stork
stork copied to clipboard
fizzed
[Question] Why stork-deploy need sudo password?
Hi,
When I use stork-deploy via ssh to another machine, it keeps asking for sudo password. Is there anyway to avoid this ? Or, if I can input the password in the command?
Thanks.
Hey Steve,
To do some of the things stork-deploy needs to do (e.g. start/stop services), it uses sudo. While logging in via ssh supports the password prompt, supporting it for sudo requires some additional things under-the-hood (e.g. using expect).
Can you configure the remote system to support passwordless sudo? If you really want to lock it down, you could lock sudo passwordless commands down to the few stork-deploy currently uses.
-Joe
On Tue, Jul 18, 2017 at 8:31 PM, Steve Luo [email protected] wrote:
Hi,
When I use stork-deploy via ssh to another machine, it keeps asking for sudo password. Is there anyway to avoid this ? Or, if I can input the password in the command?
Thanks.
— You are receiving this because you are subscribed to this thread. Reply to this email directly, view it on GitHub https://github.com/fizzed/stork/issues/14, or mute the thread https://github.com/notifications/unsubscribe-auth/AAjwApbTZqMK4UDj5sYjQSST07_POddWks5sPU51gaJpZM4OcFjf .
@jjlauer thanks for the prompt reply.
But where can I find which commands stork is using with sudo permissions?
They are all pretty basic commands: rm, chown, chmod, etc. Mapping out what will run is across 2 files:
All the commands are here. You can see "sudo" is the first param in some of them.
https://github.com/fizzed/stork/blob/master/stork-deploy/src/main/java/com/fizzed/stork/deploy/UnixTarget.java
They are all deployed via 1 file:
https://github.com/fizzed/stork/blob/master/stork-deploy/src/main/java/com/fizzed/stork/deploy/Deployer.java
Looks like a handful pass in true to sudo as a param. If you wanted to help document them, they'd be great to add to the README for folks in your situation. Also, if you do run a deploy, they should all be echo'ed out to stdout as an alternative way to map what's going on.
-Joe
On Tue, Jul 18, 2017 at 9:04 PM, Steve Luo [email protected] wrote:
@jjlauer https://github.com/jjlauer thanks for the prompt reply.
But where can I find which commands stork is using with sudo permissions?
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHub https://github.com/fizzed/stork/issues/14#issuecomment-316242217, or mute the thread https://github.com/notifications/unsubscribe-auth/AAjwAvsGK3oIWWyl01N03CNyyfxj-L2gks5sPVYNgaJpZM4OcFjf .
Hi @jjlauer ,
Thank you very much. I have successfully deployed my application with passwordless sudo. I will read the source later to know more about this.
By the way, stork is awesome!
@steveluo Stork v2.6.0 is out and I kept your question in mind while working on it. I have a rough plan in future versions to really focus in on permissions to get stork's sudo use down to as little as possible. I'd like to shoot for allowing an admin to create the root deploy dir out-of-band (not using stork and as simple as mkdir -p /opt/app) and maybe locking down sudo use to simply restarting daemons (if your deploys have them). Will keep this issue open so I can remember to revisit it later.
@jjlauer Thank you for letting me know. Yes, I use sudo to restart the daemons. I'm totally agreed with you that use sudo as little as possible for security reason. Actually, after creating the directory /opt/app, the later deploy operation (extract file, replace old version, copy config files, etc.) needn't sudo anymore, except restarting the daemon.