Bug 349381
| Summary: | GFS: Allow fence_egenera to specify ssh login name | ||||||
|---|---|---|---|---|---|---|---|
| Product: | Red Hat Enterprise Linux 5 | Reporter: | Issue Tracker <tao> | ||||
| Component: | cman | Assignee: | Jim Parsons <jparsons> | ||||
| Status: | CLOSED ERRATA | QA Contact: | Cluster QE <mspqa-list> | ||||
| Severity: | high | Docs Contact: | |||||
| Priority: | high | ||||||
| Version: | 5.0 | CC: | casmith, cluster-maint, cward, npitts, tao | ||||
| Target Milestone: | --- | Keywords: | FutureFeature, Triaged | ||||
| Target Release: | --- | ||||||
| Hardware: | All | ||||||
| OS: | Linux | ||||||
| Whiteboard: | |||||||
| Fixed In Version: | Doc Type: | Enhancement | |||||
| Doc Text: | Story Points: | --- | |||||
| Clone Of: | |||||||
| : | 488958 (view as bug list) | Environment: | |||||
| Last Closed: | 2009-01-20 21:50:36 UTC | Type: | --- | ||||
| Regression: | --- | Mount Type: | --- | ||||
| Documentation: | --- | CRM: | |||||
| Verified Versions: | Category: | --- | |||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||
| Embargoed: | |||||||
| Bug Depends On: | 437166, 438028 | ||||||
| Bug Blocks: | 391501, 445931, 488958 | ||||||
| Attachments: |
|
||||||
|
Description
Issue Tracker
2007-10-23 19:51:31 UTC
Below is the enhancement request made in RedHat Bugzilla #236090 (https://bugzilla.redhat.com/show_bug.cgi?id=236090). This is an important security enhancement that the US Census Bureau requires. This affects RHEL4 and RHEL5. Description of problem: ENHANCEMENT: Allow fence_egenera to specify ssh login name. Currently, it only logs into the cBlade for a fencing operation as the user that ran the script, and practically speaking, that is always the root user. Version-Release number of selected component (if applicable): 4 How reproducible: N/A Steps to Reproduce: 1.N/A 2.N/A 3.N/A Actual results: N/A Expected results: N/A Additional info: The current fence_egenera script logs into the cBlade as root for a fencing operation. This is preventing a security-conscious client from deploying GFS clusters in their DMZ environment. Doing SCSI-3 PR in this environment is not yet a viable option. This event sent from IssueTracker by jwilleford [Census] issue 135456 Preferably, the default user name for this enhancement would be 'fence', or something similar. This may or may not cause package update issues. On the BladeFrame, user 'fence' would have to have rights to the LPAN(s) containing the servers (and corresponding blades) it needs to be able to fence. This note would have to be added to the documentation for fence_egenera. *** Bug 236090 has been marked as a duplicate of this bug. *** Created attachment 296061 [details]
Patch: add support for option user to fence agent egenera
Partners, this bug should be fixed in the latest RHEL 5.3 Snapshot. We believe that you have some interest in its correct functionality, so we're making a friendly request to send us some testing feedback. If you have a chance to test it, please share with us your findings. If you have successfully VERIFIED the fix, please add PartnerVerified to the Bugzilla keywords, along with a description of the results. Thanks! An advisory has been issued which should help the problem described in this bug report. This report is therefore being closed with a resolution of ERRATA. For more information on therefore solution and/or where to find the updated files, please follow the link below. You may reopen this bug report if the solution does not work for you. http://rhn.redhat.com/errata/RHBA-2009-0189.html |