Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 888298 - RFE: packstack should not use 'root' user, but a user with correct sudo privs.
Summary: RFE: packstack should not use 'root' user, but a user with correct sudo privs.
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-packstack
Version: 2.0 (Folsom)
Hardware: Unspecified
OS: Unspecified
medium
medium
Target Milestone: ---
: ---
Assignee: RHOS Maint
QA Contact: Ami Jeain
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-12-18 13:15 UTC by Yaniv Kaul
Modified: 2016-04-26 19:49 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Enhancement
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-05 20:49:47 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Yaniv Kaul 2012-12-18 13:15:16 UTC
Description of problem:
Some organizations can provide a user with escalated privileges that can do all the stuff required to install and configure OpenStack and are not root. packstack should use that user.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.
  
Actual results:


Expected results:


Additional info:

Comment 1 Perry Myers 2012-12-18 13:29:30 UTC
I think PackStack should provide the ability to select the user you want to use.  If the person using it has a user called 'bob' they want PackStack to use, then that's what it should do.  Likewise, if the user _wants_ to use root, PackStack should use root.

Of course, for non-root users we'll need sudoers set up properly and we'll need to document how to do that.  But for root, it should remain as it does today w/o need for sudo.

For ease of use, I would suggest that root still remains the default.  Since PackStack is not targeting enterprise datacenters, and is instead intended for PoC deployments, this seems reasonable.  This is different than the issues with root provisioning via RHEV-M, since that targets enterprise datacenters not just PoC's

Comment 2 Stephen Gordon 2013-01-17 15:52:19 UTC
From a documentation POV I would envisage that organizations with such setups may also desire/require an accurate list of the commands that the utility needs sudo access to run as opposed to giving it the ability to run anything it wants through root.

Comment 3 Derek Higgins 2013-01-18 11:39:42 UTC
We can do this, but note The reality is we're going to have to give a user access to run puppet with sudo access, which basically opens up what that user can do to pretty much anything.

Comment 5 Alvaro Lopez Ortega 2013-08-28 12:05:50 UTC
I wonder how this could be handled taking into account that we'll require root privileges for certain operations (see bug #999923)

Comment 6 Perry Myers 2013-08-30 21:01:19 UTC
Given that packstack is for PoC's and not production usage, I think we should close this bug as WONTFIX personally.  It's just not as high priority as originally thought now that we are focusing on things like Foreman for more production environments.


Note You need to log in before you can comment on or make changes to this bug.