[one-users] Centos 6.3 foibles and fragile runtime assumptions
Matthew Patton
mpatton at inforelay.com
Sat Sep 15 05:10:44 PDT 2012
On Mon, 10 Sep 2012 08:14:02 -0400, Valentin Bud
<valentin at hackaserver.com> wrote:
> I have managed to get OpenNebula running on a CentOS 6.3 host.
...
> I have configure polkit.
I went the other way and recompiled Libvirt from source and disabled
polkit and a number of other recent "enhancements" as well as forcibly
turned ON vmware and xen support. I'm no expert on the rpmbuild process
but I had to actually hand-edit the section where it invokes 'configure'
because setting the variables in the build file (which I thought should
have worked) didn't.
> Also qemu is configured to run under oneadmin user and group
>
> # cat /etc/libvirt/qemu.conf | egrep "^user|^group"
> user = "oneadmin"
> group = "oneadmin"
I think this is a BAD or at least not good thing to do. All libvirt
operations should always run as the system's QEMU user. It should be that
anything oneadmin wants to run be via 'sudo -u qemu <cmd>'. This also
means that ONE needs to support a way to specify the "connect-as" when
invoking SSH. Currently the assumption is 'oneadmin' is available
everywhere. This problem also breaks VMWare support since the 'oneadmin'
and/or it's key will not persist. For every host (and/or cluster)
definition there needs to be an optional attribute (eg. SSH_AS) that is
merged into all connection strings.
Similarly there needs to be a "command prefix" which would often equal
"sudo -u <qemu user>"
--
Cloud Services Architect, Senior System Administrator
InfoRelay Online Systems (www.inforelay.com)
More information about the Users
mailing list