search

canonical / jhack

Chock-full of Juju hackery.
Apache License 2.0
51 stars 24 forks source link

Permission denied for sync scp #48

Closed Maharacha closed 1 year ago

Maharacha commented 1 year ago

Juju only has permission to scp as ubuntu user. Since the charm code on the unit is owned by root, it's not possible for the sync command to scp the files. This is running on LXC.

Example:

$ jhack sync --dry-run sftp-server/0 -s .
watching: 
    /home/joakim/versioned/ops/juju/charms/sftp-server/src/charm.py
Ctrl+C to interrupt
would scp: /home/joakim/versioned/ops/juju/charms/sftp-server/src/charm.py --> sftp-server/0:/var/lib/juju/agents/unit-sftp-server-0/charm/src/charm.py

And doing it with juju scp:

$ juju scp /home/joakim/versioned/ops/juju/charms/sftp-server/src/charm.py sftp-server/0:/var/lib/juju/agents/unit-sftp-server-0/charm/src/charm.py
ERROR exit status 1 (scp: /var/lib/juju/agents/unit-sftp-server-0/charm/src/charm.py: Permission denied)
PietroPasotti commented 1 year ago

according to the juju scp doc:

The <source> and <destination> arguments may either be a path to a local file   
or a remote location. Here is a fuller syntax diagram:                          

    # <source>                 <destination>                                    
    [[<user>@]<target>:]<path> [<user>@]<target>:[<path>]                       

<user> is a user account that exists on the remote host. Juju defaults to the   
"ubuntu" user when this is omitted.

have you tried with juju scp /home/joakim/versioned/ops/juju/charms/sftp-server/src/charm.py root@sftp-server/0:/var/lib/juju/agents/unit-sftp-server-0/charm/src/charm.py?

If that works all we'd have to do is add a guard based on #40 to add the root user in front of the scp command.

But either way, the --dry-run output is wrong for machine charms. The command that would run is, in fact, f"cat {file} | juju ssh {app}/{unit} sudo -i 'sudo tee -a {remote_file_path}'"

which is a workaround for probably the very same issue you found. As far as I recall, that DID work. Doesn't it?

Maharacha commented 1 year ago

Yes you are totally right. I just found that looking at your code. It actually works with -m. However, should tee really append with -a? Shouldn't it overwrite the files?

PietroPasotti commented 1 year ago

I guess it should.

PietroPasotti commented 1 year ago

Ah! There it goes #50