diff options
author | Valerij Fredriksen <valerijf@yahooinc.com> | 2021-11-15 16:39:47 +0100 |
---|---|---|
committer | Valerij Fredriksen <valerijf@yahooinc.com> | 2021-11-15 16:39:47 +0100 |
commit | 15fb3e939af9ef532ca91ae14d96e493cb0aad34 (patch) | |
tree | e13725734af8ce34020debea04e6a5123bc752f8 /node-admin/src/main | |
parent | f322121bbe051b8c0e9b2efd6218468234e30928 (diff) |
Require UnixUser to ContainerEngine::execute
Diffstat (limited to 'node-admin/src/main')
4 files changed, 17 insertions, 15 deletions
diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngine.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngine.java index a3bce4c687e..cfa0452ebf9 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngine.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerEngine.java @@ -6,6 +6,7 @@ import com.yahoo.vespa.hosted.node.admin.component.TaskContext; import com.yahoo.vespa.hosted.node.admin.container.image.Image; import com.yahoo.vespa.hosted.node.admin.nodeagent.ContainerData; import com.yahoo.vespa.hosted.node.admin.nodeagent.NodeAgentContext; +import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixUser; import com.yahoo.vespa.hosted.node.admin.task.util.process.CommandResult; import java.time.Duration; @@ -40,8 +41,8 @@ public interface ContainerEngine { /** Returns the network interface used by container in given context */ String networkInterface(NodeAgentContext context); - /** Execute command inside container as root. Ignores non-zero exit code */ - CommandResult executeAsRoot(NodeAgentContext context, Duration timeout, String... command); + /** Execute command inside container as given user. Ignores non-zero exit code */ + CommandResult execute(NodeAgentContext context, UnixUser user, Duration timeout, String... command); /** Execute command inside the container's network namespace. Throws on non-zero exit code */ CommandResult executeInNetworkNamespace(NodeAgentContext context, String... command); diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerOperations.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerOperations.java index 3017773700a..8a66373c28b 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerOperations.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/container/ContainerOperations.java @@ -7,6 +7,7 @@ import com.yahoo.vespa.hosted.node.admin.container.image.ContainerImageDownloade import com.yahoo.vespa.hosted.node.admin.container.image.ContainerImagePruner; import com.yahoo.vespa.hosted.node.admin.nodeagent.ContainerData; import com.yahoo.vespa.hosted.node.admin.nodeagent.NodeAgentContext; +import com.yahoo.vespa.hosted.node.admin.task.util.file.UnixUser; import com.yahoo.vespa.hosted.node.admin.task.util.process.CommandLine; import com.yahoo.vespa.hosted.node.admin.task.util.process.CommandResult; @@ -66,13 +67,13 @@ public class ContainerOperations { } /** Executes a command inside container identified by given context. Does NOT throw on non-zero exit code */ - public CommandResult executeCommandInContainerAsRoot(NodeAgentContext context, String... command) { - return executeCommandInContainerAsRoot(context, CommandLine.DEFAULT_TIMEOUT.toSeconds(), command); + public CommandResult executeCommandInContainer(NodeAgentContext context, UnixUser user, String... command) { + return executeCommandInContainer(context, user, CommandLine.DEFAULT_TIMEOUT, command); } /** Execute command inside container identified by given context. Does NOT throw on non-zero exit code */ - public CommandResult executeCommandInContainerAsRoot(NodeAgentContext context, Long timeoutSeconds, String... command) { - return containerEngine.executeAsRoot(context, Duration.ofSeconds(timeoutSeconds), command); + public CommandResult executeCommandInContainer(NodeAgentContext context, UnixUser user, Duration timeout, String... command) { + return containerEngine.execute(context, user, timeout, command); } /** Execute command in inside containers network namespace, identified by given context. Throws on non-zero exit code */ @@ -142,7 +143,7 @@ public class ContainerOperations { private String executeNodeCtlInContainer(NodeAgentContext context, String program) { String[] command = new String[] {context.paths().underVespaHome("bin/vespa-nodectl").pathInContainer(), program}; - return executeCommandInContainerAsRoot(context, command).getOutput(); + return executeCommandInContainer(context, context.users().vespa(), command).getOutput(); } } diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoreCollector.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoreCollector.java index 60330984f57..60435082745 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoreCollector.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/coredump/CoreCollector.java @@ -34,10 +34,10 @@ public class CoreCollector { static final Map<String, Object> JAVA_HEAP_DUMP_METADATA = Map.of("bin_path", "java", "backtrace", List.of("Heap dump, no backtrace available")); - private final ContainerOperations docker; + private final ContainerOperations container; - public CoreCollector(ContainerOperations docker) { - this.docker = docker; + public CoreCollector(ContainerOperations container) { + this.container = container; } String getGdbPath(NodeAgentContext context) { @@ -47,7 +47,7 @@ public class CoreCollector { String readBinPathFallback(NodeAgentContext context, ContainerPath coredumpPath) { String command = getGdbPath(context) + " -n -batch -core " + coredumpPath.pathInContainer() + " | grep \'^Core was generated by\'"; String[] wrappedCommand = {"/bin/sh", "-c", command}; - CommandResult result = docker.executeCommandInContainerAsRoot(context, wrappedCommand); + CommandResult result = container.executeCommandInContainer(context, context.users().root(), wrappedCommand); Matcher matcher = CORE_GENERATOR_PATH_PATTERN.matcher(result.getOutput()); if (! matcher.find()) { @@ -60,7 +60,7 @@ public class CoreCollector { String readBinPath(NodeAgentContext context, ContainerPath coredumpPath) { String[] command = {"file", coredumpPath.pathInContainer()}; try { - CommandResult result = docker.executeCommandInContainerAsRoot(context, command); + CommandResult result = container.executeCommandInContainer(context, context.users().root(), command); if (result.getExitCode() != 0) { throw new ConvergenceException("file command failed with " + asString(result)); } @@ -86,7 +86,7 @@ public class CoreCollector { String threads = allThreads ? "thread apply all bt" : "bt"; String[] command = {getGdbPath(context), "-n", "-ex", threads, "-batch", binPath, coredumpPath.pathInContainer()}; - CommandResult result = docker.executeCommandInContainerAsRoot(context, command); + CommandResult result = container.executeCommandInContainer(context, context.users().root(), command); if (result.getExitCode() != 0) throw new ConvergenceException("Failed to read backtrace " + asString(result) + ", Command: " + Arrays.toString(command)); @@ -96,7 +96,7 @@ public class CoreCollector { List<String> readJstack(NodeAgentContext context, ContainerPath coredumpPath, String binPath) { String[] command = {"jhsdb", "jstack", "--exe", binPath, "--core", coredumpPath.pathInContainer()}; - CommandResult result = docker.executeCommandInContainerAsRoot(context, command); + CommandResult result = container.executeCommandInContainer(context, context.users().root(), command); if (result.getExitCode() != 0) throw new ConvergenceException("Failed to read jstack " + asString(result) + ", Command: " + Arrays.toString(command)); diff --git a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/servicedump/VespaServiceDumperImpl.java b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/servicedump/VespaServiceDumperImpl.java index 86dc1ed983d..b30b8e22fc5 100644 --- a/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/servicedump/VespaServiceDumperImpl.java +++ b/node-admin/src/main/java/com/yahoo/vespa/hosted/node/admin/maintenance/servicedump/VespaServiceDumperImpl.java @@ -201,7 +201,7 @@ public class VespaServiceDumperImpl implements VespaServiceDumper { @Override public CommandResult executeCommandInNode(List<String> command, boolean logOutput) { - CommandResult result = container.executeCommandInContainerAsRoot(nodeAgentCtx, command.toArray(new String[0])); + CommandResult result = container.executeCommandInContainer(nodeAgentCtx, nodeAgentCtx.users().vespa(), command.toArray(new String[0])); String cmdString = command.stream().map(s -> "'" + s + "'").collect(Collectors.joining(" ", "\"", "\"")); int exitCode = result.getExitCode(); String output = result.getOutput().trim(); |