Bug 682317

Summary: Need method to automate ccs_sync password entry
Product: Red Hat Enterprise Linux 6 Reporter: Nate Straz <nstraz>
Component: ricciAssignee: Chris Feist <cfeist>
Status: CLOSED ERRATA QA Contact: Cluster QE <mspqa-list>
Severity: unspecified Docs Contact:
Priority: medium    
Version: 6.1CC: cluster-maint
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ricci-0.16.2-29.el6 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-05-19 14:18:01 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Nate Straz 2011-03-04 20:15:36 UTC 
Description of problem:

QE is requesting a modification to ccs_sync so we can automate its setup.  ccs_sync now asks for the ricci password for every host using the getpass(3) function.  This function opens /dev/tty which makes piping in the password via stdin ineffective.  It is also marked obsolete, "Do not use it." in the man page.

The getpass info page[1] includes example code for writing a substitute.

[1] http://www.gnu.org/s/libc/manual/html_node/getpass.html

Version-Release number of selected component (if applicable):
ricci-0.16.2-28.el6.x86_64

How reproducible:
Every time

Steps to Reproduce:
1. yes riccipasswd | passwd ricci
2. yes riccipasswd | ccs_sync
3. ccs_sync prompts for password on /dev/tty
  
Actual results:


Expected results:


Additional info:
Comment 2 Chris Feist 2011-03-04 22:03:52 UTC 
Seems reasonable to me, ccs_sync should be able to be able to get the password from a script.
Comment 3 Chris Feist 2011-03-08 22:42:30 UTC 
I've updated ricci (and ccs_sync) to properly accept piped input for passwords.  Please let me know if this doesn't work.
Comment 4 Chris Feist 2011-03-08 22:47:02 UTC 
How to test:

[root@ask-03 ~]# yes "password" | ccs_sync
You have not authenticated to the ricci daemon on ask-03
Password: 
[root@ask-03 ~]#

With the old ccs_sync it would just hang on the password and not actually propagate the files.
Comment 5 Chris Feist 2011-03-08 22:50:53 UTC 
You'll also want to clear out any cached ricci certificates, so on all the ricci nodes run the following commands:

rm -f /var/lib/ricci/certs/clients/client_cert_*
service ricci restart
Comment 7 Nate Straz 2011-03-25 14:50:33 UTC 
Verified with ricci-0.16.2-30.el6.x86_64.

[root@buzz-02 cluster]# yes riccipass | passwd ricci
Changing password for user ricci.
New password: Retype new password: passwd: all authentication tokens updated successfully.
[root@buzz-02 cluster]# yes riccipass | ccs_sync
You have not authenticated to the ricci daemon on buzz-02
Password:
You have not authenticated to the ricci daemon on buzz-05
Password:
You have not authenticated to the ricci daemon on buzz-04
Password:
You have not authenticated to the ricci daemon on buzz-03
Password:
You have not authenticated to the ricci daemon on buzz-01
Password:
[root@buzz-02 cluster]# ccs_sync
[root@buzz-02 cluster]#
Comment 8 errata-xmlrpc 2011-05-19 14:18:01 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0749.html