You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@cloudstack.apache.org by Yiping Zhang <yz...@marketo.com> on 2014/08/11 21:44:25 UTC
adding kvm host to cluster
Hi All:
When adding a new kvm host to a cluster in GUI, it asks for a user name and password. The doc just says that “user name (usually root)”. How is this username used by management server? Can it be a non-root user ? If so, what privileges does this user require?
Thanks,
Yiping
Re: adding kvm host to cluster
Posted by mo <mo...@daoenix.com>.
My apologies, I attached my response to the wrong person.
=(
- Mo
On August 11, 2014 at 5:50:28 PM, mo (mo@daoenix.com) wrote:
I asked if it was necessary to always permit root access, and/or if it was okay to lock it down once setup was complete. It was told to me, that it was okay to lock it down; as root will only access it at initial setup. Therefore, with what you state; it seems to be necessary to permit access all the time?
- Mo
On August 11, 2014 at 5:47:42 PM, Yiping Zhang (yzhang@marketo.com) wrote:
My research so far indicates that this host user has to be root, and the
management server will ssh to port 22 of hypervisor hosts to do its magic.
So my follow on question is: does management server require the ability
to ssh to hypervisor host all the time, or just during initial setup phase
?
Thanks for any clarifications,
Yiping
On 8/11/14, 12:44 PM, "Yiping Zhang" <yz...@marketo.com> wrote:
>Hi All:
>
>When adding a new kvm host to a cluster in GUI, it asks for a user name
>and password. The doc just says that ³user name (usually root)². How is
>this username used by management server? Can it be a non-root user ? If
>so, what privileges does this user require?
>
>Thanks,
>
>Yiping
Re: adding kvm host to cluster
Posted by Yiping Zhang <yz...@marketo.com>.
Can anyone who have definitive knowledge or from cloudstack team please confirm whether following statement is true or false:
When adding a new (hypervsior) host to cluster, CloudStack management server will ssh to port 22 of new host as root user with a password. Once the initial set up completes, management sever does not need root access with password to hosts any more. (If the answer depends on the hypervisor type, please specify the details.)
My cloudstack is 4.3.0 with kvm hypervisor running on rhel 6.5.
In my environment, root password and /etc/ssh/sshd_config ( where PermitRootLogin is set to no) file are managed by puppet. If root access using passed to hypervisor host is one time requirement during initial setup, I can work around it, otherwise I’ll have to manage exceptions in puppet modules for my hypervisors.
Thanks,
Yiping
From: mo <mo...@daoenix.com>>
Date: Monday, August 11, 2014 at 2:50 PM
To: Yiping Zhang <yz...@marketo.com>>, "users@cloudstack.apache.org<ma...@cloudstack.apache.org>" <us...@cloudstack.apache.org>>
Subject: Re: adding kvm host to cluster
I asked if it was necessary to always permit root access, and/or if it was okay to lock it down once setup was complete. It was told to me, that it was okay to lock it down; as root will only access it at initial setup. Therefore, with what you state; it seems to be necessary to permit access all the time?
- Mo
On August 11, 2014 at 5:47:42 PM, Yiping Zhang (yzhang@marketo.com<ma...@marketo.com>) wrote:
My research so far indicates that this host user has to be root, and the
management server will ssh to port 22 of hypervisor hosts to do its magic.
So my follow on question is: does management server require the ability
to ssh to hypervisor host all the time, or just during initial setup phase
?
Thanks for any clarifications,
Yiping
On 8/11/14, 12:44 PM, "Yiping Zhang" <yz...@marketo.com>> wrote:
>Hi All:
>
>When adding a new kvm host to a cluster in GUI, it asks for a user name
>and password. The doc just says that ³user name (usually root)². How is
>this username used by management server? Can it be a non-root user ? If
>so, what privileges does this user require?
>
>Thanks,
>
>Yiping
Re: adding kvm host to cluster
Posted by mo <mo...@daoenix.com>.
I asked if it was necessary to always permit root access, and/or if it was okay to lock it down once setup was complete. It was told to me, that it was okay to lock it down; as root will only access it at initial setup. Therefore, with what you state; it seems to be necessary to permit access all the time?
- Mo
On August 11, 2014 at 5:47:42 PM, Yiping Zhang (yzhang@marketo.com) wrote:
My research so far indicates that this host user has to be root, and the
management server will ssh to port 22 of hypervisor hosts to do its magic.
So my follow on question is: does management server require the ability
to ssh to hypervisor host all the time, or just during initial setup phase
?
Thanks for any clarifications,
Yiping
On 8/11/14, 12:44 PM, "Yiping Zhang" <yz...@marketo.com> wrote:
>Hi All:
>
>When adding a new kvm host to a cluster in GUI, it asks for a user name
>and password. The doc just says that ³user name (usually root)². How is
>this username used by management server? Can it be a non-root user ? If
>so, what privileges does this user require?
>
>Thanks,
>
>Yiping
Re: adding kvm host to cluster
Posted by Yiping Zhang <yz...@marketo.com>.
My research so far indicates that this host user has to be root, and the
management server will ssh to port 22 of hypervisor hosts to do its magic.
So my follow on question is: does management server require the ability
to ssh to hypervisor host all the time, or just during initial setup phase
?
Thanks for any clarifications,
Yiping
On 8/11/14, 12:44 PM, "Yiping Zhang" <yz...@marketo.com> wrote:
>Hi All:
>
>When adding a new kvm host to a cluster in GUI, it asks for a user name
>and password. The doc just says that ³user name (usually root)². How is
>this username used by management server? Can it be a non-root user ? If
>so, what privileges does this user require?
>
>Thanks,
>
>Yiping