Re: [virt-manager PATCH 2/2] cli: stop forking into the background

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 05/01/2018 04:01 AM, Daniel P. Berrangé wrote:
> On Mon, Apr 30, 2018 at 12:47:38PM -0400, Cole Robinson wrote:
>> On 04/30/2018 12:19 PM, Daniel P. Berrangé wrote:
>>> On Mon, Apr 30, 2018 at 12:12:08PM -0400, Cole Robinson wrote:
>>>> On 04/30/2018 08:33 AM, Daniel P. Berrangé wrote:
>>>>> The behaviour whereby virt-manager forks into the background was added
>>>>> way back in:
>>>>>
>>>>>   commit 99c92b9471a6a55859307071aa4a0e712991f158
>>>>>   Author: Daniel P. Berrange <berrange@xxxxxxxxxx>
>>>>>   Date:   Mon Sep 10 20:10:20 2007 -0400
>>>>>
>>>>>     Refactor startup to drop controlling TTY, avoiding annoying SSH prompts
>>>>>
>>>>> While it achieves its stated goal, this is quite a big hammer to use
>>>>> with unpleasant side effects. Most end users will launch virt-manager
>>>>> from the desktop which will fork the app into the background already.
>>>>> Even when running from the command line, modern desktop environments
>>>>> will have things setup up so that all SSH prompts are intercepted and
>>>>> presented via a graphical window. Forking into the background causes
>>>>> extra pain for developers as warnings that would otherwise appear on
>>>>> stderr get lost e.g.
>>>>>
>>>>>   commit 24a8b66b35c92bed919a4a6beb7c7fb80e85b3b2
>>>>>   Author: Daniel P. Berrangé <berrange@xxxxxxxxxx>
>>>>>   Date:   Wed Apr 4 14:35:40 2018 +0100
>>>>>
>>>>>     avoid referencing ConnectError if it is None
>>>>>
>>>>>     Currently it throws an exception at startup which is hidden unless you
>>>>>     run with --no-fork
>>>>>
>>>>> The limited benefit of forking is not worth the pain it causes, so
>>>>> just start "normally" as any other GTK app would.
>>>>
>>>> I'd love to be able to drop this, but consider this case: install
>>>> virt-manager to /usr/share with this patch, then run it from gnome-shell
>>>> and try to connect to an ssh host that requires a password. ssh will
>>>> print the password prompt to stdout which the user doesn't see, and the
>>>> connection attempt just hangs until whenever ssh times out.
>>>>
>>>> This is the crux of the problem and I don't know any way around it.
>>>> There's no way to force ssh to launch askpass without forking+setsid. if
>>>> we wanted to drop passwordauth entirely for ssh and mandate keys or
>>>> other auth, we can extend libvirt to allow passing -o
>>>> PasswordAuthentication=no to ssh, but then it'd still be years before we
>>>> could drop the --no-fork behavior.
>>>
>>> You can add the 'no_tty=1'  URI parameter to any libvirt remote URI.
>>>
>>> This adds  '-T -o BatchMode=yes -e none':
>>>
>>>      -T      Disable pseudo-terminal allocation.
>>>      -e escape_char
>>>              Sets the escape character for sessions with a
>>>              pty (default: ‘~’).  The escape character is
>>>              only recognized at the beginning of a line.
>>>              The escape character followed by a dot (‘.’)
>>>              closes the connection; followed by control-Z
>>>              suspends the connection; and followed by
>>>              itself sends the escape character once.  Set‐
>>>              ting the character to “none” disables any
>>>              escapes and makes the session fully transpar‐
>>>              ent.
>>>
>>>      BatchMode
>>>              If set to yes, passphrase/password querying
>>>              will be disabled.  This option is useful in
>>>              scripts and other batch jobs where no user is
>>>              present to supply the password.  The argument
>>>              must be yes or no (the default).
>>>
>>> Even in BatchMode, the graphical agent prompt will still be used
>>> for passphrases to unlock keys.
>>>
>>
>> Ahh yes I definitely knew about that at one point, thanks for the
>> reminder. Though this will kill keyless ssh access with virt-manager,
>> unclear to me if it's worth the tradeoff
> 
> How does keyless ssh access currently work though - it can't prompt on
> the terminal if we've forked into background, and it doesn't appear to
> ask for passwords in the graphical ssh agent dialog ? So I'm unclear
> what we'd be using by adding no_tty=1.  Amuzingly, I actually added
> this no_tty=1 feature to libvirt just after doing this fork hack in
> virt-manager, and then forgot to ever make virt-manager use no_tty=1 :-)

If openssh-askpass is installed, ssh will launch that and ask for the
password. Last I checked it can only be convinced to launch it if we
fork though

- Cole

_______________________________________________
virt-tools-list mailing list
virt-tools-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/virt-tools-list




[Index of Archives]     [Linux Virtualization]     [KVM Development]     [CentOS Virtualization]     [Netdev]     [Ethernet Bridging]     [Linux Wireless]     [Kernel Newbies]     [Security]     [Linux for Hams]     [Netfilter]     [Bugtraq]     [Yosemite Forum]     [MIPS Linux]     [ARM Linux]     [Linux RAID]     [Linux Admin]     [Samba]     [Video 4 Linux]

  Powered by Linux