brooklyn-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From aleds...@apache.org
Subject [1/2] brooklyn-server git commit: Make dontRequireTtyForSudo idenpotent to prevent race condition with mutiple entities
Date Tue, 02 Aug 2016 08:07:07 GMT
Repository: brooklyn-server
Updated Branches:
  refs/heads/master 53f485826 -> 636851100


Make dontRequireTtyForSudo idenpotent to prevent race condition with mutiple entities


Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo
Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/b1dee4a8
Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/b1dee4a8
Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/b1dee4a8

Branch: refs/heads/master
Commit: b1dee4a8e807bb05ffed2b1ced56561d5bee61a6
Parents: 56f7258
Author: Andrew Donald Kennedy <andrew.kennedy@cloudsoftcorp.com>
Authored: Sat Jul 30 22:05:27 2016 +0100
Committer: Andrew Donald Kennedy <andrew.kennedy@cloudsoftcorp.com>
Committed: Sun Jul 31 01:11:44 2016 +0100

----------------------------------------------------------------------
 .../apache/brooklyn/util/ssh/BashCommands.java  | 31 ++++++++++++--------
 1 file changed, 19 insertions(+), 12 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/b1dee4a8/utils/common/src/main/java/org/apache/brooklyn/util/ssh/BashCommands.java
----------------------------------------------------------------------
diff --git a/utils/common/src/main/java/org/apache/brooklyn/util/ssh/BashCommands.java b/utils/common/src/main/java/org/apache/brooklyn/util/ssh/BashCommands.java
index e4388a7..93468d3 100644
--- a/utils/common/src/main/java/org/apache/brooklyn/util/ssh/BashCommands.java
+++ b/utils/common/src/main/java/org/apache/brooklyn/util/ssh/BashCommands.java
@@ -152,25 +152,32 @@ public class BashCommands {
                 commandWhoseOutputToWrite, user, file);
     }
 
-    /** some machines require a tty for sudo; brooklyn by default does not use a tty
-     * (so that it can get separate error+stdout streams); you can enable a tty as an
-     * option to every ssh command, or you can do it once and 
-     * modify the machine so that a tty is not subsequently required.
+    /**
+     * Some machines require a TTY for sudo. Brooklyn by default does not use a TTY
+     * so that it can get separate STDERR and STDOUT streams. You can enable a TTY as an
+     * option to every SSH command, or you can do it once and modify the machine so that
+     * a TTY is not subsequently required. If this task has already been executed it
+     * will try to detect the changes and do nothing.
      * <p>
-     * this command must be run with allocatePTY set as a flag to ssh.  see SshTasks.dontRequireTtyForSudo
which sets that up. 
+     * This command must be run with allocatePTY set as a flag to ssh.
+     * See {@link SshTasks#dontRequireTtyForSudo(SshMachineLocation, OnFailingTask)} which
sets that up. 
      * <p>
-     * (having a tty for sudo seems like another case of imaginary security which is just
irritating.
-     * like water restrictions at airport security.) */
+     * Having a TTY for sudo seems like another case of imaginary security which is just
irritating.
+     * Like water restrictions at airport security.
+     */
     public static String dontRequireTtyForSudo() {
         String sudoersFileName =  "/etc/sudoers";
+        String tmpSuffix = Identifiers.makeRandomLowercaseId(6); // Avoid clobbering
 
         // Visudo's quiet mode (-q) is not enabled. visudo's output is used for diagnostic
purposes 
         return ifFileExistsElse0(sudoersFileName, 
-                chainGroup(
-                  sudo(format("cp %1$s %1$s.tmp", sudoersFileName)),
-                  sudo(format("sed -i.brooklyn.bak 's/.*requiretty.*/#brooklyn-removed-require-tty/'
%1$s.tmp", sudoersFileName)),
-                  sudo(format("visudo -c -f %1$s.tmp", sudoersFileName)), 
-                  sudo(format("mv %1$s.tmp %1$s", sudoersFileName))));
+                alternatives(
+                    sudo(format("grep brooklyn-removed-require-tty %s", sudoersFileName)),
+                    chainGroup(
+                        sudo(format("cp %1$s %1$s.%2$s", sudoersFileName, tmpSuffix)),
+                        sudo(format("sed -i.brooklyn.bak 's/.*requiretty.*/#brooklyn-removed-require-tty/'
%1$s.%2$s", sudoersFileName, tmpSuffix)),
+                        sudo(format("visudo -c -f %1$s.%2$s", sudoersFileName, tmpSuffix)),
+                        sudo(format("mv %1$s.%2$s %1$s", sudoersFileName, tmpSuffix)))));
     }
 
     /** generates ~/.ssh/id_rsa if that file does not exist */


Mime
View raw message