From cdcfcb675f744b47c07e02aedcb10145fa1a29f2 Mon Sep 17 00:00:00 2001 From: Brett Weaver Date: Tue, 15 Dec 2015 10:07:29 -0800 Subject: [PATCH 01/12] adding support for sudo to run commands --- lib/instance_agent/platform/linux_util.rb | 4 +++- .../application_specification/application_specification.rb | 3 ++- .../codedeploy/application_specification/script_info.rb | 5 +++-- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb index e0e59b65..ba9b8c09 100644 --- a/lib/instance_agent/platform/linux_util.rb +++ b/lib/instance_agent/platform/linux_util.rb @@ -10,8 +10,10 @@ def self.supported_oses() def self.prepare_script_command(script, absolute_path) script_command = absolute_path - if(!script.runas.nil?) + if(!script.runas.nil? && script.sudo.nil?) script_command = 'su ' + script.runas + ' -c ' + absolute_path + elsif(!script.runas.nil? && !script.sudo.nil?) + script_command = 'sudo su ' + script.runas + ' -c ' + absolute_path end script_command end diff --git a/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb b/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb index 61a6b31e..d599eecd 100644 --- a/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb +++ b/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb @@ -60,6 +60,7 @@ def parse_hooks(hooks_hash) current_hook_scripts << InstanceAgent::Plugins::CodeDeployPlugin::ApplicationSpecification::ScriptInfo.new(script['location'].to_s.strip, { :runas => script.has_key?('runas') && !script['runas'].nil? ? script['runas'].to_s.strip : nil, + :sudo => script['sudo'], :timeout => script['timeout'] }) else @@ -140,4 +141,4 @@ def parse_context(context) end end end -end \ No newline at end of file +end diff --git a/lib/instance_agent/plugins/codedeploy/application_specification/script_info.rb b/lib/instance_agent/plugins/codedeploy/application_specification/script_info.rb index 526751b8..95ce6354 100644 --- a/lib/instance_agent/plugins/codedeploy/application_specification/script_info.rb +++ b/lib/instance_agent/plugins/codedeploy/application_specification/script_info.rb @@ -5,7 +5,7 @@ module ApplicationSpecification #Helper Class for storing data parsed from hook script maps class ScriptInfo - attr_reader :location, :runas, :timeout + attr_reader :location, :runas, :sudo, :timeout def initialize(location, opts = {}) location = location.to_s if(location.empty?) @@ -13,6 +13,7 @@ def initialize(location, opts = {}) end @location = location @runas = opts[:runas] + @sudo = opts[:sudo] @timeout = opts[:timeout] || 3600 @timeout = @timeout.to_i if(@timeout <= 0) @@ -24,4 +25,4 @@ def initialize(location, opts = {}) end end end -end \ No newline at end of file +end From dcebea9ca45bd4a313218052553fd71996f47a97 Mon Sep 17 00:00:00 2001 From: Brett Weaver Date: Tue, 15 Dec 2015 10:34:53 -0800 Subject: [PATCH 02/12] adding tests --- lib/instance_agent/platform/linux_util.rb | 2 ++ .../platform/linux_util_test.rb | 29 +++++++++++++++++++ 2 files changed, 31 insertions(+) create mode 100644 test/instance_agent/platform/linux_util_test.rb diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb index ba9b8c09..2fce824d 100644 --- a/lib/instance_agent/platform/linux_util.rb +++ b/lib/instance_agent/platform/linux_util.rb @@ -11,8 +11,10 @@ def self.supported_oses() def self.prepare_script_command(script, absolute_path) script_command = absolute_path if(!script.runas.nil? && script.sudo.nil?) + log(:info, "runas specified, running as #{script.runas}") script_command = 'su ' + script.runas + ' -c ' + absolute_path elsif(!script.runas.nil? && !script.sudo.nil?) + log(:info, "runas with sudo specified, running as #{script.runas}") script_command = 'sudo su ' + script.runas + ' -c ' + absolute_path end script_command diff --git a/test/instance_agent/platform/linux_util_test.rb b/test/instance_agent/platform/linux_util_test.rb new file mode 100644 index 00000000..2031742a --- /dev/null +++ b/test/instance_agent/platform/linux_util_test.rb @@ -0,0 +1,29 @@ +require './test_helper' + +class LinuxUtilTest < InstanceAgentTestCase + context 'Testing building command with sudo' do + setup do + @script_mock = Struct.new :sudo, :runas + end + + should 'return command with sudo with runas user deploy' do + mock = @script_mock.new true, "deploy" + assert_equal 'sudo su deploy -c my_script.sh', + InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") + end + + should 'return command without sudo with runas user deploy' do + mock = @script_mock.new nil, "deploy" + assert_equal 'su deploy -c my_script.sh', + InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") + end + + should 'return command without sudo or runas user' do + mock = @script_mock.new nil, nil + assert_equal 'my_script.sh', + InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") + end + + end +end + From 4ab53885762ae1a9852e1561ea7997ffdeb4f2bd Mon Sep 17 00:00:00 2001 From: Brett Weaver Date: Tue, 15 Dec 2015 10:42:50 -0800 Subject: [PATCH 03/12] adding support for sudo as root --- lib/instance_agent/platform/linux_util.rb | 3 +++ test/instance_agent/platform/linux_util_test.rb | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb index 2fce824d..a295bcfa 100644 --- a/lib/instance_agent/platform/linux_util.rb +++ b/lib/instance_agent/platform/linux_util.rb @@ -13,6 +13,9 @@ def self.prepare_script_command(script, absolute_path) if(!script.runas.nil? && script.sudo.nil?) log(:info, "runas specified, running as #{script.runas}") script_command = 'su ' + script.runas + ' -c ' + absolute_path + elsif(script.runas.nil? && script.sudo.nil?) + log(:info, "sudo specified, running as current user with sudo") + script_command = 'sudo ' + script.runas + ' -c ' + absolute_path elsif(!script.runas.nil? && !script.sudo.nil?) log(:info, "runas with sudo specified, running as #{script.runas}") script_command = 'sudo su ' + script.runas + ' -c ' + absolute_path diff --git a/test/instance_agent/platform/linux_util_test.rb b/test/instance_agent/platform/linux_util_test.rb index 2031742a..8ce53cbf 100644 --- a/test/instance_agent/platform/linux_util_test.rb +++ b/test/instance_agent/platform/linux_util_test.rb @@ -24,6 +24,12 @@ class LinuxUtilTest < InstanceAgentTestCase InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") end + should 'return command with sudo' do + mock = @script_mock.new true, nil + assert_equal 'sudo my_script.sh', + InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") + end + end end From d655c86be4df79807a10e0b71b1cbe175489b116 Mon Sep 17 00:00:00 2001 From: Brett Weaver Date: Tue, 15 Dec 2015 10:58:42 -0800 Subject: [PATCH 04/12] updated logs --- lib/instance_agent/platform/linux_util.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb index a295bcfa..b2753494 100644 --- a/lib/instance_agent/platform/linux_util.rb +++ b/lib/instance_agent/platform/linux_util.rb @@ -11,13 +11,13 @@ def self.supported_oses() def self.prepare_script_command(script, absolute_path) script_command = absolute_path if(!script.runas.nil? && script.sudo.nil?) - log(:info, "runas specified, running as #{script.runas}") + log(:info, "runas specified, running as #{script.runas}") script_command = 'su ' + script.runas + ' -c ' + absolute_path elsif(script.runas.nil? && script.sudo.nil?) - log(:info, "sudo specified, running as current user with sudo") + log(:info, "sudo specified, running as current user with sudo") script_command = 'sudo ' + script.runas + ' -c ' + absolute_path elsif(!script.runas.nil? && !script.sudo.nil?) - log(:info, "runas with sudo specified, running as #{script.runas}") + log(:info, "runas with sudo specified, running as #{script.runas}") script_command = 'sudo su ' + script.runas + ' -c ' + absolute_path end script_command From 5c7977a26b541d6c0edf9d8df4f8c4ee1c8c89cf Mon Sep 17 00:00:00 2001 From: Brett Weaver Date: Tue, 15 Dec 2015 11:06:22 -0800 Subject: [PATCH 05/12] formatting --- lib/instance_agent/platform/linux_util.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb index b2753494..b59e5a84 100644 --- a/lib/instance_agent/platform/linux_util.rb +++ b/lib/instance_agent/platform/linux_util.rb @@ -13,7 +13,7 @@ def self.prepare_script_command(script, absolute_path) if(!script.runas.nil? && script.sudo.nil?) log(:info, "runas specified, running as #{script.runas}") script_command = 'su ' + script.runas + ' -c ' + absolute_path - elsif(script.runas.nil? && script.sudo.nil?) + elsif(script.runas.nil? && script.sudo.nil?) log(:info, "sudo specified, running as current user with sudo") script_command = 'sudo ' + script.runas + ' -c ' + absolute_path elsif(!script.runas.nil? && !script.sudo.nil?) From 8977f8a86c049707b78599953e50d11f5be5f755 Mon Sep 17 00:00:00 2001 From: Brett Weaver Date: Tue, 15 Dec 2015 11:10:10 -0800 Subject: [PATCH 06/12] formatting --- .../application_specification.rb | 2 +- .../platform/linux_util_test.rb | 52 +++++++++---------- 2 files changed, 27 insertions(+), 27 deletions(-) diff --git a/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb b/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb index d599eecd..b3d7d751 100644 --- a/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb +++ b/lib/instance_agent/plugins/codedeploy/application_specification/application_specification.rb @@ -60,7 +60,7 @@ def parse_hooks(hooks_hash) current_hook_scripts << InstanceAgent::Plugins::CodeDeployPlugin::ApplicationSpecification::ScriptInfo.new(script['location'].to_s.strip, { :runas => script.has_key?('runas') && !script['runas'].nil? ? script['runas'].to_s.strip : nil, - :sudo => script['sudo'], + :sudo => script['sudo'], :timeout => script['timeout'] }) else diff --git a/test/instance_agent/platform/linux_util_test.rb b/test/instance_agent/platform/linux_util_test.rb index 8ce53cbf..c51c959b 100644 --- a/test/instance_agent/platform/linux_util_test.rb +++ b/test/instance_agent/platform/linux_util_test.rb @@ -1,35 +1,35 @@ -require './test_helper' +require 'test_helper' class LinuxUtilTest < InstanceAgentTestCase - context 'Testing building command with sudo' do - setup do - @script_mock = Struct.new :sudo, :runas - end + context 'Testing building command with sudo' do + setup do + @script_mock = Struct.new :sudo, :runas + end - should 'return command with sudo with runas user deploy' do - mock = @script_mock.new true, "deploy" - assert_equal 'sudo su deploy -c my_script.sh', - InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") - end + should 'return command with sudo with runas user deploy' do + mock = @script_mock.new true, "deploy" + assert_equal 'sudo su deploy -c my_script.sh', + InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") + end - should 'return command without sudo with runas user deploy' do - mock = @script_mock.new nil, "deploy" - assert_equal 'su deploy -c my_script.sh', - InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") - end + should 'return command without sudo with runas user deploy' do + mock = @script_mock.new nil, "deploy" + assert_equal 'su deploy -c my_script.sh', + InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") + end - should 'return command without sudo or runas user' do - mock = @script_mock.new nil, nil - assert_equal 'my_script.sh', - InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") - end + should 'return command without sudo or runas user' do + mock = @script_mock.new nil, nil + assert_equal 'my_script.sh', + InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") + end - should 'return command with sudo' do - mock = @script_mock.new true, nil - assert_equal 'sudo my_script.sh', - InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") - end + should 'return command with sudo' do + mock = @script_mock.new true, nil + assert_equal 'sudo my_script.sh', + InstanceAgent::LinuxUtil.prepare_script_command(mock, "my_script.sh") + end - end + end end From 52ff3a625cbde6a46704a8ba278f4438d970008d Mon Sep 17 00:00:00 2001 From: Brett Weaver Date: Tue, 15 Dec 2015 12:40:00 -0800 Subject: [PATCH 07/12] changing logs to debug --- lib/instance_agent/platform/linux_util.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb index b59e5a84..2cbdf406 100644 --- a/lib/instance_agent/platform/linux_util.rb +++ b/lib/instance_agent/platform/linux_util.rb @@ -11,13 +11,13 @@ def self.supported_oses() def self.prepare_script_command(script, absolute_path) script_command = absolute_path if(!script.runas.nil? && script.sudo.nil?) - log(:info, "runas specified, running as #{script.runas}") + log(:debug, "runas specified, running as #{script.runas}") script_command = 'su ' + script.runas + ' -c ' + absolute_path elsif(script.runas.nil? && script.sudo.nil?) - log(:info, "sudo specified, running as current user with sudo") + log(:debug, "sudo specified, running as current user with sudo") script_command = 'sudo ' + script.runas + ' -c ' + absolute_path elsif(!script.runas.nil? && !script.sudo.nil?) - log(:info, "runas with sudo specified, running as #{script.runas}") + log(:debug, "runas with sudo specified, running as #{script.runas}") script_command = 'sudo su ' + script.runas + ' -c ' + absolute_path end script_command From 6ebece852480e71cd7ced9163a8f053bbf0d9b9f Mon Sep 17 00:00:00 2001 From: Brett Weaver Date: Tue, 15 Dec 2015 12:42:11 -0800 Subject: [PATCH 08/12] removing logs --- lib/instance_agent/platform/linux_util.rb | 3 --- 1 file changed, 3 deletions(-) diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb index 2cbdf406..89e9a079 100644 --- a/lib/instance_agent/platform/linux_util.rb +++ b/lib/instance_agent/platform/linux_util.rb @@ -11,13 +11,10 @@ def self.supported_oses() def self.prepare_script_command(script, absolute_path) script_command = absolute_path if(!script.runas.nil? && script.sudo.nil?) - log(:debug, "runas specified, running as #{script.runas}") script_command = 'su ' + script.runas + ' -c ' + absolute_path elsif(script.runas.nil? && script.sudo.nil?) - log(:debug, "sudo specified, running as current user with sudo") script_command = 'sudo ' + script.runas + ' -c ' + absolute_path elsif(!script.runas.nil? && !script.sudo.nil?) - log(:debug, "runas with sudo specified, running as #{script.runas}") script_command = 'sudo su ' + script.runas + ' -c ' + absolute_path end script_command From 95bdba201bb8db2a21ccc012804a62fec290f262 Mon Sep 17 00:00:00 2001 From: ccloes Date: Wed, 23 Dec 2015 17:01:36 -0800 Subject: [PATCH 09/12] Updated to include modifications to allow running as non-root --- init.d/codedeploy-agent | 33 ++++++++++++++++++++++++++++----- 1 file changed, 28 insertions(+), 5 deletions(-) diff --git a/init.d/codedeploy-agent b/init.d/codedeploy-agent index d4eadf42..33849406 100755 --- a/init.d/codedeploy-agent +++ b/init.d/codedeploy-agent @@ -17,11 +17,14 @@ # the deployment artifacts on to this instance. ### END INIT INFO +# Source function library. +. /etc/rc.d/init.d/functions RETVAL=0 [ -f /etc/profile ] && [ "`stat --format '%U %G' /etc/profile`" == "root root" ] && source /etc/profile prog="codedeploy-agent" +USER="" AGENT_ROOT="/opt/codedeploy-agent/" INSTALLER="/opt/codedeploy-agent/bin/install" BIN="/opt/codedeploy-agent/bin/codedeploy-agent" @@ -29,34 +32,54 @@ BIN="/opt/codedeploy-agent/bin/codedeploy-agent" start() { echo -n $"Starting $prog:" cd $AGENT_ROOT - nohup $BIN start >/dev/null &1 # Try to start the server + if [ $USER ]; then + daemon --user=$USER $BIN start >/dev/null &1 # Try to start the server + else + nohup $BIN start >/dev/null &1 # Try to start the server + fi exit $? } stop() { echo -n $"Stopping $prog:" cd $AGENT_ROOT - nohup $BIN stop >/dev/null &1 # Try to stop the server + if [ $USER ]; then + daemon --user=$USER $BIN stop >/dev/null &1 # Try to stop the server + else + nohup $BIN stop >/dev/null &1 # Try to stop the server + fi exit $? } restart() { echo -n $"Restarting $prog:" cd $AGENT_ROOT - nohup $BIN restart >/dev/null &1 # Try to restart the server + if [ $USER ]; then + daemon --user=$USER $BIN restart >/dev/null &1 # Try to restart the server + else + nohup $BIN restart >/dev/null &1 # Try to restart the server + fi exit $? } status() { cd $AGENT_ROOT - $BIN status # Status of the server + if [ $USER ]; then + daemon --user=$USER $BIN status # Status of the server + else + $BIN status # Status of the server + fi exit $? } update() { echo -n $"Updating $prog:" cd $AGENT_ROOT - $INSTALLER auto #Update the agent + if [ $USER ]; then + daemon --user=$USER sudo $INSTALLER auto #Update the agent + else + $INSTALLER auto #Update the agent + fi } case "$1" in From d2c20535bf134c8d40481a60d2666cc40d1526f6 Mon Sep 17 00:00:00 2001 From: ccloes Date: Wed, 23 Dec 2015 18:37:25 -0800 Subject: [PATCH 10/12] updated to include additional debug message --- lib/instance_agent/platform/linux_util.rb | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb index 89e9a079..ab62c70a 100644 --- a/lib/instance_agent/platform/linux_util.rb +++ b/lib/instance_agent/platform/linux_util.rb @@ -17,6 +17,7 @@ def self.prepare_script_command(script, absolute_path) elsif(!script.runas.nil? && !script.sudo.nil?) script_command = 'sudo su ' + script.runas + ' -c ' + absolute_path end + log(:debug, "Executing: #{script_command}") script_command end From 48b07f441218a2cfe33625da453c3911409f302e Mon Sep 17 00:00:00 2001 From: Brett Weaver Date: Mon, 11 Jan 2016 15:17:31 -0800 Subject: [PATCH 11/12] cleaning up code and fixing bug in sudo decision --- lib/instance_agent/platform/linux_util.rb | 28 +++++++++++++++-------- 1 file changed, 18 insertions(+), 10 deletions(-) diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb index ab62c70a..42a69c42 100644 --- a/lib/instance_agent/platform/linux_util.rb +++ b/lib/instance_agent/platform/linux_util.rb @@ -8,17 +8,25 @@ def self.supported_oses() ['linux'] end - def self.prepare_script_command(script, absolute_path) - script_command = absolute_path - if(!script.runas.nil? && script.sudo.nil?) - script_command = 'su ' + script.runas + ' -c ' + absolute_path - elsif(script.runas.nil? && script.sudo.nil?) - script_command = 'sudo ' + script.runas + ' -c ' + absolute_path - elsif(!script.runas.nil? && !script.sudo.nil?) - script_command = 'sudo su ' + script.runas + ' -c ' + absolute_path + def self.prepare_script_command(script, absolute_cmd_path) + runas = !!script.runas + sudo = !!script.sudo + + if runas && sudo + return 'sudo su ' + script.runas + ' -c ' + absolute_cmd_path + end + + if runas && !sudo + return 'su ' + script.runas + ' -c ' + absolute_cmd_path end - log(:debug, "Executing: #{script_command}") - script_command + + if !runas && sudo + return 'sudo ' + absolute_cmd_path + end + + # Execute the command as the code deploy agent user if + # neither sudo or runas is specified + return absolute_cmd_path end def self.quit() From 2654195ee7574a509fac1b85fd1d0a03cbfe38c4 Mon Sep 17 00:00:00 2001 From: Brett Weaver Date: Mon, 11 Jan 2016 15:23:42 -0800 Subject: [PATCH 12/12] removing explicit return --- lib/instance_agent/platform/linux_util.rb | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/lib/instance_agent/platform/linux_util.rb b/lib/instance_agent/platform/linux_util.rb index 42a69c42..402f308d 100644 --- a/lib/instance_agent/platform/linux_util.rb +++ b/lib/instance_agent/platform/linux_util.rb @@ -24,9 +24,9 @@ def self.prepare_script_command(script, absolute_cmd_path) return 'sudo ' + absolute_cmd_path end - # Execute the command as the code deploy agent user if - # neither sudo or runas is specified - return absolute_cmd_path + # If neither sudo or runas is specified, execute the + # command as the code deploy agent user + absolute_cmd_path end def self.quit()