[ovs-dev,7/8] ovs-dev.py: add --user and -u option

Message ID	1442969477-11026-7-git-send-email-azhou@nicira.com
State	Accepted
Headers	show Return-Path: <dev-bounces@openvswitch.org> Received-SPF: unknown (mx3-pf3.cudamail.com: Multiple SPF records returned) From: Andy Zhou <azhou@nicira.com> To: dev@openvswitch.org Date: Tue, 22 Sep 2015 17:51:16 -0700 Message-Id: <1442969477-11026-7-git-send-email-azhou@nicira.com> In-Reply-To: <1442969477-11026-1-git-send-email-azhou@nicira.com> References: <1442969477-11026-1-git-send-email-azhou@nicira.com> Subject: [ovs-dev] [PATCH 7/8] ovs-dev.py: add --user and -u option Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: base64 Errors-To: dev-bounces@openvswitch.org Sender: "dev" <dev-bounces@openvswitch.org>

Message ID

1442969477-11026-7-git-send-email-azhou@nicira.com

State

Accepted

Headers

Received-SPF: unknown (mx3-pf3.cudamail.com: Multiple SPF records returned)
From: Andy Zhou <azhou@nicira.com>
To: dev@openvswitch.org
Date: Tue, 22 Sep 2015 17:51:16 -0700
Message-Id: <1442969477-11026-7-git-send-email-azhou@nicira.com>
In-Reply-To: <1442969477-11026-1-git-send-email-azhou@nicira.com>
References: <1442969477-11026-1-git-send-email-azhou@nicira.com>
Subject: [ovs-dev] [PATCH 7/8] ovs-dev.py: add --user and -u option
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: base64
Errors-To: dev-bounces@openvswitch.org
Sender: "dev" <dev-bounces@openvswitch.org>

Commit Message

Andy Zhou Sept. 23, 2015, 12:51 a.m. UTC

ovs-dev.py "run" command now accepts the "--user" option for running
all ovs daemons as "user". The argument can be specified in
"user[:group]" format.

'-u' is an short hand option that, if ovs-dev.py is launched as an
non-root user, then current user and group will be used as if they
are supplied by the --user option.

"./ovs-dev.py run -u" can now launch ovsdb-server and ovs-vswitchd as
current user and group.

Signed-off-by: Andy Zhou <azhou@nicira.com>
---
 utilities/ovs-dev.py | 36 +++++++++++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 7 deletions(-)

Comments

Joe Stringer Oct. 1, 2015, 12:25 a.m. UTC | #1

On 22 September 2015 at 17:51, Andy Zhou <azhou@nicira.com> wrote:
> ovs-dev.py "run" command now accepts the "--user" option for running
> all ovs daemons as "user". The argument can be specified in
> "user[:group]" format.
>
> '-u' is an short hand option that, if ovs-dev.py is launched as an
> non-root user, then current user and group will be used as if they
> are supplied by the --user option.
>
> "./ovs-dev.py run -u" can now launch ovsdb-server and ovs-vswitchd as
> current user and group.
>
> Signed-off-by: Andy Zhou <azhou@nicira.com>

I would have expected "-u" to be short-form for "--user", but they're
subtly different. I'd prefer to see this represented one way, either
the most common or the most flexible. If you really want to save
characters, you could always alias it :-)

I think this should also simplify the user handling inside, and make
it more self-consistent.

> ---
>  utilities/ovs-dev.py | 36 +++++++++++++++++++++++++++++-------
>  1 file changed, 29 insertions(+), 7 deletions(-)
>
> diff --git a/utilities/ovs-dev.py b/utilities/ovs-dev.py
> index 68c9a42..1f9dbd7 100755
> --- a/utilities/ovs-dev.py
> +++ b/utilities/ovs-dev.py
> @@ -55,9 +55,16 @@ def uname():
>      return _sh("uname", "-r", capture=True)[0].strip()
>
>
> -def sudo():
> +def sudo(run_as_me):
>      if os.geteuid() != 0:
> -        _sh(" ".join(["sudo"] + sys.argv), check=True)
> +        opt = []
> +        if (run_as_me):
> +            user = subprocess.check_output(["id", "-un"]).strip()
> +            group = subprocess.check_output(["id", "-gn"]).strip()
> +            opt=["--user", user + ":" + group]
> +            sys.argv.remove("-u")
> +
> +        _sh(" ".join(["sudo"] + sys.argv + opt), check=True)
>          sys.exit(0)

So, if you're running as yourself, you sudo to yourself; if you're
running as a different user, you sudo to root, and if you're running
as root you also sudo to root?

<snip>

> @@ -231,6 +238,12 @@ def run():
>
>      opts = ["--pidfile", "--log-file"]
>
> +    if (options.user == "") or (options.user == "root:root"):
> +        _sh("chown", "root:root", "-R", RUNDIR)
> +    else:
> +        _sh("chown", options.user, "-R", RUNDIR);
> +        opts = ["--user", options.user] + opts
> +

So.. if you're running "as_me", then everything will be chowned root:root?

diff --git a/utilities/ovs-dev.py b/utilities/ovs-dev.py
index 68c9a42..1f9dbd7 100755
--- a/utilities/ovs-dev.py
+++ b/utilities/ovs-dev.py
@@ -55,9 +55,16 @@  def uname():
     return _sh("uname", "-r", capture=True)[0].strip()
 
 
-def sudo():
+def sudo(run_as_me):
     if os.geteuid() != 0:
-        _sh(" ".join(["sudo"] + sys.argv), check=True)
+        opt = []
+        if (run_as_me):
+            user = subprocess.check_output(["id", "-un"]).strip()
+            group = subprocess.check_output(["id", "-gn"]).strip()
+            opt=["--user", user + ":" + group]
+            sys.argv.remove("-u")
+
+        _sh(" ".join(["sudo"] + sys.argv + opt), check=True)
         sys.exit(0)
 
 def conf():
@@ -191,7 +198,7 @@  commands.append(tag)
 
 
 def kill():
-    sudo()
+    sudo(False)
     for proc in ["ovs-vswitchd", "ovsdb-server"]:
         if os.path.exists("%s/run/openvswitch/%s.pid" % (VARDIR, proc)):
             _sh("ovs-appctl", "-t", proc, "exit", check=False)
@@ -201,7 +208,7 @@  commands.append(kill)
 
 
 def reset():
-    sudo()
+    sudo(False)
     kill()
     if os.path.exists(VARDIR):
         shutil.rmtree(VARDIR)
@@ -210,7 +217,7 @@  def reset():
 commands.append(reset)
 
 def run():
-    sudo()
+    sudo(options.as_me)
     kill()
     for d in ["log", "run"]:
         d = "%s/%s" % (VARDIR, d)
@@ -231,6 +238,12 @@  def run():
 
     opts = ["--pidfile", "--log-file"]
 
+    if (options.user == "") or (options.user == "root:root"):
+        _sh("chown", "root:root", "-R", RUNDIR)
+    else:
+        _sh("chown", options.user, "-R", RUNDIR);
+        opts = ["--user", options.user] + opts
+
     _sh(*(["ovsdb-server",
            "--remote=punix:%s/run/db.sock" % VARDIR,
            "--remote=db:Open_vSwitch,Open_vSwitch,manager_options",
@@ -274,7 +287,7 @@  def modinst():
         print "Missing modules directory.  Is this a Linux system?"
         sys.exit(1)
 
-    sudo()
+    sudo(False)
     try:
         _sh("rmmod", "openvswitch")
     except subprocess.CalledProcessError, e:
@@ -315,7 +328,7 @@  Basic Configuration:
 
     # First install the basic requirements needed to build Open vSwitch.
     sudo apt-get install git build-essential libtool autoconf pkg-config \\
-            libssl-dev gdb linux-headers-`uname -r`
+            libssl-dev gdb libcap-ng linux-headers-`uname -r`
 
     # Next clone the Open vSwitch source.
     git clone https://github.com/openvswitch/ovs.git %(ovs)s
@@ -414,6 +427,10 @@  def main():
                      help="run ovs-vswitchd with dpdk subopts (ended by --)")
     group.add_option("--clang", dest="clang", action="store_true",
                      help="Use binaries built by clang")
+    group.add_option("--user", dest="user", action="store", default="",
+                     help="run all daemons as a non root user")
+    group.add_option("-u", dest="as_me", action="store_true",
+                     help="set --user to the current user")
 
     parser.add_option_group(group)
 
@@ -435,6 +452,11 @@  def main():
         print "Missing %s." % OVS_SRC
         doc()
 
+    if options.as_me:
+        if options.user != "":
+            print "-u and --user can not be specifed at the same time."
+            sys.exit(1)
+
     for arg in args:
         for cmd in commands:
             if arg == cmd.__name__:

[ovs-dev,7/8] ovs-dev.py: add --user and -u option

Commit Message

Comments

Patch