cloudstack-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "ASF subversion and git services (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (CLOUDSTACK-10283) Use sudo to execute keystore setup/import for kvm agents, and fail on keystore setup failures
Date Thu, 22 Feb 2018 22:45:00 GMT

    [ https://issues.apache.org/jira/browse/CLOUDSTACK-10283?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16373613#comment-16373613
] 

ASF subversion and git services commented on CLOUDSTACK-10283:
--------------------------------------------------------------

Commit f1cf5f97e97558194a813119876f56bd55d0ff2a in cloudstack's branch refs/heads/4.11 from
[~rohit.yadav@shapeblue.com]
[ https://gitbox.apache.org/repos/asf?p=cloudstack.git;h=f1cf5f9 ]

CLOUDSTACK-10283: Sudo to setup agent keystore, fail on host add failure

This would make keystore utility scripts being executed as sudoer
in case the process uid/owner is not root but still a sudoer user.

Also fails addHost while securing a KVM host and if keystore fails to be
setup for any reason.

Signed-off-by: Rohit Yadav <rohit.yadav@shapeblue.com>


> Use sudo to execute keystore setup/import for kvm agents, and fail on keystore setup
failures
> ---------------------------------------------------------------------------------------------
>
>                 Key: CLOUDSTACK-10283
>                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-10283
>             Project: CloudStack
>          Issue Type: Bug
>      Security Level: Public(Anyone can view this level - this is the default.) 
>            Reporter: Rohit Yadav
>            Assignee: Rohit Yadav
>            Priority: Major
>             Fix For: 4.12.0.0, 4.11.1.0
>
>
> Addition of a KVM host creates keystore on the KVM host's /etc/cloudstack/agent path.
The current scripts and codebase assumes that it will be the root user which is why the script
don't call keytool with 'sudo'. To allow addition of host using a sudo-enabled/admin user,
make suitable changes to the script, and also fail the addHost execution if keystore scripts
fail (say due to permission issues etc).



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

Mime
View raw message