search

migtools / pvc-migrate

Standalone PVC migration
Apache License 2.0
5 stars 13 forks source link

Rsync task : escalate to root user explicitely #140

Closed pranavgaikwad closed 4 years ago

pranavgaikwad commented 4 years ago

Fixes #137 Fixes #136

Test outputs:

Stage 1

TASK [Verifying whether the expected namespace data is produced] *************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verifying whether the expected pvc data is produced [1]] ***************************************************************
ok: [localhost] => {
    "changed": false,
    "msg": "All assertions passed"
}

TASK [Verifying whether the expected pvc data is produced [2]] ***************************************************************
ok: [localhost] => (item=0) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "0",
    "msg": "All assertions passed"
}
ok: [localhost] => (item=1) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "1",
    "msg": "All assertions passed"
}
ok: [localhost] => (item=2) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "2",
    "msg": "All assertions passed"
}

Stage 2

TASK [Verifying whether the right pvcs are created on destination] ***********************************************************
ok: [localhost] => (item=0) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "0",
    "msg": "All assertions passed"
}
ok: [localhost] => (item=1) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "1",
    "msg": "All assertions passed"
}
ok: [localhost] => (item=2) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "2",
    "msg": "All assertions passed"
}

Stage 3

TASK [Verifying whether the expected pvcs succeded] **************************************************************************
ok: [localhost] => (item=0) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "0",
    "msg": "All assertions passed"
}
ok: [localhost] => (item=1) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "1",
    "msg": "All assertions passed"
}
ok: [localhost] => (item=2) => {
    "ansible_loop_var": "item",
    "changed": false,
    "item": "2",
    "msg": "All assertions passed"
}
alaypatel07 commented 4 years ago

In order to test this, I created the following ansible.cfg

[alpatel@alpatel 3_run_rsync]$ cat ansible.cfg
[ssh_connection]
ssh_args = -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m
control_path = /home/alpatel/.ssh/ansible-%%r@%%h:%%p

[sudo_become_plugin]
#flags = -H -S -n
user = ec2-user
[alpatel@alpatel 3_run_rsync]$

I tested v1.1.2 stage 2 and it failed with:

TASK [Write tls.key] **************************************************************************************************************************************************
task path: /home/alpatel/go/src/github.com/konveyor/pvc-migrate/3_run_rsync/tasks/rsync.yml:67
<node2.alpatel-image-3112.internal> ESTABLISH SSH CONNECTION FOR USER: None
<node2.alpatel-image-3112.internal> SSH: EXEC ssh -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p node2.alpatel-image-3112.internal '/bin/sh -c '"'"'echo ~ && sleep 0'"'"''
<node2.alpatel-image-3112.internal> (0, b'/home/ec2-user\n', b'')
<node2.alpatel-image-3112.internal> ESTABLISH SSH CONNECTION FOR USER: None
<node2.alpatel-image-3112.internal> SSH: EXEC ssh -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p node2.alpatel-image-3112.internal '/bin/sh -c '"'"'( umask 77 && mkdir -p "` echo
 /var/tmp/ansible-tmp-1600196759.9534335-91839704166444 `" && echo ansible-tmp-1600196759.9534335-91839704166444="` echo /var/tmp/ansible-tmp-1600196759.9534335-91839704166444 `" ) && sleep 0'"'"''
<node2.alpatel-image-3112.internal> (0, b'ansible-tmp-1600196759.9534335-91839704166444=/var/tmp/ansible-tmp-1600196759.9534335-91839704166444\n', b'')
Using module file /usr/lib/python3.7/site-packages/ansible/modules/files/stat.py
<node2.alpatel-image-3112.internal> PUT /home/alpatel/.ansible/tmp/ansible-local-12498gmhr8dft/tmpe_2n3gpn TO /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/AnsiballZ_stat.py
<node2.alpatel-image-3112.internal> SSH: EXEC sftp -b - -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p '[node2.alpatel-image-3112.internal]'
<node2.alpatel-image-3112.internal> (0, b'sftp> put /home/alpatel/.ansible/tmp/ansible-local-12498gmhr8dft/tmpe_2n3gpn /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/AnsiballZ_stat.py\n', b'')
<node2.alpatel-image-3112.internal> ESTABLISH SSH CONNECTION FOR USER: None
<node2.alpatel-image-3112.internal> SSH: EXEC ssh -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p node2.alpatel-image-3112.internal '/bin/sh -c '"'"'setfacl -m u:ec2-user:r-x /var
/tmp/ansible-tmp-1600196759.9534335-91839704166444/ /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/AnsiballZ_stat.py && sleep 0'"'"''
<node2.alpatel-image-3112.internal> (0, b'', b'')
<node2.alpatel-image-3112.internal> ESTABLISH SSH CONNECTION FOR USER: None
<node2.alpatel-image-3112.internal> SSH: EXEC ssh -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p -tt node2.alpatel-image-3112.internal '/bin/sh -c '"'"'sudo -H -S -n  -u ec2-user
 /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-eabqeynouxgkqtfrvbugsvarvbvbdicd ; /usr/bin/python /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/AnsiballZ_stat.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<node2.alpatel-image-3112.internal> (0, b'\r\n{"invocation": {"module_args": {"checksum_algorithm": "sha1", "get_checksum": true, "follow": false, "path": "/etc/stunnel/tls.key", "get_md5": false, "get_mime": true, "get_attributes": true}}, "stat": {"charset": "unknown", "uid": 0, "exists": true, "attr_flags": "", "woth": false, "isreg": true, "device_type": 0, "mtime": 1596740166.4062634, "block_size": 4096, "ino
de": 122494782, "isgid": false, "size": 1675, "executable": false, "isuid": false, "readable": false, "version": null, "pw_name": "root", "gid": 0, "ischr": false, "wusr": true, "writeable": false, "mimetype": "unknown", "blocks": 8, "xoth": false, "islnk": false, "nlink": 1, "issock": false, "rgrp": false, "gr_name": "root", "path": "/etc/stunnel/tls.key", "xusr": false, "atime": 1600194628.509314, "isdir": false
, "ctime": 1596740167.1342554, "isblk": false, "wgrp": false, "xgrp": false, "dev": 51714, "roth": false, "isfifo": false, "mode": "0600", "rusr": true, "attributes": []}, "changed": false}\r\n', b'Shared connection to node2.alpatel-image-3112.internal closed.\r\n')
<node2.alpatel-image-3112.internal> PUT /home/alpatel/.ansible/tmp/ansible-local-12498gmhr8dft/tmpzyagl0zq TO /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/source
<node2.alpatel-image-3112.internal> SSH: EXEC sftp -b - -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p '[node2.alpatel-image-3112.internal]'
<node2.alpatel-image-3112.internal> (0, b'sftp> put /home/alpatel/.ansible/tmp/ansible-local-12498gmhr8dft/tmpzyagl0zq /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/source\n', b'')
<node2.alpatel-image-3112.internal> ESTABLISH SSH CONNECTION FOR USER: None
<node2.alpatel-image-3112.internal> SSH: EXEC ssh -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p node2.alpatel-image-3112.internal '/bin/sh -c '"'"'setfacl -m u:ec2-user:r-x /var
/tmp/ansible-tmp-1600196759.9534335-91839704166444/ /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/source && sleep 0'"'"''
<node2.alpatel-image-3112.internal> (0, b'', b'')
Using module file /usr/lib/python3.7/site-packages/ansible/modules/files/copy.py
<node2.alpatel-image-3112.internal> PUT /home/alpatel/.ansible/tmp/ansible-local-12498gmhr8dft/tmpcy7lvcmh TO /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/AnsiballZ_copy.py
<node2.alpatel-image-3112.internal> SSH: EXEC sftp -b - -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p '[node2.alpatel-image-3112.internal]'
<node2.alpatel-image-3112.internal> (0, b'sftp> put /home/alpatel/.ansible/tmp/ansible-local-12498gmhr8dft/tmpcy7lvcmh /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/AnsiballZ_copy.py\n', b'')
<node2.alpatel-image-3112.internal> ESTABLISH SSH CONNECTION FOR USER: None
<node2.alpatel-image-3112.internal> SSH: EXEC ssh -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p node2.alpatel-image-3112.internal '/bin/sh -c '"'"'setfacl -m u:ec2-user:r-x /var
/tmp/ansible-tmp-1600196759.9534335-91839704166444/ /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/AnsiballZ_copy.py && sleep 0'"'"''
<node2.alpatel-image-3112.internal> (0, b'', b'')
<node2.alpatel-image-3112.internal> ESTABLISH SSH CONNECTION FOR USER: None
<node2.alpatel-image-3112.internal> SSH: EXEC ssh -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p -tt node2.alpatel-image-3112.internal '/bin/sh -c '"'"'sudo -H -S -n  -u ec2-user
 /bin/sh -c '"'"'"'"'"'"'"'"'echo BECOME-SUCCESS-jkvsdybyqkptvmksuzopddykdxincush ; /usr/bin/python /var/tmp/ansible-tmp-1600196759.9534335-91839704166444/AnsiballZ_copy.py'"'"'"'"'"'"'"'"' && sleep 0'"'"''
Escalation succeeded
<node2.alpatel-image-3112.internal> (1, b'\r\n{"msg": "Destination /etc/stunnel not writable", "failed": true, "invocation": {"module_args": {"directory_mode": null, "force": true, "remote_src": null, "_original_basename": "tmpzyagl0zq", "owner": null, "follow": false, "local_follow": null, "group": null, "unsafe_writes": null, "setype": null, "content": null, "serole": null, "dest": "/etc/stunnel/tls.key", "selev
el": null, "regexp": null, "validate": null, "src": "/var/tmp/ansible-tmp-1600196759.9534335-91839704166444/source", "checksum": "91f4e3f82e954b595dd5676c196065b1395af8eb", "seuser": null, "delimiter": null, "mode": 384, "attributes": null, "backup": false}}}\r\n', b'Shared connection to node2.alpatel-image-3112.internal closed.\r\n')
<node2.alpatel-image-3112.internal> Failed to connect to the host via ssh: Shared connection to node2.alpatel-image-3112.internal closed.
<node2.alpatel-image-3112.internal> ESTABLISH SSH CONNECTION FOR USER: None
<node2.alpatel-image-3112.internal> SSH: EXEC ssh -F /home/alpatel/.ssh/config -o ControlMaster=auto -o ControlPersist=30m -o KbdInteractiveAuthentication=no -o PreferredAuthentications=gssapi-with-mic,gssapi-keyex,hostbased,publickey -o PasswordAuthentication=no -o ConnectTimeout=10 -o ControlPath=/home/alpatel/.ssh/ansible-%r@%h:%p node2.alpatel-image-3112.internal '/bin/sh -c '"'"'rm -f -r /var/tmp/ansible-tmp-
1600196759.9534335-91839704166444/ > /dev/null 2>&1 && sleep 0'"'"''
<node2.alpatel-image-3112.internal> (0, b'', b'')
fatal: [localhost -> node2.alpatel-image-3112.internal]: FAILED! => {
    "changed": false,
    "checksum": "91f4e3f82e954b595dd5676c196065b1395af8eb",
    "diff": [],
    "invocation": {
        "module_args": {
            "_original_basename": "tmpzyagl0zq",
            "attributes": null,
            "backup": false,
            "checksum": "91f4e3f82e954b595dd5676c196065b1395af8eb",
            "content": null,
            "delimiter": null,
            "dest": "/etc/stunnel/tls.key",
            "directory_mode": null,
            "follow": false,
            "force": true,
            "group": null,
            "local_follow": null,
            "mode": 384,
            "owner": null,
            "regexp": null,
            "remote_src": null,
            "selevel": null,
            "serole": null,
            "setype": null,
            "seuser": null,
            "src": "/var/tmp/ansible-tmp-1600196759.9534335-91839704166444/source",
            "unsafe_writes": null,
            "validate": null
        }
    },
    "msg": "Destination /etc/stunnel not writable"
}
Read vars_file 'vars/run-rsync.yml'
Read vars_file 'vars/defaults.yml'
Read vars_file 'vars/run-rsync.yml'
Read vars_file 'vars/defaults.yml'

TASK [set_fact] *******************************************************************************************************************************************************

I tested this PR as well, failed with the same error message