From 94f13b1dae241ab033d932b9e2cddef059b33206 Mon Sep 17 00:00:00 2001 From: Arne H Juul Date: Thu, 8 Jun 2017 09:42:23 +0200 Subject: make API for getting VESPA_USER setting --- defaults/src/apps/printdefault/printdefault.cpp | 2 ++ .../java/com/yahoo/vespa/defaults/Defaults.java | 23 +++++++++++++++++++--- .../com/yahoo/vespa/defaults/DefaultsTestCase.java | 5 +++++ defaults/src/vespa/defaults.cpp | 17 ++++++++++++++++ defaults/src/vespa/defaults.h | 6 ++++++ 5 files changed, 50 insertions(+), 3 deletions(-) diff --git a/defaults/src/apps/printdefault/printdefault.cpp b/defaults/src/apps/printdefault/printdefault.cpp index 0419ca9b2dd..8c1e265fff3 100644 --- a/defaults/src/apps/printdefault/printdefault.cpp +++ b/defaults/src/apps/printdefault/printdefault.cpp @@ -12,6 +12,8 @@ int main(int argc, char **argv) { } if (strcmp(argv[1], "home") == 0) { printf("%s\n", vespa::Defaults::vespaHome()); + } else if (strcmp(argv[1], "user") == 0) { + printf("%s\n", vespa::Defaults::vespaUser()); } else if (strcmp(argv[1], "portbase") == 0) { printf("%d\n", vespa::Defaults::vespaPortBase()); } else if (strcmp(argv[1], "configserver_rpc_port") == 0) { diff --git a/defaults/src/main/java/com/yahoo/vespa/defaults/Defaults.java b/defaults/src/main/java/com/yahoo/vespa/defaults/Defaults.java index 060fd3c56cd..97a58fc8440 100644 --- a/defaults/src/main/java/com/yahoo/vespa/defaults/Defaults.java +++ b/defaults/src/main/java/com/yahoo/vespa/defaults/Defaults.java @@ -17,28 +17,39 @@ public class Defaults { private static final Defaults defaults = new Defaults(); private final String vespaHome; + private final String vespaUser; private final int vespaWebServicePort; private final int vespaPortBase; private Defaults() { vespaHome = findVespaHome(); + vespaUser = findVespaUser(); vespaWebServicePort = findVespaWebServicePort(); vespaPortBase = 19000; // TODO } - private String findVespaHome() { + static private String findVespaHome() { Optional vespaHomeEnv = Optional.ofNullable(System.getenv("VESPA_HOME")); if ( ! vespaHomeEnv.isPresent() || vespaHomeEnv.get().trim().isEmpty()) { log.info("VESPA_HOME not set, using /opt/yahoo/vespa/"); return "/opt/yahoo/vespa/"; } - String vespaHome = vespaHomeEnv.get(); + String vespaHome = vespaHomeEnv.get().trim(); if ( ! vespaHome.endsWith("/")) vespaHome = vespaHome + "/"; return vespaHome; } - private int findVespaWebServicePort() { + static private String findVespaUser() { + Optional vespaUserEnv = Optional.ofNullable(System.getenv("VESPA_USER")); + if (! vespaUserEnv.isPresent()) { + log.fine("VESPA_USER not set, using yahoo"); + return "yahoo"; + } + return vespaUserEnv.get().trim(); + } + + static private int findVespaWebServicePort() { Optional vespaWebServicePortString = Optional.ofNullable(System.getenv("VESPA_WEB_SERVICE_PORT")); if ( ! vespaWebServicePortString.isPresent() || vespaWebServicePortString.get().trim().isEmpty()) { log.info("VESPA_WEB_SERVICE_PORT not set, using 8080"); @@ -53,6 +64,12 @@ public class Defaults { } } + /** + * Get the username to own directories, files and processes + * @return the vespa user name + **/ + public String vespaUser() { return vespaUser; } + /** * Returns the path to the root under which Vespa should read and write files, ending by "/". * diff --git a/defaults/src/test/java/com/yahoo/vespa/defaults/DefaultsTestCase.java b/defaults/src/test/java/com/yahoo/vespa/defaults/DefaultsTestCase.java index ef64b6a252a..99a8421ae54 100644 --- a/defaults/src/test/java/com/yahoo/vespa/defaults/DefaultsTestCase.java +++ b/defaults/src/test/java/com/yahoo/vespa/defaults/DefaultsTestCase.java @@ -17,4 +17,9 @@ public class DefaultsTestCase { assertEquals("./my/explicit/relative/path", Defaults.getDefaults().underVespaHome("./my/explicit/relative/path")); } + @Test + public void testFindVespaUser() { + assertEquals("yahoo", Defaults.getDefaults().vespaUser()); + } + } diff --git a/defaults/src/vespa/defaults.cpp b/defaults/src/vespa/defaults.cpp index 74fc36f1859..9e59fe15802 100644 --- a/defaults/src/vespa/defaults.cpp +++ b/defaults/src/vespa/defaults.cpp @@ -9,11 +9,13 @@ #include #include #include +#include namespace { const char *defaultHome = "/opt/yahoo/vespa/"; char computedHome[PATH_MAX]; +const char *defaultUser = "yahoo"; int defaultWebServicePort = 8080; int defaultPortBase = 19000; int defaultPortConfigServerRpc = 19070; @@ -63,6 +65,14 @@ void findDefaults() { fprintf(stderr, "warning\tbad VESPA_HOME '%s' (ignored)\n", env); } } + env = getenv("VESPA_USER"); + if (env != NULL) { + if (*env != '0' && getpwnam(env) == 0) { + fprintf(stderr, "warning\tbad VESPA_USER '%s' (ignored)\n", env); + } else { + defaultUser = env; + } + } long p = getNumFromEnv("VESPA_WEB_SERVICE_PORT"); if (p > 0) { // fprintf(stderr, "debug\tdefault web service port is '%ld'\n", p); @@ -157,6 +167,13 @@ Defaults::vespaHome() return defaultHome; } +const char * +Defaults::vespaUser() +{ + findDefaults(); + return defaultUser; +} + int Defaults::vespaWebServicePort() { diff --git a/defaults/src/vespa/defaults.h b/defaults/src/vespa/defaults.h index ec3f78e1e29..738f70f8b19 100644 --- a/defaults/src/vespa/defaults.h +++ b/defaults/src/vespa/defaults.h @@ -25,6 +25,12 @@ public: **/ static const char *vespaHome(); + /** + * Compute the user name to own directories and run processes. + * @return the vespa user name + **/ + static const char *vespaUser(); + /** * Compute the port number where the Vespa webservice * container should be available. -- cgit v1.2.3 From bab3573c0e9539a4616e2dc429ff6387b691a835 Mon Sep 17 00:00:00 2001 From: Arne H Juul Date: Thu, 8 Jun 2017 10:04:19 +0200 Subject: use vespaUser() from Defaults --- .../src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java index e94a2d9d118..fdd0bfbe024 100644 --- a/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java +++ b/docker-api/src/main/java/com/yahoo/vespa/hosted/dockerapi/DockerImpl.java @@ -49,9 +49,9 @@ import java.util.logging.Logger; import java.util.stream.Collectors; import java.util.stream.Stream; +import static com.yahoo.vespa.defaults.Defaults.getDefaults; import static com.yahoo.vespa.hosted.dockerapi.DockerNetworkCreator.NetworkAddressInterface; - public class DockerImpl implements Docker { private static final Logger logger = Logger.getLogger(DockerImpl.class.getName()); @@ -225,7 +225,7 @@ public class DockerImpl implements Docker { @Override public ProcessResult executeInContainer(ContainerName containerName, String... args) { - return executeInContainerAsUser(containerName, "yahoo", Optional.empty(), args); + return executeInContainerAsUser(containerName, getDefaults().vespaUser(), Optional.empty(), args); } @Override -- cgit v1.2.3 From da0c3bcdf250b4975c931a4a86e37000c746084f Mon Sep 17 00:00:00 2001 From: Arne H Juul Date: Thu, 8 Jun 2017 10:04:30 +0200 Subject: use vespaUser() from Defaults --- .../yahoo/vespa/hosted/node/admin/docker/LocalZoneUtils.java | 10 +++++----- .../hosted/node/admin/util/SecretAgentScheduleMakerTest.java | 4 ++-- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/LocalZoneUtils.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/LocalZoneUtils.java index fdc5489e95c..219fcb4a41c 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/LocalZoneUtils.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/docker/LocalZoneUtils.java @@ -2,7 +2,7 @@ package com.yahoo.vespa.hosted.node.admin.docker; import com.yahoo.net.HostName; -import com.yahoo.vespa.defaults.Defaults; +import static com.yahoo.vespa.defaults.Defaults.getDefaults; import com.yahoo.vespa.hosted.dockerapi.Container; import com.yahoo.vespa.hosted.dockerapi.ContainerName; import com.yahoo.vespa.hosted.dockerapi.Docker; @@ -61,7 +61,7 @@ public class LocalZoneUtils { else docker.deleteContainer(CONFIG_SERVER_CONTAINER_NAME); } - Path pathToConfigServerApp = Paths.get(Defaults.getDefaults().underVespaHome("conf/configserver-app")); + Path pathToConfigServerApp = Paths.get(getDefaults().underVespaHome("conf/configserver-app")); docker.createContainerCommand(dockerImage, CONFIG_SERVER_CONTAINER_NAME, CONFIG_SERVER_HOSTNAME) .withNetworkMode(DockerImpl.DOCKER_CUSTOM_MACVLAN_NETWORK_NAME) .withIpAddress(environment.getInetAddressForHost(CONFIG_SERVER_HOSTNAME)) @@ -75,7 +75,7 @@ public class LocalZoneUtils { .create(); docker.copyArchiveToContainer(pathToProjectRoot.resolve("node-admin/configserver-app").toString(), - CONFIG_SERVER_CONTAINER_NAME, Defaults.getDefaults().underVespaHome("conf")); + CONFIG_SERVER_CONTAINER_NAME, getDefaults().underVespaHome("conf")); docker.startContainer(CONFIG_SERVER_CONTAINER_NAME); } @@ -141,7 +141,7 @@ public class LocalZoneUtils { createCmd.create(); docker.startContainer(NODE_ADMIN_CONTAINER_NAME); - docker.executeInContainerAsRoot(NODE_ADMIN_CONTAINER_NAME, "chown", "yahoo", "/host/var/run/docker.sock"); + docker.executeInContainerAsRoot(NODE_ADMIN_CONTAINER_NAME, "chown", getDefaults().vespaUser(), "/host/var/run/docker.sock"); } public static Optional getContainerNodeSpec(String hostName) { @@ -223,7 +223,7 @@ public class LocalZoneUtils { } } System.out.println("prepare " + applicationName); - final String deployPath = Defaults.getDefaults().underVespaHome("bin/deploy"); + final String deployPath = getDefaults().underVespaHome("bin/deploy"); ProcessResult copyProcess = docker.executeInContainer(CONFIG_SERVER_CONTAINER_NAME, deployPath, "-e", tenantName, "-a", applicationName, "prepare", pathToAppOnConfigServer.toString()); if (! copyProcess.isSuccess()) { diff --git a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/util/SecretAgentScheduleMakerTest.java b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/util/SecretAgentScheduleMakerTest.java index 55e71864bdb..c352dfbc0cf 100644 --- a/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/util/SecretAgentScheduleMakerTest.java +++ b/node-admin/src/test/java/com/yahoo/vespa/hosted/node/admin/util/SecretAgentScheduleMakerTest.java @@ -67,12 +67,12 @@ public class SecretAgentScheduleMakerTest { @Test public void generateSecretAgentScheduleWithDifferentUserTest() { SecretAgentScheduleMaker scheduleMaker = new SecretAgentScheduleMaker("system-checks", 60, - Paths.get("/some/test")).withRunAsUser("yahoo"); + Paths.get("/some/test")).withRunAsUser("barfoo"); assertEquals( "- id: system-checks\n" + " interval: 60\n" + - " user: yahoo\n" + + " user: barfoo\n" + " check: /some/test\n", scheduleMaker.toString()); } } -- cgit v1.2.3 From 3ccff246aa757000db84711949d1486dc7344198 Mon Sep 17 00:00:00 2001 From: Arne H Juul Date: Thu, 8 Jun 2017 10:04:41 +0200 Subject: use VESPA_USER env var --- configserver/src/main/sh/start-configserver | 6 +++--- zkfacade/src/main/sh/zkcli | 5 ++++- 2 files changed, 7 insertions(+), 4 deletions(-) diff --git a/configserver/src/main/sh/start-configserver b/configserver/src/main/sh/start-configserver index 48fdfb31361..4d85b3e65b3 100755 --- a/configserver/src/main/sh/start-configserver +++ b/configserver/src/main/sh/start-configserver @@ -63,12 +63,12 @@ findroot cd ${VESPA_HOME} || { echo "Cannot cd to ${VESPA_HOME}" 1>&2; exit 1; } if [ -f ${VESPA_HOME}conf/zookeeper/zookeeper.cfg ]; then - chown yahoo ${VESPA_HOME}conf/zookeeper/zookeeper.cfg + chown ${VESPA_USER} ${VESPA_HOME}conf/zookeeper/zookeeper.cfg chmod 644 ${VESPA_HOME}conf/zookeeper/zookeeper.cfg fi if [ -f ${VESPA_HOME}var/zookeeper/myid ]; then - chown yahoo ${VESPA_HOME}var/zookeeper/myid + chown ${VESPA_USER} ${VESPA_HOME}var/zookeeper/myid chmod 644 ${VESPA_HOME}var/zookeeper/myid fi @@ -126,7 +126,7 @@ jvmargs="$baseuserargs $serveruserargs" printenv > $cfpfile mkdir -p $bundlecachedir -chown -R yahoo $bundlecachedir +chown -R ${VESPA_USER} $bundlecachedir run-as-yahoo vespa-runserver -s configserver -r 30 -p $pidfile -- \ java \ diff --git a/zkfacade/src/main/sh/zkcli b/zkfacade/src/main/sh/zkcli index d0add5f33a0..c9763287809 100755 --- a/zkfacade/src/main/sh/zkcli +++ b/zkfacade/src/main/sh/zkcli @@ -60,4 +60,7 @@ findroot # END environment bootstrap section -sudo -u yahoo java -cp $VESPA_HOME/lib/jars/zkctl-jar-with-dependencies.jar -Dlog4j.configuration=file:$VESPA_HOME/etc/log4j-vespa.properties org.apache.zookeeper.ZooKeeperMain +sudo -u ${VESPA_USER} java \ + -cp $VESPA_HOME/lib/jars/zkctl-jar-with-dependencies.jar \ + -Dlog4j.configuration=file:$VESPA_HOME/etc/log4j-vespa.properties \ + org.apache.zookeeper.ZooKeeperMain -- cgit v1.2.3