Sudo password required

[bacardi55]

When installing a new neuron via the kalliope install CLI command, I have to enter my sudo password even though my neuron request no additional installation and resources directory is writable by current user.
Could it only ask password when needed ?
Also, what happens when sudo is not installed on the local system?

Seems to come from here:
https://github.com/kalliope-project/kalliope/blob/master/kalliope/core/ResourcesManager.py#L235

(Also, it seems it assume that the root user exists, so I'm wandering if this works on Ubuntu)

[Sispheor]

Maybe we can check before the installation if the sentence "become: true" is present in the install.yml.
But it wont disturb the install if you provide even if there is system package to install.

It works on Ubuntu. I dev on Ubuntu 16.04.
And yes, sudo is mandatory for Ansible to get admin privileges. We assume it is installed on the system. We can add something in the doc about this maybe.

[Sispheor]

I think this is totally not a big deal to ask the sudo password every-time even if not necessary.

BTW, root user exist on Ubuntu, the password is disabled by default by the account is still present.

[bacardi55]

It is indeed not a big deal and not a big key features, it is just that i like giving my password only when needed because any bad code having root access can be dangerous (even not intentionally).
That being said, I guess we can put this aside for now as not important.

The need of having sudo is important though for user on distro without sudo by default

[andweber]

I'm not familiar with audible but for me it looks like a bad way passing the root password around and (by the way) writing it down in debug logs.

Not sure what should happen, but on Ubuntu 16.04 the debug output is not changing whether I supply a valid password or not. Only if I leave it empty - it crashes.

[Sispheor]

Todo list:

• remove password from log output
• fix crash when sudo password not provided

About the fact we ask the sudo password every time. As a playbook can contains multiple play, and in each play, the "become" command can be called in multiple level like in a task. We cannot know by advance if the sudo password will be required or not.
So we will still ask for it every time. After all, it's an installation, when you call pip, yum or apt you need to provide this password even if the package doesn't need it.

[andweber]

Is there a reason that kalliope is not called with root priveleges?

sudo kalliope install --git-url https:\\xyz

or in a root shell. That would be the usual approach for apt and all the others?

[Sispheor]

It's the usual approach for a package install. But we have based our module installation on Ansible and this one needs the sudo password inside its processing. Because the program is mostly used to deploy configuration on remote systems.

[Sispheor]

Sudo is still required. But the password is now hidden.
Done in the last dev branch. Will be merged in master soon.