[ClusterLabs] Antwort: Re: VirtualDomain as non-root / encrypted
philipp.achmueller at arz.at
philipp.achmueller at arz.at
Wed Mar 8 15:27:29 UTC 2017
Ken Gaillot <kgaillot at redhat.com> schrieb am 08.03.2017 15:50:57:
> Von: Ken Gaillot <kgaillot at redhat.com>
> An: users at clusterlabs.org
> Datum: 08.03.2017 15:56
> Betreff: Re: [ClusterLabs] VirtualDomain as non-root / encrypted
>
> On 03/08/2017 04:19 AM, philipp.achmueller at arz.at wrote:
> > hi,
> >
> > Any ideas how to run VirtualDomain Resource as non-root user with
> > encrypted transport to remote hypervisor(ssh)?
> >
> > i'm able to start/stop/migrate vm via libvirt as non-root, but it
> > doesn't work with pacemaker - pacemaker runs VirtualDomain as root,
also
> > there is no option to pass user via parameter
> >
> > thank you!
>
> There's no way to do this within Pacemaker currently. The closest
> workaround would be to copy the VirtualDomain agent, and edit it to
> switch users before doing anything.
>
thank you, we will give that a try!
> Since we added the alerts feature, we've been keeping a future
> enhancement in mind to allow selecting the user that alert agents run as
> (currently, it's always hacluster). If we do that, the same mechanism
> will likely work with resource agents as well. There is a lot of
> high-priority work ahead of that, though.
>
> Keep in mind that some agents maintain state data somewhere like
> /var/run, and they may break even if they can otherwise run as a
> different user. If they offer the state location as an option, that's an
> easy workaround.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.clusterlabs.org/pipermail/users/attachments/20170308/8af78ec3/attachment-0002.html>
More information about the Users
mailing list