Bug 682317 - Need method to automate ccs_sync password entry
Need method to automate ccs_sync password entry
Status: CLOSED ERRATA
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ricci (Show other bugs)
6.1
Unspecified Unspecified
medium Severity unspecified
: rc
: ---
Assigned To: Chris Feist
Cluster QE
:
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2011-03-04 15:15 EST by Nate Straz
Modified: 2011-05-19 10:18 EDT (History)
1 user (show)

See Also:
Fixed In Version: ricci-0.16.2-29.el6
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-05-19 10:18:01 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Nate Straz 2011-03-04 15:15:36 EST
Description of problem:

QE is requesting a modification to ccs_sync so we can automate its setup.  ccs_sync now asks for the ricci password for every host using the getpass(3) function.  This function opens /dev/tty which makes piping in the password via stdin ineffective.  It is also marked obsolete, "Do not use it." in the man page.

The getpass info page[1] includes example code for writing a substitute.

[1] http://www.gnu.org/s/libc/manual/html_node/getpass.html

Version-Release number of selected component (if applicable):
ricci-0.16.2-28.el6.x86_64

How reproducible:
Every time

Steps to Reproduce:
1. yes riccipasswd | passwd ricci
2. yes riccipasswd | ccs_sync
3. ccs_sync prompts for password on /dev/tty
  
Actual results:


Expected results:


Additional info:
Comment 2 Chris Feist 2011-03-04 17:03:52 EST
Seems reasonable to me, ccs_sync should be able to be able to get the password from a script.
Comment 3 Chris Feist 2011-03-08 17:42:30 EST
I've updated ricci (and ccs_sync) to properly accept piped input for passwords.  Please let me know if this doesn't work.
Comment 4 Chris Feist 2011-03-08 17:47:02 EST
How to test:

[root@ask-03 ~]# yes "password" | ccs_sync
You have not authenticated to the ricci daemon on ask-03
Password: 
[root@ask-03 ~]#

With the old ccs_sync it would just hang on the password and not actually propagate the files.
Comment 5 Chris Feist 2011-03-08 17:50:53 EST
You'll also want to clear out any cached ricci certificates, so on all the ricci nodes run the following commands:

rm -f /var/lib/ricci/certs/clients/client_cert_*
service ricci restart
Comment 7 Nate Straz 2011-03-25 10:50:33 EDT
Verified with ricci-0.16.2-30.el6.x86_64.

[root@buzz-02 cluster]# yes riccipass | passwd ricci
Changing password for user ricci.
New password: Retype new password: passwd: all authentication tokens updated successfully.
[root@buzz-02 cluster]# yes riccipass | ccs_sync
You have not authenticated to the ricci daemon on buzz-02
Password:
You have not authenticated to the ricci daemon on buzz-05
Password:
You have not authenticated to the ricci daemon on buzz-04
Password:
You have not authenticated to the ricci daemon on buzz-03
Password:
You have not authenticated to the ricci daemon on buzz-01
Password:
[root@buzz-02 cluster]# ccs_sync
[root@buzz-02 cluster]#
Comment 8 errata-xmlrpc 2011-05-19 10:18:01 EDT
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0749.html

Note You need to log in before you can comment on or make changes to this bug.