Provide support for "Privileged User" session when host console is being taken via cockpit from Satellite 6.7 UI
Description of problem:
Satellite 6.7 currently supports connecting with the console of the Host from Satellite UI itself, via cockpit integration with the help of remote execution feature.
If the remote_execution_ssh_user is set to root or we are using a non-root user with password-less sudo configured, once we connect to the host console from Satellite it will by-default log in to the cockpit user as a privileged user.
But when the remote_execution_ssh_user is set to a non-root user requiring a password to perform sudo operations, the above scenario changes i.e. when we connect to the host console from Satellite it will fail to perform sudo at the backend and will log in to the cockpit UI as a normal user i.e. an "Unprivileged session"
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Register an RHEL 7\8 Client with RH Satellite 6.7.
2. Create a user named ansible on the client host and add it to the wheel group.
3. In satellite, make sure to configure the REX settings in this way.
SSH User: ansible
Effective User: root
Effective User Method: sudo
Sudo password: <password for ansible user to become root using sudo>
4. Share SSH-keys from Satellite to the "ansible@client host" so that Remote Jobs on the host can be executed.
5. Configure cockpit integration as per the following doc for both Satellite and the client host.
6. Go to Hosts --> All Hosts --> Click on the HOst --> Click on Web Console
7. Once in the cockpit UI of that host, Click on the "Subscriptions" tab.
In cockpit UI, we will be able to see the following message while accessing the "Subscriptions" tab
The current user isn't allowed to access system subscription status.
Reason: Unprivileged session as Satellite is not designed to pass the sudo password to the cockpit-bridge while performing the authentication.
From Satellite when we take the "Web Console" of a host using a non-root user, we should be able to get the session authenticated as "Privilege User" and should be able to see all the options and manage them.
Updated by Adam Ruzicka about 1 year ago
- Status changed from Ready For Testing to Closed
Applied in changeset foreman_plugin|63db7ef07dfbb80ddbe5cde17eb3de4b57c58fcc.