Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

qa: use run_shell_payload to avoid sudo #42075

Merged
merged 3 commits into from Jul 2, 2021
Merged

qa: use run_shell_payload to avoid sudo #42075

merged 3 commits into from Jul 2, 2021

Conversation

batrick
Copy link
Member

@batrick batrick commented Jun 28, 2021

"run_shell" adds 'sudo' which runs afoul of new security protections on
Ubuntu 20.04.

Fixes: https://tracker.ceph.com/issues/51417
Signed-off-by: Patrick Donnelly pdonnell@redhat.com

Checklist

  • References tracker ticket
  • Updates documentation if necessary
  • Includes tests for new functionality or reproducer for bug
Show available Jenkins commands
  • jenkins retest this please
  • jenkins test classic perf
  • jenkins test crimson perf
  • jenkins test signed
  • jenkins test make check
  • jenkins test make check arm64
  • jenkins test submodules
  • jenkins test dashboard
  • jenkins test api
  • jenkins test docs
  • jenkins render docs
  • jenkins test ceph-volume all
  • jenkins test ceph-volume tox

@batrick batrick added cephfs Ceph File System needs-review labels Jun 28, 2021
@github-actions github-actions bot added the tests label Jun 28, 2021
@batrick
Copy link
Member Author

batrick commented Jun 28, 2021

jenkins test make check

@batrick
Copy link
Member Author

batrick commented Jun 29, 2021

Unfortunately I was wrong in that this does not avoid sudo:

2021-06-28T23:29:31.060 DEBUG:teuthology.orchestra.run.smithi061:> mktemp --suffix=dump1
2021-06-28T23:29:31.106 INFO:teuthology.orchestra.run.smithi061.stdout:/tmp/tmp.iybRCHtYHwdump1
2021-06-28T23:29:31.106 INFO:teuthology.orchestra.run:Running command with timeout 900
2021-06-28T23:29:31.107 DEBUG:teuthology.orchestra.run.smithi061:> (cd /home/ubuntu/cephtest/mnt.0 && exec sudo bash -c 'fallocate -l 1 /tmp/tmp.iybRCHtYHwdump1')
2021-06-28T23:29:31.145 INFO:teuthology.orchestra.run.smithi061.stderr:fallocate: cannot open /tmp/tmp.iybRCHtYHwdump1: Permission denied

From: https://pulpito.ceph.com/pdonnell-2021-06-28_22:59:28-fs-master-distro-basic-smithi/

I think this patch is still good as it avoids the awkward run_shell API but I think we'll ultimately have to address this headache in ceph/teuthology#1655

@github-actions github-actions bot added the nfs label Jun 29, 2021
@batrick batrick force-pushed the i51417 branch 2 times, most recently from 6e5150a to 30d0236 Compare June 29, 2021 17:28
batrick added a commit to batrick/ceph that referenced this pull request Jun 29, 2021
@batrick
Merge PR ceph#42075 into wip-pdonnell-testing-20210629.182657
51f36d4 
* refs/pull/42075/head:
	qa: avoid using sudo for regular test artifacts
	qa: use run_shell_payload to avoid sudo
@batrick batrick force-pushed the i51417 branch 2 times, most recently from 83a4bef to 433b4b6 Compare June 30, 2021 03:20
batrick added a commit to batrick/ceph that referenced this pull request Jun 30, 2021
@batrick
Merge PR ceph#42075 into wip-pdonnell-testing-20210630.032050
3417ef0 
* refs/pull/42075/head:
	qa: avoid using sudo for regular test artifacts
	qa: convert mount calls to mount_wait
	qa: use run_shell_payload to avoid sudo
@batrick
qa: use run_shell_payload to avoid sudo
8a1ee83 
"run_shell" adds 'sudo' which runs afoul of new security protections on
Ubuntu 20.04.

Fixes: https://tracker.ceph.com/issues/51417
Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
@batrick
qa: convert mount calls to mount_wait
4fc4ccb 
These tests want to immediately use the mount anyway. But the main
problem is, without waiting for the mount to complete, the command:

    chmod 1777 /path/to/mount

is not run so the mount cannot be written to by normal users without
sudo.

Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
@batrick
qa: avoid using sudo for regular test artifacts
e2b39f6 
Signed-off-by: Patrick Donnelly <pdonnell@redhat.com>
batrick added a commit to batrick/ceph that referenced this pull request Jul 2, 2021
@batrick
Merge PR ceph#42075 into wip-pdonnell-testing-20210701.192056
d6e31ab 
* refs/pull/42075/head:
	qa: avoid using sudo for regular test artifacts
	qa: convert mount calls to mount_wait
	qa: use run_shell_payload to avoid sudo
@batrick
Copy link
Member Author

batrick commented Jul 2, 2021

https://tracker.ceph.com/projects/cephfs/wiki/Master#2021-July-01

@batrick batrick merged commit de3f4a0 into ceph:master Jul 2, 2021
@batrick batrick deleted the i51417 branch July 2, 2021 20:16
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@rishabh-d-dave rishabh-d-dave rishabh-d-dave approved these changes

Assignees
No one assigned
Labels
cephfs Ceph File System needs-qa needs-review nfs tests wip-pdonnell-testing2
Projects
None yet
Milestone
No milestone
2 participants
@batrick @rishabh-d-dave