[jira] [Commented] (BROOKLYN-550) Entity's install hangs in EC2 using 'ec2-user', for task 'patch /etc/sudoers to disable requiretty'

Wed, 08 Nov 2017 10:24:07 -0800 

    [ 
https://issues.apache.org/jira/browse/BROOKLYN-550?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16244467#comment-16244467
 ] 

Aled Sage commented on BROOKLYN-550:
------------------------------------

TL;DR: problem is that we're using 'root' user on the target VM, presumably 
because Brooklyn is installed as 'ec2-user' (so does not default to 
{{user=ec2-user}} for provisioning).

The workaround is to use something like {{user: myname}} in the location's 
configuration, or to install Brooklyn as a different user than {{ec2-user}}.

---
Investigated a number of possible causes:

*By running as {{ec2-user}}, it does not create a user on the machine. Instead 
it uses {{root}}.*

Perhaps these commands don't work well when run as root!
 
Confirmed that it worked when using {{user: aled}} in the location 
configuration.


*We had no ssh key configured, so it was auto-generating a password.*

Perhaps that caused problems, especially when combined with use of the root 
user?

However, when I generated {{~/.ssh/id_rsa(.pub)}}, it failed to execute the 
{{ssh: patch /etc/sudoers to disable requiretty}} step with the error shown 
below:
{noformat}
Error invoking start at PostgreSqlNodeImpl{id=bmqgsfda5d}: Passwordless sudo is 
required for r...@ec2-54-229-239-73.eu-west-1.compute.amazonaws.com 
(PostgreSqlNodeImpl{id=bmqgsfda5d})
{noformat}

I'd have though it really shouldn't have been trying to do {{sudo ...}} when 
running as root.

I think that at least some of our commands/blueprints don't work well when run 
as {{root}}, but then people shouldn't be running as root!


*Maybe there's something strange with that AMI.*

It defaulted to {{RightImage_CentOS_7.0_x64_v14.2.1_HVM_EBS}}, which is 
different from the one I usually test with (i.e. the centos.org marketplace 
AMI). 

Re-testing with the centos.org marketplace VM (and with an ssh-key present), it 
worked.

> Entity's install hangs in EC2 using 'ec2-user', for task 'patch /etc/sudoers 
> to disable requiretty'
> ---------------------------------------------------------------------------------------------------
>
>                 Key: BROOKLYN-550
>                 URL: https://issues.apache.org/jira/browse/BROOKLYN-550
>             Project: Brooklyn
>          Issue Type: Bug
>            Reporter: Aled Sage
>
> We ran brooklyn 1.0.0-SNAPSHOT in AWS, installed using the karaf tgz as the 
> {{ec2-user}}.
> We attempted to deploy a Postgres node to the location {{aws-ec2:eu-west-1}}, 
> with no config beyond the credentials.
> However, it consistently hung at the install step, for the task {{ssh: patch 
> /etc/sudoers to disable requiretty}}. The stdout showed:
> {noformat}
> /tmp/brooklyn-20171108-153638983-Rgvh-patch_etc_sudoers_to_disable_r.sh < 
> /dev/null
> RESULT=$?
> rm -f /tmp/brooklyn-20171108-153638983-Rgvh-patch_etc_sudoers_to_disable_r.sh 
> < /dev/null
> exit $RESULT
> Last login: Wed Nov  8 15:36:28 2017 from 172.31.30.73
>      ___   _        __   __   ____            __
>     / _ \ (_)___ _ / /  / /_ / __/____ ___ _ / /___
>    / , _// // _ `// _ \/ __/_\ \ / __// _ `// // -_)
>   /_/|_|/_/ \_, //_//_/\__//___/ \__/ \_,_//_/ \__/
>            /___/
> Welcome to a virtual machine image brought to you by RightScale!
> {noformat}
> The thread details showed:
> {noformat}
> Task[ssh: patch /etc/sudoers to disable requiretty]@DtjFO3hN
> Submitted by MaybeSupplier[value=Task[install (main)]@D35ceCTu]
> In progress, thread waiting (timed) on 
> java.util.concurrent.locks.AbstractQueuedSynchronizer$ConditionObject@33cde89c
> At: net.schmizz.concurrent.Promise.tryRetrieve(Promise.java:170)
>     net.schmizz.concurrent.Promise.retrieve(Promise.java:137)
>     net.schmizz.concurrent.Event.await(Event.java:103)
>     
> net.schmizz.sshj.connection.channel.AbstractChannel.join(AbstractChannel.java:259)
>     
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjTool$ShellAction.create(SshjTool.java:1003)
>     
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjTool$ShellAction.create(SshjTool.java:920)
>     
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjTool.acquire(SshjTool.java:621)
>     
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjTool.acquire(SshjTool.java:607)
>     
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjTool$1.run(SshjTool.java:321)
>     
> org.apache.brooklyn.util.core.internal.ssh.sshj.SshjTool.execScript(SshjTool.java:323)
>     
> org.apache.brooklyn.util.core.task.system.internal.ExecWithLoggingHelpers$1.exec(ExecWithLoggingHelpers.java:78)
>     
> org.apache.brooklyn.util.core.task.system.internal.ExecWithLoggingHelpers$3.apply(ExecWithLoggingHelpers.java:157)
>     
> org.apache.brooklyn.util.core.task.system.internal.ExecWithLoggingHelpers$3.apply(ExecWithLoggingHelpers.java:154)
>     org.apache.brooklyn.util.pool.BasicPool.exec(BasicPool.java:146)
>     
> org.apache.brooklyn.location.ssh.SshMachineLocation.execSsh(SshMachineLocation.java:599)
>     
> org.apache.brooklyn.location.ssh.SshMachineLocation$13.execWithTool(SshMachineLocation.java:779)
>     
> org.apache.brooklyn.util.core.task.system.internal.ExecWithLoggingHelpers.execWithLogging(ExecWithLoggingHelpers.java:154)
>     
> org.apache.brooklyn.util.core.task.system.internal.ExecWithLoggingHelpers.execScript(ExecWithLoggingHelpers.java:76)
>     
> org.apache.brooklyn.location.ssh.SshMachineLocation.execScript(SshMachineLocation.java:762)
>     
> org.apache.brooklyn.util.core.task.ssh.internal.AbstractSshExecTaskFactory$1.run(AbstractSshExecTaskFactory.java:53)
>     
> org.apache.brooklyn.util.core.task.system.ProcessTaskWrapper$ProcessTaskInternalJob.call(ProcessTaskWrapper.java:99)
>     
> org.apache.brooklyn.util.core.task.BasicExecutionManager$SubmissionCallable.call(BasicExecutionManager.java:565)
> {noformat}
> It created the VM shown below:
> {noformat}
> 2017-11-08T15:36:13,045 INFO  129 o.a.b.l.j.JcloudsLocation 
> [ger-SeuKvIO8-135] Finished VM 
> aws-ec2:eu-west-1@PostgreSqlNodeImpl{id=mhgtb5uejt} creation: 
> r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com/54.154.17.185:22 ready 
> after 1m 12s (semaphore obtained in 0ms;{image={id=eu-west-1/ami-69841c1e, 
> providerId=ami-69841c1e, name=RightImage_CentOS_7.0_x64_v14.2.1_HVM_EBS, 
> location={scope=REGION, id=eu-west-1, description=eu-west-1, parent=aws-ec2, 
> iso3166Codes=[IE]}, os={family=centos, arch=hvm, version=7.0, 
> description=411009282317/RightImage_CentOS_7.0_x64_v14.2.1_HVM_EBS, 
> is64Bit=true}, description=RightImage_CentOS_7.0_x64_v14.2.1_HVM_EBS, 
> version=14.2.1_HVM_EBS, status=AVAILABLE[available], loginUser=root, 
> userMetadata={owner=411009282317, rootDeviceType=ebs, virtualizationType=hvm, 
> hypervisor=xen}}, hardware={id=m3.medium, providerId=m3.medium, 
> processors=[{cores=1.0, speed=3.0}], ram=3840, volumes=[{type=LOCAL, 
> size=10.0, device=/dev/sda1, bootDevice=true, durable=false}, {type=LOCAL, 
> size=4.0, device=/dev/sdb, bootDevice=false, durable=false}], 
> supportsImage=Predicates.and(Predicates.alwaysTrue(),Predicates.or(requiresVirtualizationType(hvm),requiresVirtualizationType(paravirtual)),Predicates.alwaysTrue(),Predicates.alwaysTrue())},
>  location={scope=REGION, id=eu-west-1, description=eu-west-1, parent=aws-ec2, 
> iso3166Codes=[IE]}, options={inboundPorts=[22, 5432], scriptPresent=true, 
> userMetadata={Name=brooklyn-oz3vac-root-test-dux2-postgresql-mhgt-xm6u, 
> brooklyn-user=root, brooklyn-app-id=dux269oglh, brooklyn-app-name=test, 
> brooklyn-entity-id=mhgtb5uejt, brooklyn-entity-name=PostgreSQL Node, 
> brooklyn-server-creation-date=2017-11-08-1535}, userDataCksum=2f4a740b}} 
> template built in 10.01s; {id=eu-west-1/i-0ccd9561d6c6ffa82, 
> providerId=i-0ccd9561d6c6ffa82, 
> name=brooklyn-oz3vac-root-test-dux2-postgresql-mhgt-xm6u, 
> location={scope=ZONE, id=eu-west-1b, description=eu-west-1b, 
> parent=eu-west-1, iso3166Codes=[IE]}, 
> group=brooklyn-oz3vac-root-test-dux2-postgresql-mhgt, 
> imageId=eu-west-1/ami-69841c1e, os={family=centos, arch=hvm, version=7.0, 
> description=411009282317/RightImage_CentOS_7.0_x64_v14.2.1_HVM_EBS, 
> is64Bit=true}, status=RUNNING[running], loginPort=22, 
> hostname=ip-172-31-12-89, privateAddresses=[172.31.12.89], 
> publicAddresses=[54.154.17.185], hardware={id=m3.medium, 
> providerId=m3.medium, processors=[{cores=1.0, speed=3.0}], ram=3840, 
> volumes=[{type=LOCAL, size=4.0, device=/dev/sdb, bootDevice=false, 
> durable=false}, {id=vol-0125a377075cbb705, type=SAN, device=/dev/sda1, 
> bootDevice=true, durable=true}], hypervisor=xen, 
> supportsImage=Predicates.and(Predicates.alwaysTrue(),Predicates.or(requiresVirtualizationType(hvm),requiresVirtualizationType(paravirtual)),Predicates.alwaysTrue(),Predicates.alwaysTrue())},
>  userMetadata={Name=brooklyn-oz3vac-root-test-dux2-postgresql-mhgt-xm6u, 
> brooklyn-user=root, brooklyn-app-id=dux269oglh, brooklyn-app-name=test, 
> brooklyn-entity-id=mhgtb5uejt, brooklyn-entity-name=PostgreSQL Node, 
> brooklyn-server-creation-date=2017-11-08-1535}} provisioned in 54.1s; 
> SshMachineLocation[54.154.17.185:r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com/54.154.17.185:22(id=gco0d355zk)]
>  connection usable in 1.40s; and os customized in 7.50s - point /dev/random 
> to urandom, open iptables)
> {noformat}
> Here's the snippet from the logs:
> {noformat}
> 2017-11-08T15:36:13,482 DEBUG 123 b.SSH [ger-SeuKvIO8-172] patch /etc/sudoers 
> to disable requiretty, initiating ssh on machine 
> SshMachineLocation[54.154.17.185:r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com/54.154.17.185:22
> (id=gco0d355zk)]: #!/bin/bash -e
>  ; { { test ! -e /etc/sudoers && true ; } || ( ( if test "$UID" -eq 0; then ( 
> grep brooklyn-removed-require-tty /etc/sudoers ); else sudo -E -n -S -- grep 
> brooklyn-removed-require-tty /etc/sudoers; fi ) || { ( if test "$UID" -eq 0;
>  then ( cp /etc/sudoers /etc/sudoers.bohb23 ); else sudo -E -n -S -- cp 
> /etc/sudoers /etc/sudoers.bohb23; fi ) && ( if test "$UID" -eq 0; then ( sed 
> -i.brooklyn.bak 's/.*requiretty.*/#brooklyn-removed-require-tty/' 
> /etc/sudoers.boh
> b23 ); else sudo -E -n -S -- sed -i.brooklyn.bak 
> 's/.*requiretty.*/#brooklyn-removed-require-tty/' /etc/sudoers.bohb23; fi ) 
> && ( if test "$UID" -eq 0; then ( visudo -c -f /etc/sudoers.bohb23 ); else 
> sudo -E -n -S -- visudo -c -f /
> etc/sudoers.bohb23; fi ) && ( if test "$UID" -eq 0; then ( mv 
> /etc/sudoers.bohb23 /etc/sudoers ); else sudo -E -n -S -- mv 
> /etc/sudoers.bohb23 /etc/sudoers; fi ) ; } ) ; } ; ( if test "$UID" -eq 0; 
> then ( echo "sudo"-is-working-aTd
> La5 ); else sudo -E -n -S -- echo "sudo"-is-working-aTdLa5; fi )
> 2017-11-08T15:36:13,487 DEBUG 123 o.a.b.l.s.SshMachineLocation 
> [ger-SeuKvIO8-172] 
> org.apache.brooklyn.location.ssh.SshMachineLocation$4@2cd38cc4 building ssh 
> pool for ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22 with proper
> ties: {port=22, allocatePTY=true}
> 2017-11-08T15:36:13,669 DEBUG 146 o.a.b.u.p.BasicPool [ger-SeuKvIO8-172] 
> BasicPool{name=Pool(54.154.17....@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com/54.154.17.185:22:hash2126695026)}
>  acquired and returning new entry root@ec
> 2-54-154-17-185.eu-west-1.compute.amazonaws.com:22 (currentLeased=1; 
> totalLeased=1; totalCreated=1; totalClosed=0)
> 2017-11-08T15:36:13,834 DEBUG 123 
> o.a.b.c.m.p.BrooklynMementoPersisterToObjectStore [ger-SeuKvIO8-171] 
> Checkpointed delta of memento in 7ms: updated 1 entities, 2 locations, 0 
> policies, 4 enrichers, 0 catalog items, 0 bundles; remo
> ved 0 entities, 0 locations, 0 policies, 0 enrichers, 0 catalog items, 0 
> bundles
> 2017-11-08T15:36:13,860 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout] 
> /tmp/brooklyn-20171108-153613669-HpLV-patch_etc_sudoers_to_disable_r.sh < 
> /dev/null
> 2017-11-08T15:36:13,861 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout] RESULT=$?
> 2017-11-08T15:36:13,861 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout] rm -f 
> /tmp/brooklyn-20171108-153613669-HpLV-patch_etc_sudoers_to_disable_r.sh < 
> /dev/null
> 2017-11-08T15:36:13,861 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout] exit 
> $RESULT
> 2017-11-08T15:36:13,861 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout] Last 
> login: Wed Nov  8 15:36:03 2017 from 172.31.30.73
> 2017-11-08T15:36:13,862 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout]      ___   
> _        __   __   ____            __
> 2017-11-08T15:36:13,862 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout]     / _ \ 
> (_)___ _ / /  / /_ / __/____ ___ _ / /___
> 2017-11-08T15:36:13,862 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout]    / , _// 
> // _ `// _ \/ __/_\ \ / __// _ `// // -_)
> 2017-11-08T15:36:13,863 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout]   
> /_/|_|/_/ \_, //_//_/\__//___/ \__/ \_,_//_/ \__/
> 2017-11-08T15:36:13,863 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout]            
> /___/
> 2017-11-08T15:36:13,863 DEBUG 123 b.SSH [Thread-352] 
> [r...@ec2-54-154-17-185.eu-west-1.compute.amazonaws.com:22:stdout] Welcome to 
> a virtual machine image brought to you by RightScale!
> {noformat}



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)

Reply via email to