brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aleds...@apache.org
Subject [2/4] brooklyn-server git commit: Implement dontRequireTtyForSudo for locations
Date Wed, 15 Jun 2016 20:09:48 GMT
Implement dontRequireTtyForSudo for locations

Analogous to the SoftwareProcess behaviour, but applied when obtaining a location


Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/bd165c12
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/bd165c12
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/bd165c12

Branch: refs/heads/master
Commit: bd165c125d5c9c89a7c2decbed8c6d6a181f9fa5
Parents: b2cb9ac
Author: Svetoslav Neykov <svetoslav.neykov@cloudsoftcorp.com>
Authored: Tue May 31 12:36:57 2016 +0300
Committer: Svetoslav Neykov <svetoslav.neykov@cloudsoftcorp.com>
Committed: Tue May 31 12:36:57 2016 +0300

----------------------------------------------------------------------
 .../location/jclouds/JcloudsLocation.java         | 16 ++++++++++++++++
 .../location/jclouds/JcloudsLocationConfig.java   | 18 ++++++++++++++++--
 2 files changed, 32 insertions(+), 2 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/bd165c12/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocation.java
----------------------------------------------------------------------
diff --git a/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocation.java
b/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocation.java
index 1cf2535..8247043 100644
--- a/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocation.java
+++ b/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocation.java
@@ -879,6 +879,22 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation
im
                         }
                     }
                 }
+                
+                Boolean dontRequireTtyForSudo = setup.get(JcloudsLocationConfig.DONT_REQUIRE_TTY_FOR_SUDO);
+                if (Boolean.TRUE.equals(dontRequireTtyForSudo) ||
+                        dontRequireTtyForSudo == null && setup.get(DONT_CREATE_USER))
{
+                    if (windows) {
+                        LOG.warn("Ignoring flag DONT_REQUIRE_TTY_FOR_SUDO on Windows location
{}", machineLocation);
+                    } else {
+                        customisationForLogging.add("patch /etc/sudoers to disable requiretty");
+
+                        executeCommandThrowingOnError(
+                                ImmutableMap.<String, Object>of(SshTool.PROP_ALLOCATE_PTY.getName(),
true),
+                                (SshMachineLocation)machineLocation,
+                                "patch /etc/sudoers to disable requiretty",
+                                ImmutableList.of(BashCommands.dontRequireTtyForSudo()));
+                    }
+                }
 
                 if (setup.get(JcloudsLocationConfig.MAP_DEV_RANDOM_TO_DEV_URANDOM)) {
                     if (windows) {

http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/bd165c12/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocationConfig.java
----------------------------------------------------------------------
diff --git a/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocationConfig.java
b/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocationConfig.java
index 1403a9f..feed7a8 100644
--- a/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocationConfig.java
+++ b/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocationConfig.java
@@ -79,8 +79,11 @@ public interface JcloudsLocationConfig extends CloudLocationConfig {
     public static final ConfigKey<Boolean> AUTO_ASSIGN_FLOATING_IP = ConfigKeys.newBooleanConfigKey("autoAssignFloatingIp",
             "Whether to generate floating ips (in Nova paralance), or elastic IPs (in CloudStack
parlance)");
 
-    public static final ConfigKey<Boolean> DONT_CREATE_USER = ConfigKeys.newBooleanConfigKey("dontCreateUser",

-            "Whether to skip creation of 'user' when provisioning machines (default false)",
false);
+    public static final ConfigKey<Boolean> DONT_CREATE_USER = ConfigKeys.newBooleanConfigKey("dontCreateUser",
+            "Whether to skip creation of 'user' when provisioning machines (default false).
" +
+            "Note that setting this will prevent jclouds from overwriting /etc/sudoers which
might be " +
+            "configured incorrectly by default. See 'dontRequireTtyForSudo' for details.",
+            false);
     public static final ConfigKey<Boolean> GRANT_USER_SUDO = ConfigKeys.newBooleanConfigKey("grantUserSudo",
             "Whether to grant the created user sudo privileges. Irrelevant if dontCreateUser
is true. Default: true.", true);
     public static final ConfigKey<Boolean> DISABLE_ROOT_AND_PASSWORD_SSH = ConfigKeys.newBooleanConfigKey("disableRootAndPasswordSsh",
@@ -173,6 +176,17 @@ public interface JcloudsLocationConfig extends CloudLocationConfig {
     public static final ConfigKey<Boolean> INCLUDE_BROOKLYN_USER_METADATA = ConfigKeys.newBooleanConfigKey("includeBrooklynUserMetadata",

         "Whether to set metadata about the context of a machine, e.g. brooklyn-entity-id,
brooklyn-app-name (default true)", true);
 
+    // See also SoftwareProcess.DONT_REQUIRE_TTY_FOR_SUDO
+    public static final ConfigKey<Boolean> DONT_REQUIRE_TTY_FOR_SUDO = ConfigKeys.newBooleanConfigKey("dontRequireTtyForSudo",
+            "Whether to explicitly set /etc/sudoers, so don't need tty (will leave unchanged
if 'false'); " +
+            "some machines require a tty for sudo; brooklyn by default does not use a tty
" +
+            "(so that it can get separate error+stdout streams); you can enable a tty as
an " +
+            "option to every ssh command, or you can do it once and " +
+            "modify the machine so that a tty is not subsequently required. " +
+            "Usually used in conjunction with 'dontCreateUser' since it will prevent " +
+            "jclouds from overwriting /etc/sudoers and overriding the system default. " +
+            "When not explicitly set will be applied if 'dontCreateUser' is set.");
+
     public static final ConfigKey<Boolean> MAP_DEV_RANDOM_TO_DEV_URANDOM = ConfigKeys.newBooleanConfigKey(
             "installDevUrandom", "Map /dev/random to /dev/urandom to prevent halting on insufficient
entropy", true);
 


Mime
View raw message