Merge lp:~jtv/maas/bug-1059569 into lp:~maas-committers/maas/trunk
Status: | Merged | ||||
---|---|---|---|---|---|
Approved by: | Jeroen T. Vermeulen | ||||
Approved revision: | no longer in the source branch. | ||||
Merged at revision: | 1128 | ||||
Proposed branch: | lp:~jtv/maas/bug-1059569 | ||||
Merge into: | lp:~maas-committers/maas/trunk | ||||
Diff against target: |
230 lines (+74/-24) 2 files modified
src/provisioningserver/start_cluster_controller.py (+21/-6) src/provisioningserver/tests/test_start_cluster_controller.py (+53/-18) |
||||
To merge this branch: | bzr merge lp:~jtv/maas/bug-1059569 | ||||
Related bugs: |
|
Reviewer | Review Type | Date Requested | Status |
---|---|---|---|
Raphaël Badin (community) | Approve | ||
Review via email: mp+127442@code.launchpad.net |
Commit message
Run the cluster controller under a customizable user/group identity (by default, maas/maas).
Description of the change
Discussed with... everyone, probably. We had a vague hope that this would also fix Upstart's problems tracking the celeryd fork(), but actually that required a separate branch. The problem there was that we did a different fork first, and so upstart got to track the wrong one. All that _really_ changes in the branch you see here is that a fork/exec sequence becomes a fork/setuid/exec sequence.
I do as much as possible before the fork, because the error feedback channel from the child process is always going to be a bit narrower and harder to manage. If a failure is coming, we'd best give up early and report it while we still can. It would have been worth checking privileges for the setuid/setgid beforehand as well, except maas-provision won't run unless you're root. For our purposes here it'd be fine if you ran it as maas (or yourself, in dev mode) and made it setuid to that same user; setuid would allow that but maas-provision, as it stands, will not.
Interesting fact: this code has undergone so many changes in how we kick off the child process that the test abstractions for faking the related system calls keep growing.
Jeroen
Looks good.
[0]
17 + parser. add_argument( add_argument(
18 + '--user', '-u', metavar='USER', default='maas',
19 + help="System user identity that should run the cluster controller.")
20 + parser.
21 + '--group', '-g', metavar='GROUP', default='maas',
22 + help="System group that should run the cluster controller.")
and
58 +def start_up( server_ url, connection_details, user='maas', group='maas'):
That's two places where you set the default ('maas'/'maas'). The first one is probably enough don't you think?