[MediaWiki-commits] [Gerrit] Tools: Check permissions for error.log in webservice - change (operations/puppet)

Tim Landscheidt (Code Review) Fri, 14 Aug 2015 08:05:48 -0700

Tim Landscheidt has uploaded a new change for review.

  https://gerrit.wikimedia.org/r/231564


Change subject: Tools: Check permissions for error.log in webservice
......................................................................

Tools: Check permissions for error.log in webservice

Recurringly users start web services after, usually inadvertently,
changing the ownership of ~/error.log to themselves.  This causes the
grid job to fail immediately.

This change checks that the account that starts the web service is
also able to write to ~/error.log and fails otherwise.

Bug: T99576
Change-Id: I06bbdbbd5a50063e66dfae0293c2c1685578e65c
---
M modules/toollabs/files/webservice2
1 file changed, 10 insertions(+), 2 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/64/231564/1

diff --git a/modules/toollabs/files/webservice2 
b/modules/toollabs/files/webservice2
index 26769cc..4c92a11 100644
--- a/modules/toollabs/files/webservice2
+++ b/modules/toollabs/files/webservice2
@@ -47,8 +47,8 @@
     :param server: Server type to start job as. Current options are lighttpd 
and tomcat
     """
     command = ['qsub',
-               '-e', '%s/error.log' % HOME,
-               '-o', '%s/error.log' % HOME,
+               '-e', ERROR_LOG_FILE,
+               '-o', ERROR_LOG_FILE,
                '-i', '/dev/null',
                '-q', get_queue_name(server),
                '-l', 'h_vmem=%s,release=%s' % (MEMLIMIT, release),
@@ -139,6 +139,7 @@
 pwd_entry = pwd.getpwuid(os.getuid())
 USER = pwd_entry.pw_name
 HOME = pwd_entry.pw_dir
+ERROR_LOG_FILE = '%s/error.log' % HOME
 
 # Ensure that we are indeed a tool.
 if not USER.startswith(PREFIX + '.'):
@@ -146,6 +147,13 @@
     sys.exit(1)
 TOOL = USER[len(PREFIX) + 1:]
 
+# Ensure that SGE will be able to write to ~/error.log.
+# Theoretically, this is only needed when starting and restarting a
+# web service, but it doesn't hurt to enforce it at all times.
+if not os.access(ERROR_LOG_FILE, os.W_OK):
+    sys.stderr.write('The log file %s is not writable.\n' % ERROR_LOG_FILE)
+    sys.exit(1)
+
 # Read memlimit customizations for individual tools, set by
 # admins for tools that require more than usual memory limits.
 MEMLIMIT = read_file(

-- 
To view, visit https://gerrit.wikimedia.org/r/231564
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: I06bbdbbd5a50063e66dfae0293c2c1685578e65c
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Tim Landscheidt <[email protected]>

_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

[MediaWiki-commits] [Gerrit] Tools: Check permissions for error.log in webservice - change (operations/puppet)

Reply via email to