Github user terbolous commented on the pull request:
https://github.com/apache/cloudstack/pull/288#issuecomment-105076586
On Mon, May 25, 2015 at 12:50 AM, Rafael da Fonseca <
notificati...@github.com> wrote:
> Creating a user for this use would be worse, because it would require some
> sort of 'standard' credential for ssh access. Or it would require that
such
> account didn't have ssh access and supplied account would need to sudo su
> account to use It to run the script.. so no advantage.
>
We do that already, by requiring the usage of 'root'.
Wouldn't need to be anything standard, setting the password could be done
during agent install, by asking or generating something random and printing
it to stdout -- heck, the mgmt server could even change to something random
during the first setup.
> I think that the best way to tackle this would be to use the actual agent
> for registration. Letting the agent startup without config and listen on
> tcp port for remote registration (no ssh or sudo) and just process the
> credentials sent and self configure.
>
The mgmt server tries to ssh and start the agent if it's registered down
for some reason.
--
Erik
---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---
