public_git
/
democratic-csi
mirror of https://github.com/democratic-csi/democratic-csi.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add details to README about using non-root user for ssh 

part of #79
This commit is contained in:
Lars Kellogg-Stedman 2021-05-06 10:20:05 -04:00
parent 067123943d
commit 20c8a1d31f
1 changed files with 20 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
README.md
View File

@ -159,14 +159,27 @@ Ensure the following services are configurged and running:
- `curl --header "Accept: application/json" --user root:<password> 'http(s)://<ip>/api/v2.0/iscsi/auth'` - `curl --header "Accept: application/json" --user root:<password> 'http(s)://<ip>/api/v2.0/iscsi/auth'`
- smb - smb
In addition, if you want to use a non-root user for the ssh operations you may If you would prefer you can configure `democratic-csi` to use a
create a `csi` user and then run `visudo` directly from the console. Make sure non-`root` user when connecting to the FreeNAS server:
the line for the `csi` user has `NOPASSWD` added (note this can get reset by
FreeNAS if you alter the user via the GUI later):
``` - Create a non-`root` user (e.g., `csi`)
csi ALL=(ALL) NOPASSWD:ALL
``` - Ensure that user has passwordless `sudo` privileges:
```
csi ALL=(ALL) NOPASSWD:ALL
```
(note this can get reset by FreeNAS if you alter the user via the
GUI later)
- Instruct `democratic-csi` to use `sudo` by adding the following to
your driver configuration:
```
zfs:
cli:
sudoEnabled: true
```
Starting with TrueNAS CORE 12 it is also possible to use an `apiKey` instead of Starting with TrueNAS CORE 12 it is also possible to use an `apiKey` instead of
the `root` password for the http connection. the `root` password for the http connection.