Repository: incubator-brooklyn Updated Branches: refs/heads/master f29b3fb10 -> 66ac217fe
Fix CreateUserPolicy for SuSe Linux - Sudo is compiled with --without-secure-path on Suse - Brooklyn uses sudo with the -E parameter which preserves the user environment - CreateUserPolicy needs commands only available on the secure path locations Project: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/repo Commit: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/commit/473e9ed3 Tree: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/tree/473e9ed3 Diff: http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/diff/473e9ed3 Branch: refs/heads/master Commit: 473e9ed396f85bbe8fdb660737a7cbcc5307a2ff Parents: 388668a Author: Yavor Yanchev <[email protected]> Authored: Tue Oct 20 13:31:15 2015 +0300 Committer: Yavor Yanchev <[email protected]> Committed: Tue Oct 20 13:31:15 2015 +0300 ---------------------------------------------------------------------- .../brooklyn/policy/jclouds/os/CreateUserPolicy.java | 15 +++++++++++---- 1 file changed, 11 insertions(+), 4 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/incubator-brooklyn/blob/473e9ed3/locations/jclouds/src/main/java/org/apache/brooklyn/policy/jclouds/os/CreateUserPolicy.java ---------------------------------------------------------------------- diff --git a/locations/jclouds/src/main/java/org/apache/brooklyn/policy/jclouds/os/CreateUserPolicy.java b/locations/jclouds/src/main/java/org/apache/brooklyn/policy/jclouds/os/CreateUserPolicy.java index 4a09cfa..1894dd0 100644 --- a/locations/jclouds/src/main/java/org/apache/brooklyn/policy/jclouds/os/CreateUserPolicy.java +++ b/locations/jclouds/src/main/java/org/apache/brooklyn/policy/jclouds/os/CreateUserPolicy.java @@ -19,6 +19,7 @@ package org.apache.brooklyn.policy.jclouds.os; import java.util.List; +import java.util.Map; import org.apache.brooklyn.api.entity.Entity; import org.apache.brooklyn.api.entity.EntityLocal; @@ -150,14 +151,14 @@ public class CreateUserPolicy extends AbstractPolicy implements SensorEventListe String cmd = adminAccess.render(scriptOsFamily); // Exec command to create the user - int result = machine.execScript(ImmutableMap.of(SshTool.PROP_RUN_AS_ROOT.getName(), true), "create-user-"+user, ImmutableList.of(cmd)); + int result = machine.execScript(ImmutableMap.of(SshTool.PROP_RUN_AS_ROOT.getName(), true), "create-user-"+user, ImmutableList.of(cmd), getEnv()); if (result != 0) { throw new IllegalStateException("Failed to auto-generate user, using command "+cmd); } // Exec command to grant password-access to sshd (which may have been disabled earlier). cmd = new SshdConfig(ImmutableMap.of("PasswordAuthentication", "yes")).render(scriptOsFamily); - result = machine.execScript(ImmutableMap.of(SshTool.PROP_RUN_AS_ROOT.getName(), true), "create-user-"+user, ImmutableList.of(cmd)); + result = machine.execScript(ImmutableMap.of(SshTool.PROP_RUN_AS_ROOT.getName(), true), "create-user-"+user, ImmutableList.of(cmd), getEnv()); if (result != 0) { throw new IllegalStateException("Failed to enable ssh-login-with-password, using command "+cmd); } @@ -169,12 +170,18 @@ public class CreateUserPolicy extends AbstractPolicy implements SensorEventListe user+" ALL = (ALL) NOPASSWD:ALL\n"+ "END_OF_JCLOUDS_FILE\n", "chmod 0440 /etc/sudoers"); - result = machine.execScript(ImmutableMap.of(SshTool.PROP_RUN_AS_ROOT.getName(), true), "add-user-to-sudoers-"+user, cmds); + result = machine.execScript(ImmutableMap.of(SshTool.PROP_RUN_AS_ROOT.getName(), true), "add-user-to-sudoers-"+user, cmds, getEnv()); if (result != 0) { - throw new IllegalStateException("Failed to auto-generate user, using command "+cmd); + throw new IllegalStateException("Failed to auto-generate user, using command "+cmds); } } ((EntityLocal)entity).sensors().set(VM_USER_CREDENTIALS, creds); } + + private Map<String, String> getEnv() { + final String SBIN_PATH = "$PATH:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"; + + return ImmutableMap.<String, String>of("PATH", SBIN_PATH); + } }
