Hello
Since cpsetup is designed to be executed mainly under root account, it is not necessary to call all the commands via "sudo". This patch adds a simple check - if cpsetup is executed under root, sudo is not used at all.
We have issues in our Katello Puppet installer because of interactive terminal that sudo can open. This helps us to use cpsetup without modifying sudoers file.
This patch does not modify current behavior - cpsetup can be still called under regular (non-root) account and sudo will be used.
On Fri, Jun 29, 2012 at 08:00:44AM +0200, Lukas Zapletal wrote:
Hello
Since cpsetup is designed to be executed mainly under root account, it is not necessary to call all the commands via "sudo". This patch adds a simple check - if cpsetup is executed under root, sudo is not used at all.
We have issues in our Katello Puppet installer because of interactive terminal that sudo can open. This helps us to use cpsetup without modifying sudoers file.
This patch does not modify current behavior - cpsetup can be still called under regular (non-root) account and sudo will be used.
Looks good. Applied and pushed. Thanks!
-- Later,
Lukas "lzap" Zapletal #katello #systemengine
From e2e725e093283c3b28926cf9b8d105d56be06c34 Mon Sep 17 00:00:00 2001 From: Lukas Zapletal lzap+git@redhat.com Date: Fri, 29 Jun 2012 07:54:46 +0200 Subject: [PATCH] Utility cpsetup now runs also without sudo
Since cpsetup is designed to be executed mainly under root account, it is not necessary to call all the commands via "sudo". This patch adds a simple check - if cpsetup is executed under root, sudo is not used at all.
We have issues in our Katello Puppet installer because of interactive terminal that sudo can open. This helps us to use cpsetup without modifying sudoers file.
This patch does not modify current behavior - cpsetup can be still called under regular (non-root) account and sudo will be used.
proxy/code/setup/cpsetup | 23 +++++++++++++++-------- 1 files changed, 15 insertions(+), 8 deletions(-)
diff --git a/proxy/code/setup/cpsetup b/proxy/code/setup/cpsetup index 796675d..2c8347d 100755 --- a/proxy/code/setup/cpsetup +++ b/proxy/code/setup/cpsetup @@ -42,6 +42,13 @@ def run_command(command): raise Exception("Error running command") return output
+# run with 'sudo' if not running as root +def run_command_with_sudo(command):
- if os.geteuid()==0:
run_command(command)
- else:
run_command('sudo %s' % command)
class TomcatSetup(object): def __init__(self, conf_dir, keystorepwd): self.conf_dir = conf_dir @@ -129,23 +136,23 @@ class CertSetup(object):
def generate(self): if not os.path.exists(self.cert_home):
run_command('sudo mkdir -p %s' % self.cert_home)
run_command_with_sudo('mkdir -p %s' % self.cert_home) if os.path.exists(self.ca_key) and os.path.exists(self.ca_cert): print("Cerficiates already exist, skipping...") return print("Creating CA private key password")
run_command('sudo su -c "echo $RANDOM > %s"' % self.ca_key_passwd)
run_command_with_sudo('su -c "echo $RANDOM > %s"' % self.ca_key_passwd) print("Creating CA private key")
run_command('sudo openssl genrsa -out %s -passout "file:%s" 1024' % (self.ca_key, self.ca_key_passwd))
run_command_with_sudo('openssl genrsa -out %s -passout "file:%s" 1024' % (self.ca_key, self.ca_key_passwd)) print("Creating CA public key")
run_command('sudo openssl rsa -pubout -in %s -out %s' % (self.ca_key, self.ca_pub_key))
run_command_with_sudo('openssl rsa -pubout -in %s -out %s' % (self.ca_key, self.ca_pub_key)) print("Creating CA certificate")
run_command('sudo openssl req -new -x509 -days 365 -key %s -out %s -subj "/CN=%s/C=US/L=Raleigh/"' % (self.ca_key, self.ca_cert, socket.gethostname()))
run_command('sudo openssl pkcs12 -export -in %s -inkey %s -out %s -name tomcat -CAfile %s -caname root -chain -password pass:password' % (self.ca_cert, self.ca_key, self.keystore, self.ca_cert))
run_command('sudo cp %s %s' % (self.ca_cert, self.ca_upstream_cert))
run_command('sudo chmod a+r %s' % self.keystore)
run_command_with_sudo('openssl req -new -x509 -days 365 -key %s -out %s -subj "/CN=%s/C=US/L=Raleigh/"' % (self.ca_key, self.ca_cert, socket.gethostname()))
run_command_with_sudo('openssl pkcs12 -export -in %s -inkey %s -out %s -name tomcat -CAfile %s -caname root -chain -password pass:password' % (self.ca_cert, self.ca_key, self.keystore, self.ca_cert))
run_command_with_sudo('cp %s %s' % (self.ca_cert, self.ca_upstream_cert))
run_command_with_sudo('chmod a+r %s' % self.keystore)
def write_candlepin_conf(username, database):
1.7.7.6
candlepin mailing list candlepin@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/candlepin
-James
candlepin@lists.stg.fedorahosted.org