[worker] No longer require sudo for socat.

If we change the owner of the haproxy stats socket to the same owner as the worker, we don't need to use sudo (which may be causing some odd slowness). Change-Id: I362ef2a14e591f162dcf9571a244dc6d8ff07ff9
2013-06-19 20:47:23 +00:00
parent a795eddf29
commit 14e705b492
4 changed files with 16 additions and 6 deletions
--- a/doc/worker/about.rst
+++ b/doc/worker/about.rst
@@ -40,7 +40,7 @@ prompted for a password. It is suggested that you run the worker as
 the `haproxy` user and `haproxy` group on Ubuntu systems. Then add the
 following line to /etc/sudoers::

-    %haproxy ALL = NOPASSWD: /usr/sbin/service, /bin/cp, /bin/mv, /bin/rm, /bin/chown, /usr/bin/socat
+    %haproxy ALL = NOPASSWD: /usr/sbin/service, /bin/cp, /bin/mv, /bin/rm, /bin/chown

 The above lets everyone in the *haproxy* group run those commands
 as root without being prompted for a password.
--- a/libra/worker/controller.py
+++ b/libra/worker/controller.py
@@ -37,7 +37,6 @@ class LBaaSController(object):
    def __init__(self, logger, driver, json_msg):
        self.logger = logger
        self.driver = driver
-        self.logger.debug("Entered LBaaSController")
        self.msg = json_msg

    def run(self):
--- a/libra/worker/drivers/haproxy/driver.py
+++ b/libra/worker/drivers/haproxy/driver.py
@@ -49,6 +49,7 @@ class HAProxyDriver(LoadBalancerDriver):
        Use whatever configuration parameters have been set to generate
        output suitable for a HAProxy configuration file.
        """
+        stats_socket = "/var/run/haproxy-stats.socket"
        output = []
        output.append('global')
        output.append('    daemon')
@@ -56,9 +57,19 @@ class HAProxyDriver(LoadBalancerDriver):
        output.append('    maxconn 4096')
        output.append('    user haproxy')
        output.append('    group haproxy')
+
+        # group can be None, but user cannot
+        if self.group is None:
            output.append(
-            '    stats socket /var/run/haproxy-stats.socket mode operator'
+                '    stats socket %s user %s mode operator' %
+                (stats_socket, self.user)
            )
+        else:
+            output.append(
+                '    stats socket %s user %s group %s mode operator' %
+                (stats_socket, self.user, self.group)
+            )
+
        output.append('defaults')
        output.append('    log global')
        output.append('    option dontlognull')
--- a/libra/worker/drivers/haproxy/query.py
+++ b/libra/worker/drivers/haproxy/query.py
@@ -32,7 +32,7 @@ class HAProxyQuery(object):
        Return the output of a successful query as a string with trailing
        newlines removed, or raise an Exception if the query fails.
        """
-        cmd = 'echo "%s" | sudo -n /usr/bin/socat stdio %s' % \
+        cmd = 'echo "%s" | /usr/bin/socat stdio %s' % \
              (query, self.socket)

        try: