As per Iustin Pop's suggestion in <
20121115131730.GX824@google.com> on
<ganeti-devel@googlegroups.com>.
Signed-off-by: Michael Hanselmann <hansmi@google.com>
Reviewed-by: Guido Trotter <ultrotter@google.com>
def RunRemoteCommand(cmd,
_lock_timeout=_RCMD_LOCK_TIMEOUT,
- _lock_file=pathutils.REMOTE_COMMANDS_LOCK_FILE,
- _path=pathutils.REMOTE_COMMANDS_DIR,
+ _lock_file=pathutils.RESTRICTED_COMMANDS_LOCK_FILE,
+ _path=pathutils.RESTRICTED_COMMANDS_DIR,
_sleep_fn=time.sleep,
_prepare_fn=_PrepareRemoteCommand,
_runcmd_fn=utils.RunCmd,
VNC_PASSWORD_FILE = CONF_DIR + "/vnc-cluster-password"
HOOKS_BASE_DIR = CONF_DIR + "/hooks"
FILE_STORAGE_PATHS_FILE = CONF_DIR + "/file-storage-paths"
-REMOTE_COMMANDS_DIR = CONF_DIR + "/remote-commands"
+RESTRICTED_COMMANDS_DIR = CONF_DIR + "/restricted-commands"
#: Locked in exclusive mode while noded verifies a remote command
-REMOTE_COMMANDS_LOCK_FILE = LOCK_DIR + "/ganeti-remote-commands.lock"
+RESTRICTED_COMMANDS_LOCK_FILE = LOCK_DIR + "/ganeti-restricted-commands.lock"
#: Lock file for watcher, locked in shared mode by watcher; lock in exclusive
# mode to block watcher (see L{cli._RunWhileClusterStoppedHelper.Call}
Executes a restricted command on the specified nodes. Restricted commands are
not arbitrary, but must reside in
-``@SYSCONFDIR@/ganeti/remote-commands`` on a node, either as a regular
+``@SYSCONFDIR@/ganeti/restricted-commands`` on a node, either as a regular
file or as a symlink. The directory must be owned by root and not be
world- or group-writable. If a command fails verification or otherwise
fails to start, the node daemon log must be consulted for more detailed
projects / ganeti-local / commitdiff