<tt><font size=2>Ken Gaillot <kgaillot@redhat.com> schrieb am 08.03.2017
15:50:57:<br>
<br>
> Von: Ken Gaillot <kgaillot@redhat.com></font></tt>
<br><tt><font size=2>> An: users@clusterlabs.org</font></tt>
<br><tt><font size=2>> Datum: 08.03.2017 15:56</font></tt>
<br><tt><font size=2>> Betreff: Re: [ClusterLabs] VirtualDomain as non-root
/ encrypted</font></tt>
<br><tt><font size=2>> <br>
> On 03/08/2017 04:19 AM, philipp.achmueller@arz.at wrote:<br>
> > hi,<br>
> > <br>
> > Any ideas how to run VirtualDomain Resource as non-root user
with<br>
> > encrypted transport to remote hypervisor(ssh)?<br>
> > <br>
> > i'm able to start/stop/migrate vm via libvirt as non-root, but
it<br>
> > doesn't work with pacemaker - pacemaker runs VirtualDomain as
root, also<br>
> > there is no option to pass user via parameter<br>
> > <br>
> > thank you!<br>
> <br>
> There's no way to do this within Pacemaker currently. The closest<br>
> workaround would be to copy the VirtualDomain agent, and edit it to<br>
> switch users before doing anything.<br>
> </font></tt>
<br>
<br><tt><font size=2>thank you, we will give that a try!</font></tt>
<br><tt><font size=2><br>
> Since we added the alerts feature, we've been keeping a future<br>
> enhancement in mind to allow selecting the user that alert agents
run as<br>
> (currently, it's always hacluster). If we do that, the same mechanism<br>
> will likely work with resource agents as well. There is a lot of<br>
> high-priority work ahead of that, though.<br>
> <br>
> Keep in mind that some agents maintain state data somewhere like<br>
> /var/run, and they may break even if they can otherwise run as a<br>
> different user. If they offer the state location as an option, that's
an<br>
> easy workaround.<br>
</font></tt><font size=2 face="sans-serif"><br>
</font>