cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF GitHub Bot (JIRA)" <>
Subject [jira] [Commented] (CLOUDSTACK-8339) Allow non-root credentials for adding KVM hypervisor
Date Sun, 24 May 2015 22:58:17 GMT


ASF GitHub Bot commented on CLOUDSTACK-8339:

Github user terbolous commented on the pull request:
    On Mon, May 25, 2015 at 12:50 AM, Rafael da Fonseca <> wrote:
    > Creating a user for this use would be worse, because it would require some
    > sort of 'standard' credential for ssh access. Or it would require that such
    > account didn't have ssh access and supplied account would need to sudo su
    > account to use It to run the script.. so no advantage.
    We do that already, by requiring the usage of 'root'.
    Wouldn't need to be anything standard, setting the password could be done
    during agent install, by asking or generating something random and printing
    it to stdout -- heck, the mgmt server could even change to something random
    during the first setup.
    > I think that the best way to tackle this would be to use the actual agent
    > for registration. Letting the agent startup without config and listen on
    > tcp port for remote registration (no ssh or sudo) and just process the
    > credentials sent and self configure.
    The mgmt server tries to ssh and start the agent if it's registered down
    for some reason.

> Allow non-root credentials for adding KVM hypervisor
> ----------------------------------------------------
>                 Key: CLOUDSTACK-8339
>                 URL:
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>          Components: KVM
>    Affects Versions: 4.5.0
>            Reporter: Marcus Sorensen
>            Assignee: Marcus Sorensen
>             Fix For: 4.6.0
> Users prefer to not provide root ssh just to run the hypervisor add from the UI. Testing
a fix.

This message was sent by Atlassian JIRA

View raw message