S    14:03   0:00 sshd: cloud@notty
    root     23062  0.0  0.0 188720  2588 ?        Ss   14:03   0:00 sudo cloudstack-setup-agent
-m 192.168.22.61 -z 2 -p 2 -c 3 -g 57acd541-cd37-34ea-af6a-dc6ecd007325 -a --pubNic=cloudbr0
--prvNic=cloudbr0 --guestNic=cloudbr0 --hypervisor=kvm
    root     23073  0.8  0.1 199392  9740 ?        S    14:03   0:00 /usr/bin/python /bin/cloudstack-setup-agent
-m 192.168.22.61 -z 2 -p 2 -c 3 -g 57acd541-cd37-34ea-af6a-dc6ecd007325 -a --pubNic=cloudbr0
--prvNic=cloudbr0 --guestNic=cloudbr0 --hypervisor=kvm
    ```
    
    Could you see if you can add a TTY request to your 'sudo cloudstack-setup-agent' call?
    
    Apart from this: works-like-a-sharm :-)


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

Mime
View raw message