Thanks for replying! On Thu, Feb 18, 2010 at 02:42:51PM -0500, Matthew Miller wrote: > On Tue, Feb 16, 2010 at 05:07:16PM -0800, graziano obertelli wrote: > > In this regards I have few questions: we depend on libvirt to run > > instances, and we are running into some problems. The first one is: how do > > we give permission to the user eucalyptus to run instances? I think you > > are using policykit, so how do we configure it correctly? > > This is untested and should be vetted for correct policy usage in addition > to actually functionally, but a file called > /etc/polkit-1/localauthority/10-vendor.d/10-libvirt-allow-eucalyptus-user > with these contents: > > [AllowEucalyptusUser] > Identity=unix-user:eucalyptus > Action=org.libvirt.unix.manage > ResultAny=yes > > Should do it. I'm still having problem: I get Feb 22 11:41:22 localhost libvirtd: 11:41:22.973: error : remoteDispatchAuthPolkit:3168 : Policy kit denied action org.libvirt.unix.manage from pid 1820, uid 501, result: 256#012 and [root at fedora-64 eucalyptus]# pkcheck --action-id org.libvirt.unix.manage --process 1820 Not authorized. I also tried to create another user, and add the rules for it too, but virsh connect qemu:///system is still failing with the same error (root of course can connect). Am I doing soemthing wrong? > > %global is_suse %(test -e /etc/SuSE-release && echo 1 || echo 0) > > %global is_centos %(grep CentOS /etc/redhat-release > /dev/null && echo 1 || echo 0) > > %global is_fedora %(grep Fedora /etc/redhat-release > /dev/null && echo 1 || echo 0) > > > All of this stuff is kinda scary. I'd rather see a eucalyptus.spec.in that > gets pre-processed into distro-specific spec files. > > There's quite a bit of other cleanup that needs to happen to make it match > the fedora packaging guidelines, too -- and since that stuff may not mesh > well with Suse, etc., guidelines, trying to keep it all in one shared file > gets more and more difficult. Ok, this is a good point. For now we'll keep a single spec file becasue it's easier for us to handle it, but we'll keep this in mind! cheers graziano > > -- > Matthew Miller <mattdm at mattdm.org> > Senior Systems Architect -- Instructional & Research Computing Services > Computing & Information Technology > Harvard School of Engineering & Applied Sciences > _______________________________________________ > cloud mailing list > cloud at lists.fedoraproject.org > https://admin.fedoraproject.org/mailman/listinfo/cloud -- Graziano Obertelli Eucalyptus Systems, Inc. 130 Castilian St. Goleta, CA 93117 Office: 805-845-8000 www.eucalyptus.com
