before_vm_start
scripts may edit the domain XML in order to change VDSM's definition of a virtual machine before it reaches libvirt. Caution must be exercised in doing so. Hook scripts have the potential to disrupt the operation of VDSM, and buggy scripts can result in outages to the Red Hat Enterprise Virtualization environment. In particular, ensure you never change the uuid of the domain, and do not attempt to remove a device from the domain without sufficient background knowledge.
before_vdsm_start
and after_vdsm_stop
hook scripts are run as the root
user. Other hook scripts that require root
access to the system must be written to use the sudo
command for privilege escalation. To support this the /etc/sudoers
must be updated to allow the vdsm
user to use sudo
without reentering a password. This is required as hook scripts are executed non-interactively.
sudo
for VDSM Hookssudo
command will be configured to allow the vdsm
user to run the /bin/chown
command as root
.
root
.
/etc/sudoers
file in a text editor.
vdsm ALL=(ALL) NOPASSWD: /bin/chown
vdsm
user has the ability to run the /bin/chown
command as the root
user. The NOPASSWD
parameter indicates that the user will not be prompted to enter their password when calling sudo
.
sudo
command to run /bin/chown
as root
. This Python code uses sudo
to execute /bin/chown
as root
on the file /my_file
.
retcode = subprocess.call( ["/usr/bin/sudo", "/bin/chown", "/my_file"] )
Code | Description |
---|---|
0 | The hook script ended successfully |
1 | The hook script failed, other hooks should be processed |
2 | The hook script failed, no further hooks should be processed |
>2 | Reserved |