Bug 1832732
| Summary: | unneeded sudoers configuration for vdsm and sanlock service control | ||
|---|---|---|---|
| Product: | [oVirt] ovirt-hosted-engine-ha | Reporter: | Evgeny Slutsky <eslutsky> |
| Component: | General | Assignee: | Evgeny Slutsky <eslutsky> |
| Status: | CLOSED CURRENTRELEASE | QA Contact: | Nikolai Sednev <nsednev> |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | 2.4.2 | CC: | arachman, bugs |
| Target Milestone: | ovirt-4.4.1 | Keywords: | Triaged |
| Target Release: | --- | Flags: | sbonazzo:
ovirt-4.4?
|
| Hardware: | Unspecified | ||
| OS: | Unspecified | ||
| Whiteboard: | |||
| Fixed In Version: | ovirt-hosted-engine-ha-2.4.4 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2020-07-08 08:26:21 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | Integration | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Cmnd_Alias OVIRT_HA = \
/sbin/losetup --find --show --sizelimit=* /var/lib/ovirt-hosted-engine-ha/*, \
/sbin/losetup --detach /dev/loop*, \
/sbin/mkfs -t * /dev/loop*, \
/usr/bin/mount /dev/loop* *, \
/usr/bin/umount *, \
/bin/mv -b -f -Z /var/lib/ovirt-hosted-engine-ha/* /etc/ovirt-hosted-engine/hosted-engine.conf, \
/usr/bin/chown -R vdsm /var/lib/ovirt-hosted-engine-ha/*, \
/usr/bin/chown root\:root /etc/ovirt-hosted-engine/hosted-engine.conf, \
/usr/bin/chmod 644 /etc/ovirt-hosted-engine/hosted-engine.conf, \
/usr/sbin/persist /etc/ovirt-hosted-engine/hosted-engine.conf, \
/usr/sbin/unpersist /etc/ovirt-hosted-engine/hosted-engine.conf
vdsm ALL=(ALL) NOPASSWD: OVIRT_HA
/etc/sudoers.d/60_ovirt-ha (END)
Works for me on latest Software Version:4.4.1.7-0.3.el8ev.
ovirt-hosted-engine-ha-2.4.4-1.el8ev.noarch
ovirt-hosted-engine-setup-2.4.5-1.el8ev.noarch
Linux 4.18.0-193.12.1.el8_2.x86_64 #1 SMP Thu Jul 2 15:48:14 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux release 8.2 (Ootpa)
Reported issue no longer exists.
This bugzilla is included in oVirt 4.4.1 release, published on July 8th 2020. Since the problem described in this bug report should be resolved in oVirt 4.4.1 release, it has been closed with a resolution of CURRENT RELEASE. If the solution does not work for you, please open a new bug report. |
Description of problem: when ovirt-hosted-engine-ha installed it create its sudoers file which grants to vsdm user permission to control vdsm and sanlock services. in file /etc/sudoers.d/60_ovirt-ha: Cmnd_Alias OVIRT_HA = \ /usr/sbin/service vdsmd *, \ /usr/sbin/service sanlock *, \ /sbin/losetup --find --show --sizelimit=* /var/lib/ovirt-hosted-engine-ha/*, \ /sbin/losetup --detach /dev/loop*, \ /sbin/mkfs -t * /dev/loop*, \ /usr/bin/mount /dev/loop* *, \ /usr/bin/umount *, \ /bin/mv -b -f -Z /var/lib/ovirt-hosted-engine-ha/* /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/bin/chown -R vdsm /var/lib/ovirt-hosted-engine-ha/*, \ /usr/bin/chown root\:root /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/bin/chmod 644 /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/sbin/persist /etc/ovirt-hosted-engine/hosted-engine.conf, \ /usr/sbin/unpersist /etc/ovirt-hosted-engine/hosted-engine.conf "service" command only used for checking service status, so it doesn't require sudo.