Bug 682317 - Need method to automate ccs_sync password entry
Summary: Need method to automate ccs_sync password entry
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: ricci
Version: 6.1
Hardware: Unspecified
OS: Unspecified
medium
unspecified
Target Milestone: rc
: ---
Assignee: Chris Feist
QA Contact: Cluster QE
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-03-04 20:15 UTC by Nate Straz
Modified: 2011-05-19 14:18 UTC (History)
1 user (show)

Fixed In Version: ricci-0.16.2-29.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-05-19 14:18:01 UTC
Target Upstream Version:

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:0749 0 normal SHIPPED_LIVE ricci bug-fix update 2011-05-18 18:09:02 UTC

Description Nate Straz 2011-03-04 20:15:36 UTC 
Description of problem:

QE is requesting a modification to ccs_sync so we can automate its setup.  ccs_sync now asks for the ricci password for every host using the getpass(3) function.  This function opens /dev/tty which makes piping in the password via stdin ineffective.  It is also marked obsolete, "Do not use it." in the man page.

The getpass info page[1] includes example code for writing a substitute.

[1] http://www.gnu.org/s/libc/manual/html_node/getpass.html

Version-Release number of selected component (if applicable):
ricci-0.16.2-28.el6.x86_64

How reproducible:
Every time

Steps to Reproduce:
1. yes riccipasswd | passwd ricci
2. yes riccipasswd | ccs_sync
3. ccs_sync prompts for password on /dev/tty
  
Actual results:


Expected results:


Additional info:
Comment 2 Chris Feist 2011-03-04 22:03:52 UTC 
Seems reasonable to me, ccs_sync should be able to be able to get the password from a script.
Comment 3 Chris Feist 2011-03-08 22:42:30 UTC 
I've updated ricci (and ccs_sync) to properly accept piped input for passwords.  Please let me know if this doesn't work.
Comment 4 Chris Feist 2011-03-08 22:47:02 UTC 
How to test:

[root@ask-03 ~]# yes "password" | ccs_sync
You have not authenticated to the ricci daemon on ask-03
Password: 
[root@ask-03 ~]#

With the old ccs_sync it would just hang on the password and not actually propagate the files.
Comment 5 Chris Feist 2011-03-08 22:50:53 UTC 
You'll also want to clear out any cached ricci certificates, so on all the ricci nodes run the following commands:

rm -f /var/lib/ricci/certs/clients/client_cert_*
service ricci restart
Comment 7 Nate Straz 2011-03-25 14:50:33 UTC 
Verified with ricci-0.16.2-30.el6.x86_64.

[root@buzz-02 cluster]# yes riccipass | passwd ricci
Changing password for user ricci.
New password: Retype new password: passwd: all authentication tokens updated successfully.
[root@buzz-02 cluster]# yes riccipass | ccs_sync
You have not authenticated to the ricci daemon on buzz-02
Password:
You have not authenticated to the ricci daemon on buzz-05
Password:
You have not authenticated to the ricci daemon on buzz-04
Password:
You have not authenticated to the ricci daemon on buzz-03
Password:
You have not authenticated to the ricci daemon on buzz-01
Password:
[root@buzz-02 cluster]# ccs_sync
[root@buzz-02 cluster]#
Comment 8 errata-xmlrpc 2011-05-19 14:18:01 UTC 
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on therefore solution and/or where to find the updated files,
please follow the link below. You may reopen this bug report
if the solution does not work for you.

http://rhn.redhat.com/errata/RHBA-2011-0749.html
Note You need to log in before you can comment on or make changes to this bug.