Hello,
When trying to use lavacli to add a remote worker, it works fine if
the user is a superuser.
Adding remote workers to an instance would be an easy way to DDOS an instance by swamping the ZMQ ports with fake attempts - the process needs to be under the control of the admins of the instance.
If the remote worker is properly configured, it will register itself automatically - this is why encryption of the master:slave communication is so important. A LAVA master which is visible to the internet should always use encryption.
In most cases, the lavacli workers add command isn't required.
However, if I drop the superuser privileges
and add just the privileges for adding workers, it fails with:
Unable to call 'workers.add': <Fault 403: "User 'testuser' is not superuser."
we even tried enabling all the permissions for that user, but leaving
the superuser flag off, and it still fails.
The check is made at the remote end, in the XMLRPC.
Why does this require superuser and the specific permissions related
to workers don't work?
Kevin
_______________________________________________
Lava-users mailing list
Lava-users@lists.linaro.org
https://lists.linaro.org/mailman/listinfo/lava-users