Hi all!
Am 30.08.2018 um 09:38 schrieb Neil Williams:
> Yes - with an up to date lava-master, (2018.5 and later IIRC, possibly a release or two earlier, I'd have to check) , the process is automatic. Thanks, that seems to work. The next blocker to having a non-superuser remote worker is the adding the dispatcher_ip, which also requires superuser privileges[1], and doesn't appear to have an individual user permission ACL. Assuming ZMQ encryption between master/slave, is it possible to have a remote worker without admin privileges? Is this something that has been validated?
No. Adding and managing workers is solely a superuser task because such operations can fundamentally change the topology of the lab and undermine ongoing CI.
JSM: @Neil: but for this we have the ACL's . So why not *enable* ppl to do this if they choose so by granting the ACL. The superuser flag is IMHO just a shortcut for 'ALL ACL'.
Here is the use-case: - Remove lab being brought up. Keys exchanged, the remote lab should be able to register and manager its internal settings (like dispatcher_ip) .
dispatcher_ip is a good example. B/C the *server* admin does not need to know this. It is in the domain of the admin of the *worker lab*.
Jan-Simon
Kevin [1] lab-slave-0_1 | Add dispatcher_ip 192.168.66.1 to lab-slave-0 lab-slave-0_1 | Traceback (most recent call last): lab-slave-0_1 | File "/usr/local/bin/setdispatcherip.py", line 11, in <module> lab-slave-0_1 | server.scheduler.workers.set_config("%s" % sys.argv[2], "dispatcher_ip: %s" % sys.argv[3]) lab-slave-0_1 | File "/usr/lib/python2.7/xmlrpclib.py", line 1243, in _call_ lab-slave-0_1 | return self._send(self._name, args) lab-slave-0_1 | File "/usr/lib/python2.7/xmlrpclib.py", line 1602, in __request lab-slave-0_1 | verbose=self.__verbose lab-slave-0_1 | File "/usr/lib/python2.7/xmlrpclib.py", line 1283, in request lab-slave-0_1 | return self.single_request(host, handler, request_body, verbose) lab-slave-0_1 | File "/usr/lib/python2.7/xmlrpclib.py", line 1316, in single_request lab-slave-0_1 | return self.parse_response(response) lab-slave-0_1 | File "/usr/lib/python2.7/xmlrpclib.py", line 1493, in parse_response lab-slave-0_1 | return u.close() lab-slave-0_1 | File "/usr/lib/python2.7/xmlrpclib.py", line 800, in close lab-slave-0_1 | raise Fault(**self._stack[0]) lab-slave-0_1 | xmlrpclib.Fault: <Fault 403: "User 'nonadminuser' is not superuser.">
--
Neil Williams
neil.williams@linaro.org mailto:neil.williams@linaro.org http://www.linux.codehelp.co.uk/