[ovs-dev,7/8] ovs-dev.py: add --user and -u option
diff mbox

Message ID 1442969477-11026-7-git-send-email-azhou@nicira.com
State Accepted
Headers show

Commit Message

Andy Zhou Sept. 23, 2015, 12:51 a.m. UTC
ovs-dev.py "run" command now accepts the "--user" option for running
all ovs daemons as "user". The argument can be specified in
"user[:group]" format.

'-u' is an short hand option that, if ovs-dev.py is launched as an
non-root user, then current user and group will be used as if they
are supplied by the --user option.

"./ovs-dev.py run -u" can now launch ovsdb-server and ovs-vswitchd as
current user and group.

Signed-off-by: Andy Zhou <azhou@nicira.com>
---
 utilities/ovs-dev.py | 36 +++++++++++++++++++++++++++++-------
 1 file changed, 29 insertions(+), 7 deletions(-)

Comments

Joe Stringer Oct. 1, 2015, 12:25 a.m. UTC | #1
On 22 September 2015 at 17:51, Andy Zhou <azhou@nicira.com> wrote:
> ovs-dev.py "run" command now accepts the "--user" option for running
> all ovs daemons as "user". The argument can be specified in
> "user[:group]" format.
>
> '-u' is an short hand option that, if ovs-dev.py is launched as an
> non-root user, then current user and group will be used as if they
> are supplied by the --user option.
>
> "./ovs-dev.py run -u" can now launch ovsdb-server and ovs-vswitchd as
> current user and group.
>
> Signed-off-by: Andy Zhou <azhou@nicira.com>

I would have expected "-u" to be short-form for "--user", but they're
subtly different. I'd prefer to see this represented one way, either
the most common or the most flexible. If you really want to save
characters, you could always alias it :-)

I think this should also simplify the user handling inside, and make
it more self-consistent.

> ---
>  utilities/ovs-dev.py | 36 +++++++++++++++++++++++++++++-------
>  1 file changed, 29 insertions(+), 7 deletions(-)
>
> diff --git a/utilities/ovs-dev.py b/utilities/ovs-dev.py
> index 68c9a42..1f9dbd7 100755
> --- a/utilities/ovs-dev.py
> +++ b/utilities/ovs-dev.py
> @@ -55,9 +55,16 @@ def uname():
>      return _sh("uname", "-r", capture=True)[0].strip()
>
>
> -def sudo():
> +def sudo(run_as_me):
>      if os.geteuid() != 0:
> -        _sh(" ".join(["sudo"] + sys.argv), check=True)
> +        opt = []
> +        if (run_as_me):
> +            user = subprocess.check_output(["id", "-un"]).strip()
> +            group = subprocess.check_output(["id", "-gn"]).strip()
> +            opt=["--user", user + ":" + group]
> +            sys.argv.remove("-u")
> +
> +        _sh(" ".join(["sudo"] + sys.argv + opt), check=True)
>          sys.exit(0)

So, if you're running as yourself, you sudo to yourself; if you're
running as a different user, you sudo to root, and if you're running
as root you also sudo to root?

<snip>

> @@ -231,6 +238,12 @@ def run():
>
>      opts = ["--pidfile", "--log-file"]
>
> +    if (options.user == "") or (options.user == "root:root"):
> +        _sh("chown", "root:root", "-R", RUNDIR)
> +    else:
> +        _sh("chown", options.user, "-R", RUNDIR);
> +        opts = ["--user", options.user] + opts
> +

So.. if you're running "as_me", then everything will be chowned root:root?

Patch
diff mbox

diff --git a/utilities/ovs-dev.py b/utilities/ovs-dev.py
index 68c9a42..1f9dbd7 100755
--- a/utilities/ovs-dev.py
+++ b/utilities/ovs-dev.py
@@ -55,9 +55,16 @@  def uname():
     return _sh("uname", "-r", capture=True)[0].strip()
 
 
-def sudo():
+def sudo(run_as_me):
     if os.geteuid() != 0:
-        _sh(" ".join(["sudo"] + sys.argv), check=True)
+        opt = []
+        if (run_as_me):
+            user = subprocess.check_output(["id", "-un"]).strip()
+            group = subprocess.check_output(["id", "-gn"]).strip()
+            opt=["--user", user + ":" + group]
+            sys.argv.remove("-u")
+
+        _sh(" ".join(["sudo"] + sys.argv + opt), check=True)
         sys.exit(0)
 
 def conf():
@@ -191,7 +198,7 @@  commands.append(tag)
 
 
 def kill():
-    sudo()
+    sudo(False)
     for proc in ["ovs-vswitchd", "ovsdb-server"]:
         if os.path.exists("%s/run/openvswitch/%s.pid" % (VARDIR, proc)):
             _sh("ovs-appctl", "-t", proc, "exit", check=False)
@@ -201,7 +208,7 @@  commands.append(kill)
 
 
 def reset():
-    sudo()
+    sudo(False)
     kill()
     if os.path.exists(VARDIR):
         shutil.rmtree(VARDIR)
@@ -210,7 +217,7 @@  def reset():
 commands.append(reset)
 
 def run():
-    sudo()
+    sudo(options.as_me)
     kill()
     for d in ["log", "run"]:
         d = "%s/%s" % (VARDIR, d)
@@ -231,6 +238,12 @@  def run():
 
     opts = ["--pidfile", "--log-file"]
 
+    if (options.user == "") or (options.user == "root:root"):
+        _sh("chown", "root:root", "-R", RUNDIR)
+    else:
+        _sh("chown", options.user, "-R", RUNDIR);
+        opts = ["--user", options.user] + opts
+
     _sh(*(["ovsdb-server",
            "--remote=punix:%s/run/db.sock" % VARDIR,
            "--remote=db:Open_vSwitch,Open_vSwitch,manager_options",
@@ -274,7 +287,7 @@  def modinst():
         print "Missing modules directory.  Is this a Linux system?"
         sys.exit(1)
 
-    sudo()
+    sudo(False)
     try:
         _sh("rmmod", "openvswitch")
     except subprocess.CalledProcessError, e:
@@ -315,7 +328,7 @@  Basic Configuration:
 
     # First install the basic requirements needed to build Open vSwitch.
     sudo apt-get install git build-essential libtool autoconf pkg-config \\
-            libssl-dev gdb linux-headers-`uname -r`
+            libssl-dev gdb libcap-ng linux-headers-`uname -r`
 
     # Next clone the Open vSwitch source.
     git clone https://github.com/openvswitch/ovs.git %(ovs)s
@@ -414,6 +427,10 @@  def main():
                      help="run ovs-vswitchd with dpdk subopts (ended by --)")
     group.add_option("--clang", dest="clang", action="store_true",
                      help="Use binaries built by clang")
+    group.add_option("--user", dest="user", action="store", default="",
+                     help="run all daemons as a non root user")
+    group.add_option("-u", dest="as_me", action="store_true",
+                     help="set --user to the current user")
 
     parser.add_option_group(group)
 
@@ -435,6 +452,11 @@  def main():
         print "Missing %s." % OVS_SRC
         doc()
 
+    if options.as_me:
+        if options.user != "":
+            print "-u and --user can not be specifed at the same time."
+            sys.exit(1)
+
     for arg in args:
         for cmd in commands:
             if arg == cmd.__name__: