Am I doing something wrong with sshkit "as"?
418 views
Skip to first unread message
Roy Miller
Mar 17, 2014, 10:42:37 PM3/17/14
to capis...@googlegroups.com
Using Cap 3.1.0. I have this in a task I run after a deploy is done:
That task runs, and the puts statement prints "root" on the console, as one would expect, so it looks like the "as" magic and the capture statement are working fine (same result with 'root' as a string or :root as a symbol). The problem is, the second capture statement fails like so:
But when I try to use the "on hosts do |host|" bit, I get an error like this:
task :'check-dependencies' do
on roles(:all) do |host|
[...]
as :root do puts capture(:whoami)
returned = capture("ls /etc/sudoers.d/deploy_permissions 2>&1")
end
end
end
end
end
That task runs, and the puts statement prints "root" on the console, as one would expect, so it looks like the "as" magic and the capture statement are working fine (same result with 'root' as a string or :root as a symbol). The problem is, the second capture statement fails like so:
DEBUG [e8cc068a] Running /usr/bin/env if ! sudo su root -c whoami > /dev/null; then echo "You cannot switch to user 'root' using sudo, please check the sudoers file" 1>&2; false; fi on [server].com
[00:04:13.766] DEBUG [e8cc068a] Command: if ! sudo su root -c whoami > /dev/null; then echo "You cannot switch to user 'root' using sudo, please check the sudoers file" 1>&2; false; fi
[00:04:13.832] DEBUG [e8cc068a] Finished in 0.065 seconds with exit status 0 (successful).
[00:04:13.832] DEBUG [068c401a] Running /usr/bin/env whoami on [server].com
[00:04:13.833] DEBUG [068c401a] Command: sudo su root -c "/usr/bin/env whoami"
[00:04:13.889] DEBUG [068c401a] root
[00:04:13.892] DEBUG [068c401a] Finished in 0.059 seconds with exit status 0 (successful).
[00:04:13.893] root
[00:04:13.893] DEBUG [76bb93f0] Running /usr/bin/env ls /etc/sudoers.d/deploy_permissions 2>&1 on [server].com
[00:04:13.894] DEBUG [76bb93f0] Command: ls /etc/sudoers.d/deploy_permissions 2>&1
[00:04:13.905] DEBUG [76bb93f0] ls:
[00:04:13.905] DEBUG [76bb93f0] cannot access /etc/sudoers.d/deploy_permissions
[00:04:13.906] DEBUG [76bb93f0] : Permission denied
When I SSH into the box, get root, and run the statement, I can see the file (which is indeed owned by root). Am I doing something wrong? I thought any statement inside the "as [blah]" section would execute as the given user. The result of the first capture statement tends to confirm that it's working as expected, but the second capture statement failing is mysterious to me.
Incidentally, the "run as a different user" example on the sshkit example page shows this:
on hosts do |host|
as 'www-data' do
puts capture(:whoami)
end
end
But when I try to use the "on hosts do |host|" bit, I get an error like this:
[00:04:12.138] ** Invoke diagnostics:check-dependencies (first_time) [00:04:12.138] ** Execute diagnostics:check-dependencies [00:04:12.138] cap aborted! [00:04:12.139] undefined local variable or method `hosts' for main:Object
So I reverted to use "on roles(:all)". I wonder if I'm not understanding something fundamental. Am I?
Roy
Lee Hambley
Mar 18, 2014, 3:18:51 AM3/18/14
to capistrano
returned = capture("ls /etc/sudoers.d/deploy_permissions 2>&1")
is a String, and thus doesn't have transformations (wrapping it in the sudo su ..) applied:
returned = capture(:ls, "/etc/sudoers.d/deploy_permissions 2>&1")
--
You received this message because you are subscribed to the Google Groups "Capistrano" group.
To unsubscribe from this group and stop receiving emails from it, send an email to capistrano+...@googlegroups.com.
To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/050e418a-1073-4dd7-b138-0199c3108705%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Roy Miller
Mar 18, 2014, 11:06:30 AM3/18/14
to capis...@googlegroups.com
Ah, I didn't fully grasp what that meant. Now I do. All clear. Thanks, Lee.
Any insight on the "on hosts" thing? I suspect that's user error, too, but I wonder why I can't seem to use that particular flavor of "on".
Lee Hambley
Mar 18, 2014, 11:42:02 AM3/18/14
to capistrano
You haven't defined the variable `hosts`. You might mean `on roles(:all)` which gets all defined servers in all defined roles. All the Capistrano doc examples define hosts to be:
or:
http://capistranorb.com/
(the homepage demo)
Neither is considered more idiomatic than the other imho (except perhaps using roles() is more common in Capistrano, vs using POROs when using SSHKit alone)
To view this discussion on the web, visit https://groups.google.com/d/msgid/capistrano/80bda066-764e-4474-82b6-7eff64fb6763%40googlegroups.com.
Roy Miller
Mar 18, 2014, 11:45:59 AM3/18/14
to capis...@googlegroups.com
As I suspected, user error :) Now I get it.
On Tuesday, March 18, 2014 11:42:02 AM UTC-4, Lee Hambley wrote:
You haven't defined the variable `hosts`. You might mean `on roles(:all)` which gets all defined servers in all defined roles. All the Capistrano doc examples define hosts to be:
or:http://capistranorb.com/ (the homepage demo)Neither is considered more idiomatic than the other imho (except perhaps using roles() is more common in Capistrano, vs using POROs when using SSHKit alone)
Reply all
Reply to author
Forward
0 new messages