Upgrade from 0.4.2 problem

bosko commented 11 years ago

Sorry for polluting issues but I couldn't find any group where I can ask this. I have scripts that use old 0.4.2 version. They run without problems, but when I upgrade Sprinkle to 0.7.6 I get several errors. First error is that

runner "useradd -s /bin/bash -m #{$user} -c '#{$user} deploy user' --group sudo"

fails with following error

create_user install sequence: useradd -s /bin/bash -m bosko4 -c 'bosko4 deploy user' --group sudo for roles: [:app, :database]

    --> Running Sprinkle::Installers::Runner for roles: [:app, :database]
 ** [out :: 192.168.33.10] useradd: cannot lock /etc/passwd; try again later.
------------------------------------------------------
|   Package 'create_user' returned error code ??.    |
------------------------------------------------------

Command
---------
useradd -s /bin/bash -m bosko4 -c 'bosko4 deploy user' --group sudo

Hosts
-------
192.168.33.10

STDOUT
--------
useradd: cannot lock /etc/passwd; try again later.

Actor error message
---------------------
failed: "sh -c 'useradd -s /bin/bash -m bosko4 -c '\\''bosko4 deploy user'\\'' --group sudo'" on 192.168.33.10

Another problem is, if I already have user and want to check sudoers file (package passwordless_sudo), I get following error:

   --> Verifying  (passwordless_sudo)...
 ** [out :: 192.168.33.10] grep: /etc/sudoers
 ** [out :: 192.168.33.10] : Permission denied
passwordless_sudo install sequence: sudo -p 'sudo password: ' grep -qPzo '^bosko\ ALL=\(ALL\)\ NOPASSWD:\ ALL$' /etc/sudoers || /bin/echo -e 'bosko ALL=(ALL) NOPASSWD: ALL' |sudo -p
 'sudo password: ' tee -a /etc/sudoers for roles: [:app, :database]

    --> Running Sprinkle::Installers::PushText for roles: [:app, :database]
 ** [out :: 192.168.33.10] bosko ALL=(ALL) NOPASSWD: ALL
--> Verifying passwordless_sudo was properly installed for roles: [:app, :database]
passwordless_sudo (passwordless_sudo) verification sequence: grep 'bosko ALL=(ALL) NOPASSWD: ALL' /etc/sudoers for roles: [:app, :database]

    --> Verifying  (passwordless_sudo)...
 ** [out :: 192.168.33.10] grep: /etc/sudoers
 ** [out :: 192.168.33.10] : Permission denied
/Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/verify.rb:106:in `process': Verifying passwordless_sudo (passwordless_su
do) failed. (Sprinkle::VerificationFailed)
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/package.rb:249:in `block in process_verifications'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/package.rb:247:in `each'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/package.rb:247:in `process_verifications'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/package.rb:234:in `process'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/policy.rb:119:in `block in process'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/policy.rb:118:in `each'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/policy.rb:118:in `process'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/deployment.rb:86:in `block in process'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/deployment.rb:85:in `each'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/deployment.rb:85:in `process'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/script.rb:26:in `sprinkle'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/lib/sprinkle/script.rb:22:in `sprinkle'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/gems/sprinkle-0.7.6/bin/sprinkle:108:in `<top (required)>'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/bin/sprinkle:23:in `load'
        from /Users/bosko/Code/.bundle/bundle/ruby/2.0.0/bin/sprinkle:23:in `<main>'

I suppose upgrade is not straightforward but I couldn't find any way for this to work. Are these errors consequence of missing upgrade procedure or maybe problem in new version?

Here is relevant part of my setup:

File deploy.rb

default_run_options[:pty] = true
# where our ssh_key is kept, update if moved/names in a nonstandard place
ssh_options[:keys] = ['File.join(ENV["HOME"], ".ssh", "id_rsa.pub")']
# machine we want to install the reef node software stack on
role :app, ENV["SERVER"]

File security.rb

$:<< File.dirname(__FILE__)
$user = ENV["DEPLOY_USER"] || "my_deploy"
$ssh_port = ENV["SSH_PORT"] || 22222
$public_key = ENV["PUBLIC_KEY"]

if ENV["SERVER"].nil?
  puts "You must set server's IP address with 'export SERVER=xxx.xxx.xxx.xxx'"
elsif ENV["ADMIN_USER"].nil?
  puts "You must set user that has administrative privileges on the server."
  puts "Hint: export ADMIN_USER=vagrant"
elsif $public_key.nil? || !File.exists?($public_key)
  puts "You must set path to public key"
else
  require "packages/server_security"

  policy :server_security, :roles => [:app, :database] do
    requires :setup_security
  end

  deployment do
    # Mechanism for deployment
    delivery :capistrano do
      begin
        recipes 'Capfile'
      rescue LoadError
        recipes 'deploy'
        # the admin user we will run the commands as on the server,
        # needs sudo priveleges defaults to the current user
        set :user, ENV["ADMIN_USER"]
      end
    end

    source do
      prefix '/usr/local'
      archives "/home/#{$user}/sources"
      builds '/home/#{$user}/builds'
    end
  end
end

File packages/server_security.rb

package :setup_security do
  description "Creates user, sets SSH key, moves SSH to given port and disables password login"
  requires :passwordless_sudo
end

package :passwordless_sudo do
  description "Sets up passwordless sudo for deployment user"
  sudoers_string = "#{$user} ALL=(ALL) NOPASSWD: ALL"
  push_text sudoers_string, '/etc/sudoers', :sudo => true
  requires :create_user

  verify do
    file_contains '/etc/sudoers', sudoers_string
  end
end

package :create_user do
  description "Creates deployment user"
  runner "useradd -s /bin/bash -m #{$user} -c '#{$user} deploy user' --group sudo"

  verify do
    has_user $user
  end
end

joshgoebel commented 11 years ago

Try:

config :run_method, :sudo

Sudo is no longer the default (and never should have been) for Capistrano.

bosko commented 11 years ago

Where this should go since I get an error when I try to set it either in deployment block or in deploy.rb? With

set :run_method, :sudo

in deploy.rb I am able to run both create_user and paswordless_sudo. Must this be set in top level Capistrano's deploy.rb (or Capfile) or it can be set from Sprinkle too (different for each deployment for example)?

joshgoebel commented 11 years ago

config.set :run_method, :sudo

from inside your capistrano actor block.

supairish commented 11 years ago

I think i'm running into a similar issue trying to upgrade my Sprinkle 0.4.X scripts to work with the latest sprinkle version.

By capistrano actor block do you mean something like this?

deployment do
  delivery :capistrano do |config|
    config.set :run_method, :sudo
  end
end

I ask as I don't see an example where a "config" block variable is yielded

supairish commented 11 years ago

For posterity and anyone who comes across this, my above example is the correct way.

joshgoebel commented 11 years ago

It's instance evaled, so I don't think the |config| there is doing anything useful.

supairish commented 11 years ago

Huh dunno, got past my problem with it >.< Can you show the correct way then?

joshgoebel commented 11 years ago

Just saying I don't think the |config| is needed, the rest of it looks fine.

sprinkle-tool / sprinkle

Upgrade from 0.4.2 problem #163