Use sudo for HAProxy config file manipulation.

In a default, initial HAProxy installation on Ubuntu, the haproxy.cfg file is owned by root. So we need escalated permissions to be able to replace it with another config.
2012-10-02 15:44:43 -04:00
parent 36f39b93a1
commit bbeacf30d1
2 changed files with 28 additions and 7 deletions
--- a/28
+++ b/28
@@ -26,6 +26,20 @@ Installing the Worker
    $ python setup.py install


+Edit /etc/sudoers
+-----------------
+
+The worker needs to be able to run some commands as root without being
+prompted for a password. It is suggested that you run the worker as
+the `haproxy` user and `haproxy` group on Ubuntu systems. Then add the
+following line to /etc/sudoers:
+
+    %haproxy ALL = NOPASSWD: /usr/sbin/service, /bin/cp, /bin/mv
+
+The above lets everyone in the `haproxy` group run those three commands
+as root without being prompted for a password.
+
+
 Running the Worker
 ------------------

@@ -38,8 +52,9 @@ Basic commands:
    # Getting help
    $ libra_worker -h

-    # Start up as a daemon
-    $ sudo libra_worker
+    # Start up as a daemon running as the `haproxy` user and
+    # connecting to the local Gearman job server.
+    $ sudo libra_worker --user haproxy --group haproxy --server 127.0.0.1:4730

    # Start up with debugging output in non-daemon mode
    $ libra_worker --debug --nodaemon
@@ -48,3 +63,12 @@ You can verify that the worker is running by using the sample Gearman
 client in the bin/ directory:

    $ bin/client.py
+
+
+Configuration File
+------------------
+
+It can be easier to give options via a configuration file. See the sample
+configuration file etc/sample_libra.cfg for an example and further
+documentation. Use the -c/--config option to specify the configuration
+file to read.
--- a/libra/worker/drivers/haproxy/driver.py
+++ b/libra/worker/drivers/haproxy/driver.py
@@ -78,10 +78,8 @@ class HAProxyDriver(LoadBalancerDriver):
        fh.close()
        bkupcfg = self._config_file + '.BKUP'

-        # The user that the process is running as MUST have write access
-        # to the HAProxy configuration file.
-        copy_cmd = "/bin/cp %s %s" % (self._config_file, bkupcfg)
-        move_cmd = "/bin/mv %s %s" % (tmpfile, self._config_file)
+        copy_cmd = "/usr/bin/sudo /bin/cp %s %s" % (self._config_file, bkupcfg)
+        move_cmd = "/usr/bin/sudo /bin/mv %s %s" % (tmpfile, self._config_file)

        try:
            subprocess.check_output(copy_cmd.split(), stderr=subprocess.STDOUT)
@@ -92,7 +90,6 @@ class HAProxyDriver(LoadBalancerDriver):

    def _restart(self):
        """ Restart the HAProxy service on the local machine. """
-        # NOTE(shrews): This should be the only place we need sudo privs.
        cmd = '/usr/bin/sudo /usr/sbin/service haproxy restart'
        try:
            subprocess.check_output(cmd.split())