[Ovirt-devel] [PATCH node] The node now passes in the mac address and iface names during identify.

Perry N. Myers pmyers at redhat.com
Tue Sep 23 16:10:22 UTC 2008 

Daniel P. Berrange wrote:
> On Tue, Sep 23, 2008 at 01:18:30PM +0100, Daniel P. Berrange wrote:
>> On Fri, Sep 19, 2008 at 04:35:37PM -0400, Darryl L. Pierce wrote:
>>> @@ -31,12 +36,19 @@ configure_from_network() {
>>>                  if [ -n "$SRV_HOST" -a -n "$SRV_PORT" ]; then
>>>                      printf .
>>>                      cfgdb=$(mktemp)
>>> +                    get_mac_addresses
>>>                      wget -q -O $cfgdb \
>>> -                      "http://$SRV_HOST:$SRV_PORT/ovirt/cfgdb/$(hostname)"
>>> +                      "http://$SRV_HOST:$SRV_PORT/ovirt/managed_node/config?host=$(hostname)&macs=$macs"
>>>                      if [ $? -eq 0 ]; then
>>>                          printf .
>>> -                        echo "save" >> $cfgdb
>>> -                        augtool < $cfgdb > /dev/null 2>&1
>>> +                        bash $cfgdb
>> NACK.  We cannot download & execute arbitrary shell scripts. It blows a 
>> hole in the security of the node host OS. If there are shell scripts 
>> needed they must be built into the node image, and merely the configuration
>> data to be fed to them should be downloaded.
>>
>> That said, even the original code was kinda suspect - downloading an 
>> entire augtool control file basically allows any change whatsoever
>> to be made.  
>>
>> Really we should download data such as the interface name, and config
>> options, and then use a local pre-existing script to make the changes
>> and/or call augtool - ie the augtool rules should already be on the
>> managed node, with placeholders where you fit in the validated config
>> parameters.

Agreed.  Furthermore, we really should be using messaging for all of this. 
  The only thing that -can't- use messaging will be the retrieval of the 
keytab if that is allowed in your environment.  (Since the keytab will be 
necessary for enabling secure messaging whenever that becomes available)

But once messaging is in, we should have a call that the Node can send the 
Server to ask for its configuration information and the response should be 
something that a Node based program/script can parse to create an augtool 
file that we then execute augtool on.

Since this doesn't make it any worse (i.e. we've always downloaded augtool 
files via wget up until now) I say we let this in as it will enable us to 
develop the UI for multiple NICs.  Once messaging is integrated we switch 
to using that as the transport for these queries as well as switching to 
not sending a whole augtool file over the messaging protocol.

That sound reasonable?

Perry

More information about the ovirt-devel mailing list