search

pressly / sup

Super simple deployment tool - think of it like 'make' for a network of servers
https://pressly.github.io/sup
MIT License
2.48k stars 178 forks source link

Sudo won't accept password on remote host #112

Open jzs opened 7 years ago

jzs commented 7 years ago

I have a command in my Supfile sudo systemctl restart myservice.service.

When running it against a localhost host it asks for a sudo password just fine, and accepts my input. However when running it against a remote ubuntu host, it doesn't show the password prompt and it looks like sup is hanging. When pressing ^C then it prints: [sudo] password for xxxx: followed by terminating the connection.

Adding: stdin:true seems to do the trick, however it then prints out [sudo] password for xxxx: after i type my password. (It looks like it hangs, i write the password, it prints out [sudo] password for xxxx and then accepts the password i typed in. On the same time, my password is printed to the console when typeing. Hence no read -s functionality.

Alternatively adding %xxxx ALL=NOPASSWD: /bin/systemctl stop myservice.service to the sudoers file on the remote host also works. Since it will then skip asking for password.

Here's a minimal Supfile to recreate my issue:

# Supfile for myservice
---
version: 0.4

networks:
  dev:
    hosts:
      - localhost
  release:
    hosts:
      - myserver.com:999

commands:
  stop: 
    desc: Stop service
    run: sudo systemctl stop myservice.service

My Dev machine is running arch linux and the server is running Ubuntu 16.04.2 LTS.

alinz commented 7 years ago

@VojtechVitek do you think we can add input for asking password?

wildan2711 commented 7 years ago

Getting the same behaviour deploying on my CentOS server

MatthiasKauer commented 6 years ago

Are all the examples done with passwordless sudo? Or is this an isolated problem? Haven't used sup yet myself but I'm very intrigued.

VojtechVitek commented 6 years ago

Yes, all the examples were done with password-less sudo.

It all comes down to the infrastructure set-up. From my experience, most of the companies use private/public SSH key pairs to login to the instances (sometimes via a bastion host) and then the sudo itself doesn't have password, but is restricted to certain commands (like. sudo docker, ie. https://askubuntu.com/a/477554) etc.

There was some work done to make sudo a Supfile option, but it was never finished. https://github.com/pressly/sup/pull/51

slavaGanzin commented 6 years ago

man sudo

  -S, --stdin
                 Write the prompt to the standard error and read the password from the standard input
                 instead of using the terminal device.  The password must be followed by a newline
                 character.

@VojtechVitek @alinz You dont' ask me, but IMHO: in this cases it's better to add cookbook with answers like this, than add a new feature that do exactly the same, but with new syntax.