Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to run orawls as non-root user #343

Merged
merged 5 commits into from
Jun 21, 2016
Merged

Ability to run orawls as non-root user #343

merged 5 commits into from
Jun 21, 2016

Conversation

yadavnikhil
Copy link
Contributor

I'm contributing this changes on behalf of Amdocs Development Ltd.

Add functionality to run orawls with a non-root user.
This will work only with Puppet v3.7.0 or higher so as to use the patch for "exec" resource type which does not switch user if running user & target user are same & does not fail for switch user test.
Following was done so as to have it running with non-root user:

  1. Override default values for wls_domains.yaml & wls_setting.yaml from default /etc to custom location.
    This is done by setting facter for overriding these defaults to custom location where the files will persist till the installation lifecycle:
    export FACTER_override_wls_domains_file=/wls_domains.yaml
    export FACTER_override_wls_setting_file=/wls_setting.yaml

If no facter is specified, it will be created at default location /etc

  1. Issue: Only root can execute commands as other users
    For user parameter in "exec" resource types, puppet has provided a patch from v3.7 onwards to validate & check user is root or not & does not fail if user to run with is same as running user which invoked puppet.
    So to minimize code changes for all exec resources, for now, orawls can be run by non-root user only with puppet v3.7+.
  2. For bypassing easy_type running command with (su -), the code was modified to check if running user is root, else no user is passed to easy_type daemon.rb.

Nikhil Yadav and others added 5 commits May 5, 2016 09:37
Merge remote-tracking branch 'refs/remotes/biemond/master'
85c0a96
Merge remote-tracking branch 'refs/remotes/biemond/master'
470e3df
Merge remote-tracking branch 'refs/remotes/biemond/master'
26b4bb2
Running orawls with non-root user support
e654945 
Add functionality to run orawls with a non-root user.
This will work
only with Puppet v3.7.0 or higher so as to use the patch for "exec"
resource type which does not switch user if running user & target user
are same & does not fail for switch user test. Not tested on
v4+
Following was done so as to have it running with non-root user:
1.
Override default values for wls_domains.yaml & wls_setting.yaml from
default /etc to custom location
2. For user parameters in "exec"
resource types, puppet has provided a patch from v3.7 onwards to
validate & check user if not root & does not fail if user to run as is
same as running user. So, for now, non-root user can only be run with
puppet v3.7+.
3. For bypassing easy_type running comman with (su -), the
code was modified to check it running user is root, else no user is
passed to easy_type daemon.rb
@yadavnikhil
Non-root Support
0b3d071 
Add functionality to run orawls with a non-root user.
This will work only with Puppet v3.7.0 or higher so as to use the patch for "exec" resource type which does not switch user if running user & target user are same & does not fail for switch user test. Not tested on v4+
Following was done so as to have it running with non-root user:
1. Override default values for wls_domains.yaml & wls_setting.yaml from default /etc to custom location
2. For user parameters in "exec" resource types, puppet has provided a patch from v3.7 onwards to validate & check user if not root & does not fail if user to run as is same as running user. So, for now, non-root user can only be run with puppet v3.7+.
3. For bypassing easy_type running comman with (su -), the code was modified to check it running user is root, else no user is passed to easy_type daemon.rb
@coveralls
Copy link

coveralls commented Jun 14, 2016
edited
Loading

Coverage Status

Coverage increased (+0.5%) to 39.589% when pulling 0b3d071 on yadavnikhil:master into ea66858 on biemond:master.

@biemond
Copy link
Owner

biemond commented Jun 14, 2016

Very nice, I will check it out

👍

@biemond biemond merged commit cddea69 into biemond:master Jun 21, 2016
@biemond
Copy link
Owner

biemond commented Jun 21, 2016

I had to change the domain.pp to make it work

@yadavnikhil
Copy link
Contributor Author

Great, thanks a lot.

@ripun
Copy link

ripun commented Jun 22, 2016

very Nice @yadavnikhil .. Thanks a lot Great work

@yapale
Copy link

yapale commented Jun 23, 2016

This will be indeed very usefull

@biemond biemond mentioned this pull request Jun 27, 2016
Closed
alexjfisher
alexjfisher reviewed Jul 1, 2016
View reviewed changes
lib/utils/wls_access.rb
if debugmode.to_s == 'debug'
puts 'Prepare to run: ' + tmpFile.path + ',' + operatingSystemUser + ',' + domain + ',' + weblogicHomeDir + ',' + weblogicUser + ',' + weblogicPassword + ',' + weblogicConnectUrl
if eval_operatingSystemUser
puts 'Prepare to run: ' + tmpFile.path + ',' + eval_operatingSystemUser + ',' + domain + ',' + weblogicHomeDir + ',' + weblogicUser + ',' + weblogicPassword + ',' + weblogicConnectUrL
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

weblogicConnectUrL typo?

Copy link
Contributor

@alexjfisher alexjfisher Jul 1, 2016
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fixed in #353

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
7 participants
@yadavnikhil @coveralls @biemond @ripun @yapale @alexjfisher @altroy75