Eucalyptus

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Thanks for replying!

On Thu, Feb 18, 2010 at 02:42:51PM -0500, Matthew Miller wrote:
> On Tue, Feb 16, 2010 at 05:07:16PM -0800, graziano obertelli wrote:
> > In this regards I have few questions: we depend on libvirt to run
> > instances, and we are running into some problems. The first one is: how do
> > we give permission to the user eucalyptus to run instances? I think you
> > are using policykit, so how do we configure it correctly?
> 
> This is untested and should be vetted for correct policy usage in addition
> to actually functionally, but a file called
> /etc/polkit-1/localauthority/10-vendor.d/10-libvirt-allow-eucalyptus-user 
> with these contents:
> 
> [AllowEucalyptusUser]
> Identity=unix-user:eucalyptus
> Action=org.libvirt.unix.manage
> ResultAny=yes
> 
> Should do it.

I'm still having problem: I get

Feb 22 11:41:22 localhost libvirtd: 11:41:22.973: error :
remoteDispatchAuthPolkit:3168 : Policy kit denied action
org.libvirt.unix.manage from pid 1820, uid 501, result: 256#012

and 

[root at fedora-64 eucalyptus]# pkcheck --action-id org.libvirt.unix.manage --process 1820
Not authorized.

I also tried to create another user, and add the rules for it too, but
virsh connect qemu:///system is still failing with the same error (root of
course can connect).

Am I doing soemthing wrong?

> > %global is_suse %(test -e /etc/SuSE-release && echo 1 || echo 0)
> > %global is_centos %(grep CentOS /etc/redhat-release > /dev/null && echo 1 || echo 0)
> > %global is_fedora %(grep Fedora /etc/redhat-release > /dev/null && echo 1 || echo 0)
> 
> 
> All of this stuff is kinda scary. I'd rather see a eucalyptus.spec.in that
> gets pre-processed into distro-specific spec files.
> 
> There's quite a bit of other cleanup that needs to happen to make it match
> the fedora packaging guidelines, too -- and since that stuff may not mesh
> well with Suse, etc., guidelines, trying to keep it all in one shared file
> gets more and more difficult.

Ok, this is a good point. For now we'll keep a single spec file becasue
it's easier for us to handle it, but we'll keep this in mind! 

cheers
graziano

> 
> -- 
> Matthew Miller <mattdm at mattdm.org>
> Senior Systems Architect -- Instructional & Research Computing Services
> Computing & Information Technology 
> Harvard School of Engineering & Applied Sciences
> _______________________________________________
> cloud mailing list
> cloud at lists.fedoraproject.org
> https://admin.fedoraproject.org/mailman/listinfo/cloud

-- 
Graziano Obertelli
Eucalyptus Systems, Inc.

130 Castilian St. Goleta, CA 93117
Office: 805-845-8000
www.eucalyptus.com


[Index of Archives]     [Fedora General Discussion]     [Older Fedora Users Archive]     [Fedora Advisory Board]     [Fedora Security]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [ATA RAID]     [Fedora Marketing]     [Fedora Mentors]     [Fedora Package Announce]     [Fedora Package Review]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Coolkey]     [Yum Users]     [Big List of Linux Books]     [Yosemite News]     [Linux Apps]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]

  Powered by Linux