From 14e705b492842fde663eb9dacb44c1df04e09b9c Mon Sep 17 00:00:00 2001 From: David Shrewsbury Date: Wed, 19 Jun 2013 20:47:23 +0000 Subject: [PATCH] [worker] No longer require sudo for socat. If we change the owner of the haproxy stats socket to the same owner as the worker, we don't need to use sudo (which may be causing some odd slowness). Change-Id: I362ef2a14e591f162dcf9571a244dc6d8ff07ff9 --- doc/worker/about.rst | 2 +- libra/worker/controller.py | 1 - libra/worker/drivers/haproxy/driver.py | 17 ++++++++++++++--- libra/worker/drivers/haproxy/query.py | 2 +- 4 files changed, 16 insertions(+), 6 deletions(-) diff --git a/doc/worker/about.rst b/doc/worker/about.rst index b1ff9f21..030a7079 100644 --- a/doc/worker/about.rst +++ b/doc/worker/about.rst @@ -40,7 +40,7 @@ prompted for a password. It is suggested that you run the worker as the `haproxy` user and `haproxy` group on Ubuntu systems. Then add the following line to /etc/sudoers:: - %haproxy ALL = NOPASSWD: /usr/sbin/service, /bin/cp, /bin/mv, /bin/rm, /bin/chown, /usr/bin/socat + %haproxy ALL = NOPASSWD: /usr/sbin/service, /bin/cp, /bin/mv, /bin/rm, /bin/chown The above lets everyone in the *haproxy* group run those commands as root without being prompted for a password. diff --git a/libra/worker/controller.py b/libra/worker/controller.py index 9edab3c0..fe70681a 100644 --- a/libra/worker/controller.py +++ b/libra/worker/controller.py @@ -37,7 +37,6 @@ class LBaaSController(object): def __init__(self, logger, driver, json_msg): self.logger = logger self.driver = driver - self.logger.debug("Entered LBaaSController") self.msg = json_msg def run(self): diff --git a/libra/worker/drivers/haproxy/driver.py b/libra/worker/drivers/haproxy/driver.py index 75a1ff1d..69779bcf 100644 --- a/libra/worker/drivers/haproxy/driver.py +++ b/libra/worker/drivers/haproxy/driver.py @@ -49,6 +49,7 @@ class HAProxyDriver(LoadBalancerDriver): Use whatever configuration parameters have been set to generate output suitable for a HAProxy configuration file. """ + stats_socket = "/var/run/haproxy-stats.socket" output = [] output.append('global') output.append(' daemon') @@ -56,9 +57,19 @@ class HAProxyDriver(LoadBalancerDriver): output.append(' maxconn 4096') output.append(' user haproxy') output.append(' group haproxy') - output.append( - ' stats socket /var/run/haproxy-stats.socket mode operator' - ) + + # group can be None, but user cannot + if self.group is None: + output.append( + ' stats socket %s user %s mode operator' % + (stats_socket, self.user) + ) + else: + output.append( + ' stats socket %s user %s group %s mode operator' % + (stats_socket, self.user, self.group) + ) + output.append('defaults') output.append(' log global') output.append(' option dontlognull') diff --git a/libra/worker/drivers/haproxy/query.py b/libra/worker/drivers/haproxy/query.py index fc3a6796..f550e670 100644 --- a/libra/worker/drivers/haproxy/query.py +++ b/libra/worker/drivers/haproxy/query.py @@ -32,7 +32,7 @@ class HAProxyQuery(object): Return the output of a successful query as a string with trailing newlines removed, or raise an Exception if the query fails. """ - cmd = 'echo "%s" | sudo -n /usr/bin/socat stdio %s' % \ + cmd = 'echo "%s" | /usr/bin/socat stdio %s' % \ (query, self.socket) try: