Implement dontRequireTtyForSudo for locations Analogous to the SoftwareProcess behaviour, but applied when obtaining a location
Project: http://git-wip-us.apache.org/repos/asf/brooklyn-server/repo Commit: http://git-wip-us.apache.org/repos/asf/brooklyn-server/commit/bd165c12 Tree: http://git-wip-us.apache.org/repos/asf/brooklyn-server/tree/bd165c12 Diff: http://git-wip-us.apache.org/repos/asf/brooklyn-server/diff/bd165c12 Branch: refs/heads/master Commit: bd165c125d5c9c89a7c2decbed8c6d6a181f9fa5 Parents: b2cb9ac Author: Svetoslav Neykov <[email protected]> Authored: Tue May 31 12:36:57 2016 +0300 Committer: Svetoslav Neykov <[email protected]> Committed: Tue May 31 12:36:57 2016 +0300 ---------------------------------------------------------------------- .../location/jclouds/JcloudsLocation.java | 16 ++++++++++++++++ .../location/jclouds/JcloudsLocationConfig.java | 18 ++++++++++++++++-- 2 files changed, 32 insertions(+), 2 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/bd165c12/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocation.java ---------------------------------------------------------------------- diff --git a/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocation.java b/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocation.java index 1cf2535..8247043 100644 --- a/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocation.java +++ b/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocation.java @@ -879,6 +879,22 @@ public class JcloudsLocation extends AbstractCloudMachineProvisioningLocation im } } } + + Boolean dontRequireTtyForSudo = setup.get(JcloudsLocationConfig.DONT_REQUIRE_TTY_FOR_SUDO); + if (Boolean.TRUE.equals(dontRequireTtyForSudo) || + dontRequireTtyForSudo == null && setup.get(DONT_CREATE_USER)) { + if (windows) { + LOG.warn("Ignoring flag DONT_REQUIRE_TTY_FOR_SUDO on Windows location {}", machineLocation); + } else { + customisationForLogging.add("patch /etc/sudoers to disable requiretty"); + + executeCommandThrowingOnError( + ImmutableMap.<String, Object>of(SshTool.PROP_ALLOCATE_PTY.getName(), true), + (SshMachineLocation)machineLocation, + "patch /etc/sudoers to disable requiretty", + ImmutableList.of(BashCommands.dontRequireTtyForSudo())); + } + } if (setup.get(JcloudsLocationConfig.MAP_DEV_RANDOM_TO_DEV_URANDOM)) { if (windows) { http://git-wip-us.apache.org/repos/asf/brooklyn-server/blob/bd165c12/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocationConfig.java ---------------------------------------------------------------------- diff --git a/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocationConfig.java b/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocationConfig.java index 1403a9f..feed7a8 100644 --- a/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocationConfig.java +++ b/locations/jclouds/src/main/java/org/apache/brooklyn/location/jclouds/JcloudsLocationConfig.java @@ -79,8 +79,11 @@ public interface JcloudsLocationConfig extends CloudLocationConfig { public static final ConfigKey<Boolean> AUTO_ASSIGN_FLOATING_IP = ConfigKeys.newBooleanConfigKey("autoAssignFloatingIp", "Whether to generate floating ips (in Nova paralance), or elastic IPs (in CloudStack parlance)"); - public static final ConfigKey<Boolean> DONT_CREATE_USER = ConfigKeys.newBooleanConfigKey("dontCreateUser", - "Whether to skip creation of 'user' when provisioning machines (default false)", false); + public static final ConfigKey<Boolean> DONT_CREATE_USER = ConfigKeys.newBooleanConfigKey("dontCreateUser", + "Whether to skip creation of 'user' when provisioning machines (default false). " + + "Note that setting this will prevent jclouds from overwriting /etc/sudoers which might be " + + "configured incorrectly by default. See 'dontRequireTtyForSudo' for details.", + false); public static final ConfigKey<Boolean> GRANT_USER_SUDO = ConfigKeys.newBooleanConfigKey("grantUserSudo", "Whether to grant the created user sudo privileges. Irrelevant if dontCreateUser is true. Default: true.", true); public static final ConfigKey<Boolean> DISABLE_ROOT_AND_PASSWORD_SSH = ConfigKeys.newBooleanConfigKey("disableRootAndPasswordSsh", @@ -173,6 +176,17 @@ public interface JcloudsLocationConfig extends CloudLocationConfig { public static final ConfigKey<Boolean> INCLUDE_BROOKLYN_USER_METADATA = ConfigKeys.newBooleanConfigKey("includeBrooklynUserMetadata", "Whether to set metadata about the context of a machine, e.g. brooklyn-entity-id, brooklyn-app-name (default true)", true); + // See also SoftwareProcess.DONT_REQUIRE_TTY_FOR_SUDO + public static final ConfigKey<Boolean> DONT_REQUIRE_TTY_FOR_SUDO = ConfigKeys.newBooleanConfigKey("dontRequireTtyForSudo", + "Whether to explicitly set /etc/sudoers, so don't need tty (will leave unchanged if 'false'); " + + "some machines require a tty for sudo; brooklyn by default does not use a tty " + + "(so that it can get separate error+stdout streams); you can enable a tty as an " + + "option to every ssh command, or you can do it once and " + + "modify the machine so that a tty is not subsequently required. " + + "Usually used in conjunction with 'dontCreateUser' since it will prevent " + + "jclouds from overwriting /etc/sudoers and overriding the system default. " + + "When not explicitly set will be applied if 'dontCreateUser' is set."); + public static final ConfigKey<Boolean> MAP_DEV_RANDOM_TO_DEV_URANDOM = ConfigKeys.newBooleanConfigKey( "installDevUrandom", "Map /dev/random to /dev/urandom to prevent halting on insufficient entropy", true);
