> -----Original Message-----
> From: Dave Cahill [mailto:dcah...@midokura.jp]
> Sent: Thursday, November 01, 2012 2:40 AM
> To: cloudstack-dev@incubator.apache.org
> Subject: Setting the ssh.publickey and ssh.privatekey options
>
> Hi,
>
> I ran into some issues recently around ssh keys, and I have a few questions.
>
> When the management server starts up, it tries to set the ssh.publickey and
> ssh.privatekey configuration options in
> ConfigurationServerImpl.updateKeyPairs(). If it fails to do this, you run into
> several problems later - the management server will try to read the keys, get
> null, and send an empty ModifySshKeysCommand to the agent, causing the
> agent to fail with a NullPointerException.
>
> However, the management server will only set these options if the user
> running the management server is called "cloud" or if there is a configuration
> value called "developer" with a value of true:
>
> *ConfigurationServerImpl.java, line 586*
> if (!username.equalsIgnoreCase("cloud") && !devel) {
> return;
> }
>
> This brings up several questions:
>
> 1. Are developers supposed to know that they should be running the
> management server as the "cloud" user?
> I was using the install guides at
> http://docs.cloudstack.org/CloudStack_Documentation/Installing_CloudStac
> kas
> references, and didn't see any instruction saying to run as cloud user, or
> even
> an instruction to create a cloud user.
I think the user "cloud" is created during mgt server rpm installation.
%pre client
id %{name} > /dev/null 2>&1 || /usr/sbin/useradd -M -c "CloudStack unprivileged
user" \
-r -s /bin/sh -d %{_sharedstatedir}/%{name}/management %{name}|| true
>
> 2. How are people supposed to set the "developer" configuration option if
> they want to run as a user other than "cloud"?
> I grepped for the value across the codebase and didn't find it, so I
> manually
> inserted it into the configuration table just to make some progress.
That's the hack I added before, deliberately for KVM developer... I think we
can insert developer=true into db in developer/pom.xml
>
> 3. Does it make sense to just "return" if the user is not running as cloud and
> "developer" flag not set?
> It seems like a pretty loud ERROR would be in order, since later actions
> are
> guaranteed to fail if these options are not set correctly.
Yes, it is, print a cloud ERROR will help developer to debug the issue.
>
> Any comments or answers appreciated.
>
> Thanks,
> Dave.
