qa: avoid using sudo for regular test artifacts

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>

qa/tasks/cephfs/caps_helper.py

@@ -60,7 +60,7 @@ def conduct_pos_test_for_write_caps(self, filepaths, mounts):
                     self.assertEqual(data, contents1)
 
     def conduct_neg_test_for_write_caps(self, filepaths, mounts):
-        cmdargs = ['echo', 'some random data', Raw('|'), 'sudo', 'tee']
+        cmdargs = ['echo', 'some random data', Raw('|'), 'tee']
 
         for mount in mounts:
             for path in filepaths:

qa/tasks/cephfs/mount.py

@@ -12,7 +12,7 @@
 from IPy import IP
 
 from teuthology.contextutil import safe_while
-from teuthology.misc import get_file, sudo_write_file
+from teuthology.misc import get_file, write_file
 from teuthology.orchestra import run
 from teuthology.orchestra.run import CommandFailedError, ConnectionLostError, Raw
 
@@ -625,7 +625,7 @@ def create_files(self):
         for suffix in self.test_files:
             log.info("Creating file {0}".format(suffix))
             self.client_remote.run(args=[
-                'sudo', 'touch', os.path.join(self.hostfs_mntpt, suffix)
+                'touch', os.path.join(self.hostfs_mntpt, suffix)
             ])
 
     def test_create_file(self, filename='testfile', dirname=None, user=None,
@@ -639,7 +639,7 @@ def check_files(self):
         for suffix in self.test_files:
             log.info("Checking file {0}".format(suffix))
             r = self.client_remote.run(args=[
-                'sudo', 'ls', os.path.join(self.hostfs_mntpt, suffix)
+                'ls', os.path.join(self.hostfs_mntpt, suffix)
             ], check_status=False)
             if r.exitstatus != 0:
                 raise RuntimeError("Expected file {0} not found".format(suffix))
@@ -652,7 +652,7 @@ def write_file(self, path, data, perms=None):
         if path.find(self.hostfs_mntpt) == -1:
             path = os.path.join(self.hostfs_mntpt, path)
 
-        sudo_write_file(self.client_remote, path, data)
+        write_file(self.client_remote, path, data)
 
         if perms:
             self.run_shell(args=f'chmod {perms} {path}')
@@ -664,7 +664,7 @@ def read_file(self, path):
         if path.find(self.hostfs_mntpt) == -1:
             path = os.path.join(self.hostfs_mntpt, path)
 
-        return self.run_shell(args=['sudo', 'cat', path], omit_sudo=False).\
+        return self.run_shell(args=['cat', path]).\
             stdout.getvalue().strip()
 
     def create_destroy(self):
@@ -673,16 +673,16 @@ def create_destroy(self):
         filename = "{0} {1}".format(datetime.datetime.now(), self.client_id)
         log.debug("Creating test file {0}".format(filename))
         self.client_remote.run(args=[
-            'sudo', 'touch', os.path.join(self.hostfs_mntpt, filename)
+            'touch', os.path.join(self.hostfs_mntpt, filename)
         ])
         log.debug("Deleting test file {0}".format(filename))
         self.client_remote.run(args=[
-            'sudo', 'rm', '-f', os.path.join(self.hostfs_mntpt, filename)
+            'rm', '-f', os.path.join(self.hostfs_mntpt, filename)
         ])
 
     def _run_python(self, pyscript, py_version='python3'):
         return self.client_remote.run(
-               args=['sudo', 'adjust-ulimits', 'daemon-helper', 'kill',
+               args=['adjust-ulimits', 'daemon-helper', 'kill',
                      py_version, '-c', pyscript], wait=False, stdin=run.PIPE,
                stdout=StringIO())
 
@@ -691,12 +691,9 @@ def run_python(self, pyscript, py_version='python3'):
         p.wait()
         return p.stdout.getvalue().strip()
 
-    def run_shell(self, args, omit_sudo=True, timeout=900, **kwargs):
+    def run_shell(self, args, timeout=900, **kwargs):
         args = args.split() if isinstance(args, str) else args
-        # XXX: all commands ran with CephFS mount as CWD must be executed with
-        #  superuser privileges when tests are being run using teuthology.
-        if args[0] != 'sudo':
-            args.insert(0, 'sudo')
+        kwargs.pop('omit_sudo', False)
         cwd = kwargs.pop('cwd', self.mountpoint)
         stdout = kwargs.pop('stdout', StringIO())
         stderr = kwargs.pop('stderr', StringIO())
@@ -845,7 +842,7 @@ def wait_for_visible(self, basename="background_file", timeout=30):
         i = 0
         while i < timeout:
             r = self.client_remote.run(args=[
-                'sudo', 'ls', os.path.join(self.hostfs_mntpt, basename)
+                'stat', os.path.join(self.hostfs_mntpt, basename)
             ], check_status=False)
             if r.exitstatus == 0:
                 log.debug("File {0} became visible from {1} after {2}s".format(
@@ -943,7 +940,7 @@ def check_filelock(self, basename="background_file", do_flock=True):
 
         log.info("check lock on file {0}".format(basename))
         self.client_remote.run(args=[
-            'sudo', 'python3', '-c', pyscript
+            'python3', '-c', pyscript
         ])
 
     def write_background(self, basename="background_file", loop=False):

qa/tasks/cephfs/test_acls.py

@@ -21,7 +21,7 @@ def test_acls(self):
         elif isinstance(self.mount_a, KernelMount):
             log.info('client is kernel mounted')
 
-        self.mount_a.client_remote.run(args=['sudo', './check',
+        self.mount_a.client_remote.run(args=['./check',
             'generic/099'], cwd=self.repo_path, stdout=BytesIO(),
             stderr=BytesIO(), timeout=30, check_status=True,
             label='running tests for ACLs from xfstests-dev')

qa/tasks/cephfs/test_cephfs_shell.py

@@ -512,8 +512,7 @@ class TestDU(TestCephFSShell):
     def test_du_works_for_regfiles(self):
         regfilename = 'some_regfile'
         regfile_abspath = path.join(self.mount_a.mountpoint, regfilename)
-        self.mount_a.client_remote.write_file(regfile_abspath,
-                                              'somedata', sudo=True)
+        self.mount_a.client_remote.write_file(regfile_abspath, 'somedata')
 
         size = humansize(self.mount_a.stat(regfile_abspath)['st_size'])
         expected_output = r'{}{}{}'.format(size, " +", regfilename)
@@ -527,8 +526,7 @@ def test_du_works_for_non_empty_dirs(self):
         regfilename = 'some_regfile'
         regfile_abspath = path.join(dir_abspath, regfilename)
         self.mount_a.run_shell_payload(f"mkdir {dir_abspath}")
-        self.mount_a.client_remote.write_file(regfile_abspath,
-                                              'somedata', sudo=True)
+        self.mount_a.client_remote.write_file(regfile_abspath, 'somedata')
 
         # XXX: we stat `regfile_abspath` here because ceph du reports a non-empty
         # directory's size as sum of sizes of all files under it.
@@ -553,8 +551,7 @@ def test_du_works_for_empty_dirs(self):
     def test_du_works_for_hardlinks(self):
         regfilename = 'some_regfile'
         regfile_abspath = path.join(self.mount_a.mountpoint, regfilename)
-        self.mount_a.client_remote.write_file(regfile_abspath,
-                                              'somedata', sudo=True)
+        self.mount_a.client_remote.write_file(regfile_abspath, 'somedata')
         hlinkname = 'some_hardlink'
         hlink_abspath = path.join(self.mount_a.mountpoint, hlinkname)
         self.mount_a.run_shell_payload(f"ln {regfile_abspath} {hlink_abspath}")
@@ -568,8 +565,7 @@ def test_du_works_for_hardlinks(self):
     def test_du_works_for_softlinks_to_files(self):
         regfilename = 'some_regfile'
         regfile_abspath = path.join(self.mount_a.mountpoint, regfilename)
-        self.mount_a.client_remote.write_file(regfile_abspath,
-                                              'somedata', sudo=True)
+        self.mount_a.client_remote.write_file(regfile_abspath, 'somedata')
         slinkname = 'some_softlink'
         slink_abspath = path.join(self.mount_a.mountpoint, slinkname)
         self.mount_a.run_shell_payload(f"ln -s {regfile_abspath} {slink_abspath}")
@@ -624,10 +620,8 @@ def _setup_files(self, return_path_to_files=False, path_prefix='./'):
         self.mount_a.run_shell_payload(f"mkdir -p {dir21_abspath}")
         self.mount_a.run_shell_payload(f"touch {regfile121_abspath}")
 
-        self.mount_a.client_remote.write_file(regfile_abspath,
-                                              'somedata', sudo=True)
-        self.mount_a.client_remote.write_file(regfile121_abspath,
-                                              'somemoredata', sudo=True)
+        self.mount_a.client_remote.write_file(regfile_abspath, 'somedata')
+        self.mount_a.client_remote.write_file(regfile121_abspath, 'somemoredata')
 
         # TODO: is there a way to trigger/force update ceph.dir.rbytes?
         # wait so that attr ceph.dir.rbytes gets a chance to be updated.
@@ -815,8 +809,7 @@ def test_exceed_write_limit(self):
         file_abspath = path.join(dir_abspath, filename)
         try:
             # Write should fail as bytes quota is set to 6
-            self.mount_a.client_remote.write_file(file_abspath,
-                    'Disk raise Exception', sudo=True)
+            self.mount_a.client_remote.write_file(file_abspath, 'Disk raise Exception')
             raise Exception("Write should have failed")
         except CommandFailedError:
             # Test should pass only when write command fails

qa/tasks/cephfs/test_client_recovery.py

@@ -510,7 +510,7 @@ def test_stale_renew(self):
         mount_b_gid = self.mount_b.get_global_id()
         mount_b_pid = self.mount_b.get_client_pid()
         # stop ceph-fuse process of mount_b
-        self.mount_b.client_remote.run(args=["sudo", "kill", "-STOP", mount_b_pid])
+        self.mount_b.suspend_netns()
 
         self.assert_session_state(mount_b_gid, "open")
         time.sleep(session_timeout * 1.5)  # Long enough for MDS to consider session stale
@@ -519,7 +519,7 @@ def test_stale_renew(self):
         self.assert_session_state(mount_b_gid, "stale")
 
         # resume ceph-fuse process of mount_b
-        self.mount_b.client_remote.run(args=["sudo", "kill", "-CONT", mount_b_pid])
+        self.mount_b.resume_netns()
         # Is the new file visible from mount_b? (caps become invalid after session stale)
         self.mount_b.run_shell(["ls", "testdir/file2"])
 
@@ -682,7 +682,7 @@ def test_reconnect_after_blocklisted(self):
                 raise RuntimeError("read() failed to raise error")
             """).format(path=path)
         rproc = self.mount_a.client_remote.run(
-                    args=['sudo', 'python3', '-c', pyscript],
+                    args=['python3', '-c', pyscript],
                     wait=False, stdin=run.PIPE, stdout=run.PIPE)
 
         rproc.stdout.readline()

qa/tasks/cephfs/test_nfs.py

@@ -263,9 +263,11 @@ def _test_mnt(self, pseudo_path, port, ip, check=True):
                 return
             raise
 
+        self.ctx.cluster.run(args=['sudo', 'chmod', '1777', '/mnt'])
+
         try:
-            self.ctx.cluster.run(args=['sudo', 'touch', '/mnt/test'])
-            out_mnt = self._sys_cmd(['sudo', 'ls', '/mnt'])
+            self.ctx.cluster.run(args=['touch', '/mnt/test'])
+            out_mnt = self._sys_cmd(['ls', '/mnt'])
             self.assertEqual(out_mnt,  b'test\n')
         finally:
             self.ctx.cluster.run(args=['sudo', 'umount', '/mnt'])

qa/tasks/cephfs/test_scrub_checks.py

@@ -303,8 +303,8 @@ def test_scrub_repair(self):
         mds_rank = 0
         test_dir = "scrub_repair_path"
 
-        self.mount_a.run_shell(["sudo", "mkdir", test_dir])
-        self.mount_a.run_shell(["sudo", "touch", "{0}/file".format(test_dir)])
+        self.mount_a.run_shell(["mkdir", test_dir])
+        self.mount_a.run_shell(["touch", "{0}/file".format(test_dir)])
         dir_objname = "{:x}.00000000".format(self.mount_a.path_to_ino(test_dir))
 
         self.mount_a.umount_wait()
@@ -323,7 +323,7 @@ def test_scrub_repair(self):
 
         # fragstat indicates the directory is not empty, rmdir should fail
         with self.assertRaises(CommandFailedError) as ar:
-            self.mount_a.run_shell(["sudo", "rmdir", test_dir])
+            self.mount_a.run_shell(["rmdir", test_dir])
         self.assertEqual(ar.exception.exitstatus, 1)
 
         self.tell_command(mds_rank, "scrub start /{0} repair".format(test_dir),
@@ -333,7 +333,7 @@ def test_scrub_repair(self):
         time.sleep(10)
 
         # fragstat should be fixed
-        self.mount_a.run_shell(["sudo", "rmdir", test_dir])
+        self.mount_a.run_shell(["rmdir", test_dir])
 
     @staticmethod
     def json_validator(json_out, rc, element, expected_value):

qa/tasks/cephfs/test_volumes.py

@@ -278,9 +278,9 @@ def _do_subvolume_io_mixed(self, subvolume, subvolume_group=None):
         # this symlink's ownership would be changed
         sym_path2 = os.path.join(dir_path, "sym.0")
 
-        self.mount_a.run_shell(["sudo", "mkdir", dir_path], omit_sudo=False)
-        self.mount_a.run_shell(["sudo", "ln", "-s", "./{}".format(reg_file), sym_path1], omit_sudo=False)
-        self.mount_a.run_shell(["sudo", "ln", "-s", "./{}".format(reg_file), sym_path2], omit_sudo=False)
+        self.mount_a.run_shell(["mkdir", dir_path])
+        self.mount_a.run_shell(["ln", "-s", "./{}".format(reg_file), sym_path1])
+        self.mount_a.run_shell(["ln", "-s", "./{}".format(reg_file), sym_path2])
         # flip ownership to nobody. assumption: nobody's id is 65534
         self.mount_a.run_shell(["sudo", "chown", "-h", "65534:65534", sym_path2], omit_sudo=False)
 
@@ -333,8 +333,7 @@ def _create_v1_subvolume(self, subvol_name, subvol_group=None, has_snapshot=True
             # add a fake clone source
             meta_contents = meta_contents + '[source]\nvolume = fake\nsubvolume = fake\nsnapshot = fake\n'
         meta_filepath1 = os.path.join(self.mount_a.mountpoint, basepath, ".meta")
-        self.mount_a.client_remote.write_file(meta_filepath1,
-                                              meta_contents, sudo=True)
+        self.mount_a.client_remote.write_file(meta_filepath1, meta_contents)
         return createpath
 
     def _update_fake_trash(self, subvol_name, subvol_group=None, trash_name='fake', create=True):