Sudo and PTY mode

[vladdnepr]

Q	A
Issue Type	Bug
Deployer Version	4.3
Local Machine OS	Linux work 3.13.0-37-generic #64-Ubuntu SMP Mon Sep 22 21:28:38 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
Remote Machine OS	Linux release 3.16.0-4-amd64 #1 SMP Debian 3.16.7-ckt11-1 (2015-05-24) x86_64 GNU/Linux

Description

After commit 157a8d0
deploy always wait

It reproduced on 2 different dev PC and 2 different servers

Without pty option all works fine, but sudo not

Steps to reproduce

Im add echo to this place and get full command

Before commit changes:

$ ./vendor/bin/dep date production -vvv
➤ Executing task date
[production] > date
Execute: ssh -A -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ControlMaster=auto -o ControlPersist=5 -o ControlPath='~/.ssh/deployer_mux_deployer@SOME_IP:22' -p '22' -i '/home/vlad/.ssh/id_rsa' -t 'deployer@SOME_IP' 'date'[production] < Fri Apr  7 10:23:16 EDT 2017
[production] < Shared connection to SOME_IP closed.
• done on [production]
✔ Ok [147ms]

After commit changes:

$ ./vendor/bin/dep date production -vvv
➤ Executing task date
[production] > date
Execute: ssh -A -o UserKnownHostsFile=/dev/null -o StrictHostKeyChecking=no -o ControlMaster=auto -o ControlPersist=5 -o ControlPath='~/.ssh/deployer_mux_deployer@SOME_IP:22' -p '22' -i '/home/vlad/.ssh/id_rsa' -t 'deployer@SOME_IP' bash -s

and wait

Content of deploy.php

<?php
namespace Deployer;

require 'recipe/common.php';

// Configuration

set('ssh_type', 'native');
set('ssh_multiplexing', true);

set('repository', 'https://github.com/user/repo.git');
set('shared_files', []);
set('shared_dirs', []);
set('writable_dirs', []);

// Servers

task('date', function () {
    run("date");
});

server('production', 'SOME_IP')
    ->user('deployer')
    ->identityFile()
    ->stage('production')
    ->set('deploy_path', '/home/deployer/test')
    ->pty(true);

[antonmedv]

Without pty option all works fine

Use it.

Or migrate to v5. There pty was refactored and now it's possible to use correctly.

[vladdnepr]

okay, but im need sudo. for example for reload php-fpm

When will the release be?

[antonmedv]

Use sudores if you need

[jordisala1991]

is there a way to use ->pty(true) using yaml config?

I tried already pty: true but it doesn't work

[antonmedv]

Using pty is bad practice

[vladdnepr]

Yes, bad. But sudo works only with pty, but with pty always deploy is waiting. Deadlock happen

[antonmedv]

What about sudores?

[vladdnepr]

Maybe you mean sudoers?

[antonmedv]

Yes, you are understand me.

[vladdnepr]

Im use sudoers. Sudoers allow execute sudo without password, but only that. sudo must be used to restart php for example, and without sudo not work.

[antonmedv]

So does it works without pty?

[vladdnepr]

No. See more #953

[antonmedv]

I see :) Fixed in v5)))

[vladdnepr]

okay. When will the release be?

[antonmedv]

I hope next week. Need to write some docs.

[itelmenko]

I have a similar problem in deployer 5 beta 2. Now with set('git_tty', true);
Deployer is veeeery slow.
Before each little step it does "ssh multiplexing initialization".

Also does anybody know why we need this command "sudo systemctl restart php-fpm.service"?
Deployer makes symlink form folder "current" to current release folder.
Why we need restart php-fpm if webroot is current/public?

[vladdnepr]

Php restart need because php fpm in production mode use opcode cache. Without restart php used old version of your code

[itelmenko]

Thank you @vladdnepr .

[itelmenko]

May be we need tty option for command "sudo systemctl restart php-fpm.service" only?
Not for all commands.
I am not sure why deployer is very slow with tty option...

[itelmenko]

@antonmedv , What do you think?

[vladdnepr]

Make pull request with some option. This option must enable analyze command for sudo and if it's present - enable pty only for that command. By default this option must be disabled. This is my solution.

[itelmenko]

@vladdnepr Do you have same problem for version 5?

[vladdnepr]

No. Im waiting v5 release

[antonmedv]

@itelmenko this is an example. You can add tty to run as options:

run('...', ['tty' => true]);

git_tty affects only git clone, not all commands.

[antonmedv]

This option must enable analyze command for sudo and if it's present - enable pty only for that command.

This is really complicated stuff what leads to bugs. There a plenty of sudo prompts to parse.

[itelmenko]

Thank you @antonmedv

git_tty affects only git clone, not all commands.

O-ho-ho, I am really inattentive

[vladdnepr]

@antonmedv ok, your variant with tty option in run function is better

[itelmenko]

@antonmedv , sorry
Deployer 5 is very slow in first run.
It run "ssh multiplexing initialization" before each command.
But if I press Ctrl+C and rerun deploy, then it works quickly.
Why? Is it a bug?

[antonmedv]

Looks like bug in openssh. Try create simple bash script with same commands and run it.

[itelmenko]

@antonmedv ,
Why after Ctrl+C and reruning Deployer, it does not write 'ssh multiplexing initialization' ?

[antonmedv]

@itelmenko i don't know. Only way is to see what there are ssh doing (need to pass -vvvv to ssh call)

[itelmenko]

Deployer v5 log.
deployer.log.txt

First run was aborted because it is very slow.
After rerun deployment process was quick.
User's name and domain name have changed in log file.

[antonmedv]

Try to update to new openssh.

[itelmenko]

Issue which I have looks like #1187

[whitewhidow]

not completely sure if related, but when i have jenkins run (sf3recipe) deployer, i am getting

TTY mode requires /dev/tty to be read/writable.

adding the git_tty option does not seem to help, any advice ?

[antonmedv]

set git_tty to false
in jenkins no tty

[whitewhidow]

yep thx, found out just after posting, and thx for the FAST reply !! 👍