cloudstack-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Duffy <...@ianduffy.ie>
Subject Re: Broken update from 4.4 to 4.4.1
Date Fri, 24 Oct 2014 22:06:40 GMT
> cloud ALL =NOPASSWD : ALL

This is dangerous advice. It grants the cloud user full sudo access without
the requirement of a password.

The following gives more limited access and should allow cloudstack to
function accordingly:

cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount,
/bin/umount, /usr/bin/keytool

On 24 October 2014 18:44, Andrija Panic <andrija.panic@gmail.com> wrote:

> Just did quick management server ACS 4.4.1 installation on free server:
> cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount,
> /bin/umount, /usr/bin/keytool
>
> that is what it looks like in ACS 4.4.1
> clean install of ACS 4.4.1 works...
>
> On 24 October 2014 19:35, Andrija Panic <andrija.panic@gmail.com> wrote:
>
> > like this:
> >
> > Defaults:cloud !requiretty
> > cloud ALL =NOPASSWD : ALL
> >
> > and let us know if the upgtade still fails - it does fail for me with no
> > understandable error...
> > thx
> >
> > On 24 October 2014 19:28, Matthew Midgett <
> > cloudstck@trick-solutions.com.invalid> wrote:
> >
> >> This is what is in my sudoers file
> >>
> >> cloud ALL =NOPASSWD : /bin/chmod, /bin/cp, /bin/mkdir, /bin/mount,
> >> /bin/umount
> >>
> >> Should I change it?
> >>
> >> -----Original Message-----
> >> From: Kirk Kosinski [mailto:kirkkosinski@gmail.com]
> >> Sent: Friday, October 24, 2014 5:23 AM
> >> To: users@cloudstack.apache.org
> >> Subject: Re: Broken update from 4.4 to 4.4.1
> >>
> >> Hi, the error below indicates a problem with the sudo config.  Make sure
> >> /etc/sudoers has a line like:
> >>
> >> cloud ALL =NOPASSWD : ALL
> >>
> >> Best regards,
> >> Kirk
> >>
> >> On 10/23/2014 01:05 PM, Matthew Midgett wrote:
> >> > 2014-10-23 15:21:52,943 INFO  [c.c.s.ConfigurationServerImpl]
> >> > (main:null) Processing updateSSLKeyStore
> >> > 2014-10-23 15:21:52,948 INFO  [c.c.s.ConfigurationServerImpl]
> >> > (main:null) SSL keystore located at
> >> > /etc/cloudstack/management/cloud.keystore
> >> > 2014-10-23 15:21:52,951 DEBUG [c.c.u.s.Script] (main:null) Executing:
> >> sudo keytool -genkey -keystore /etc/cloudstack/management/cloud.keystore
> >> -storepass vmops.com -keypass vmops.com -keyalg RSA -validity 3650
> >> -dname cn="Cloudstack User",ou="chlt.charlottecolo.com",o="
> >> chlt.charlottecolo.com",c="Unknown"
> >> > 2014-10-23 15:21:52,988 DEBUG [c.c.u.s.Script] (main:null) Exit value
> >> > is 1
> >> > 2014-10-23 15:21:52,989 DEBUG [c.c.u.s.Script] (main:null) sudo: no
> >> > tty present and no askpass program specified
> >> > 2014-10-23 15:21:52,991 WARN  [c.c.s.ConfigurationServerImpl]
> >> (main:null) Would use fail-safe keystore to continue.
> >> > java.io.IOException: Fail to generate certificate!: sudo: no tty
> >> present and no askpass program specified
> >> >       at
> >>
> com.cloud.server.ConfigurationServerImpl.generateDefaultKeystore(ConfigurationServerImpl.java:595)
> >> >       at
> >>
> com.cloud.server.ConfigurationServerImpl.updateSSLKeystore(ConfigurationServerImpl.java:623)
> >> >       at
> >>
> com.cloud.server.ConfigurationServerImpl.persistDefaultValues(ConfigurationServerImpl.java:299)
> >> >       at
> >>
> com.cloud.server.ConfigurationServerImpl.configure(ConfigurationServerImpl.java:164)
> >> >       at
> >>
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle$3.with(CloudStackExtendedLifeCycle.java:114)
> >> >       at
> >>
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.with(CloudStackExtendedLifeCycle.java:153)
> >> >       at
> >>
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.configure(CloudStackExtendedLifeCycle.java:110)
> >> >       at
> >>
> org.apache.cloudstack.spring.lifecycle.CloudStackExtendedLifeCycle.start(CloudStackExtendedLifeCycle.java:56)
> >> >       at
> >>
> org.springframework.context.support.DefaultLifecycleProcessor.doStart(DefaultLifecycleProcessor.java:167)
> >> >       at
> >>
> org.springframework.context.support.DefaultLifecycleProcessor.access$200(DefaultLifecycleProcessor.java:51)
> >> >       at
> >>
> org.springframework.context.support.DefaultLifecycleProcessor$LifecycleGroup.start(DefaultLifecycleProcessor.java:339)
> >> >       at
> >>
> org.springframework.context.support.DefaultLifecycleProcessor.startBeans(DefaultLifecycleProcessor.java:143)
> >> >       at
> >>
> org.springframework.context.support.DefaultLifecycleProcessor.onRefresh(DefaultLifecycleProcessor.java:108)
> >> >       at
> >>
> org.springframework.context.support.AbstractApplicationContext.finishRefresh(AbstractApplicationContext.java:945)
> >> >       at
> >>
> org.springframework.context.support.AbstractApplicationContext.refresh(AbstractApplicationContext.java:482)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContext(DefaultModuleDefinitionSet.java:145)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet$2.with(DefaultModuleDefinitionSet.java:122)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:245)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:250)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:250)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.withModule(DefaultModuleDefinitionSet.java:233)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.loadContexts(DefaultModuleDefinitionSet.java:117)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.model.impl.DefaultModuleDefinitionSet.load(DefaultModuleDefinitionSet.java:79)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.factory.ModuleBasedContextFactory.loadModules(ModuleBasedContextFactory.java:37)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.init(CloudStackSpringContext.java:70)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:57)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.factory.CloudStackSpringContext.<init>(CloudStackSpringContext.java:61)
> >> >       at
> >>
> org.apache.cloudstack.spring.module.web.CloudStackContextLoaderListener.contextInitialized(CloudStackContextLoaderListener.java:52)
> >> >       at
> >>
> org.apache.catalina.core.StandardContext.listenerStart(StandardContext.java:4210)
> >> >       at
> >>
> org.apache.catalina.core.StandardContext.start(StandardContext.java:4709)
> >> >       at
> >>
> org.apache.catalina.core.ContainerBase.addChildInternal(ContainerBase.java:791)
> >> >       at
> >> org.apache.catalina.core.ContainerBase.addChild(ContainerBase.java:771)
> >> >       at
> >> org.apache.catalina.core.StandardHost.addChild(StandardHost.java:526)
> >> >       at
> >>
> org.apache.catalina.startup.HostConfig.deployDirectory(HostConfig.java:1041)
> >> >       at
> >>
> org.apache.catalina.startup.HostConfig.deployDirectories(HostConfig.java:964)
> >> >       at
> >> org.apache.catalina.startup.HostConfig.deployApps(HostConfig.java:502)
> >> >       at
> >> org.apache.catalina.startup.HostConfig.start(HostConfig.java:1277)
> >> >       at
> >>
> org.apache.catalina.startup.HostConfig.lifecycleEvent(HostConfig.java:321)
> >> >       at
> >>
> org.apache.catalina.util.LifecycleSupport.fireLifecycleEvent(LifecycleSupport.java:142)
> >> >       at
> >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1053)
> >> >       at
> >> org.apache.catalina.core.StandardHost.start(StandardHost.java:722)
> >> >       at
> >> org.apache.catalina.core.ContainerBase.start(ContainerBase.java:1045)
> >> >       at
> >> org.apache.catalina.core.StandardEngine.start(StandardEngine.java:443)
> >> >       at
> >> org.apache.catalina.core.StandardService.start(StandardService.java:516)
> >> >       at
> >> org.apache.catalina.core.StandardServer.start(StandardServer.java:710)
> >> >       at org.apache.catalina.startup.Catalina.start(Catalina.java:593)
> >> >       at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
> >> >       at
> >>
> sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
> >> >       at
> >>
> sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
> >> >       at java.lang.reflect.Method.invoke(Method.java:606)
> >> >       at
> org.apache.catalina.startup.Bootstrap.start(Bootstrap.java:289)
> >> >       at
> org.apache.catalina.startup.Bootstrap.main(Bootstrap.java:414)
> >>
> >>
> >
> >
> > --
> >
> > Andrija Panić
> > --------------------------------------
> >   http://admintweets.com
> > --------------------------------------
> >
>
>
>
> --
>
> Andrija Panić
> --------------------------------------
>   http://admintweets.com
> --------------------------------------
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message