Restart fails, fullstaq ruby not in sudo path

[inopinatus]

After switching to fullstaq ruby (on Ubuntu 18.04), I found that a deploy did not restart unicorn, despite reporting success in the chef log.

This may be because on the command line,sudo /srv/www/appname/shared/scripts/unicorn.service restart no longer works, instead giving:

/usr/bin/env: ‘ruby’: No such file or directory

which occurs because /etc/sudoers includes a secure_path declaration that overrides pam_env i.e. the contents of /etc/environment is ignored.

Fix

I do not recommend modifying /etc/sudoers. Even seeing a modification to a PAM config made me uneasy, since it's shipped in a finely tuned balance with other critical security and operational parameters.

I have instead included

link '/usr/local/bin/ruby' do
  to "/usr/lib/fullstaq-ruby/versions/#{node['ruby-version']}-jemalloc/bin/ruby"
end

in my own setup.rb. Perhaps something with a similar outcome can sneak into opsworks_ruby.

Not sure why Fullstaq skips invoking update-alternatives(1) after package install, which is the commonly accepted behaviour for debian-style systems. Perhaps for multiple versions support.