search

hashicorp / vagrant

Vagrant is a tool for building and distributing development environments.
https://www.vagrantup.com
Other
26.32k stars 4.43k forks source link

Somewhat surprising behavior with guest plugin inheritance #9534

Open mcandre opened 6 years ago

mcandre commented 6 years ago

This is not a bug but more of a design subtlety.

While configuring privileged commands for a Solaris 11 box, I realized that my Vagrantfile configuration wouldn't work for rsync capability unless I not only specified config.solaris11.suexec_cmd = "pfexec", but config.solaris.suexec_cmd = "pfexec" as well. This represents a leaky abstraction in the solaris11 plugin, as it requires the user to delve into the details of the parent solaris plugin in order to use all the capabilities available in the solaris11 plugin.

These configurations also seem to be redundant, since they happen to share the same accessor name. I think users could reasonably expect config.<guest>.<binding> to shadow the guest's parent plugin, but in fact it does not (as of Vagrant v2.0.1). I would like to see guest plugins fully wrapping their parent plugin parameters to seal this leak, but I'm not sure what form it would take, and this would very likely represent a breaking change for the v2 series anyway.

As a workaround, I think plugin authors could take care to explicitly override inherited capabilities, even when the logic would be the same, in order to present a more unified configuration interface to Vagrantfile developers. Does this make sense?

abelcheung commented 5 years ago

This surprised me as well, when delving into Solaris box creation. Right now there are:

With all of them acting like config.ssh.sudo_command, and theorectically could have been unified via redefining sudo_command in the generic solaris guest plugin (all other Solaris related guests are inherited from it). A brief skimming through the inherited guest plugins seems to indicate many of command executions can be readily replaced with machine.communicate.sudo calls.

One of the confusion comes from base box creation doc, where hints that sudo is a must, leading people to include sudo when pfexec already does the same thing (in the context of Vagrant) and is built in.

As a comparison, current situation is akin to defining suexec_cmd for all Linux distro, like:

and so on, totally abandoning sudo_command and having each guest doing its own privileged command execution management.