change sudo behaviour

archive.go

@@ -14,12 +14,22 @@ import (
 func startArchiveReceivers(
 	lockedNodes *distributedLock,
 	rootDir string,
+	sudo bool,
 ) (*remoteExecution, error) {
-	archiveReceiverCommand := []string{
-		`tar`, `-x`, `--verbose`, `--directory`,
-		rootDir,
+	archiveReceiverCommand := []string{}
+
+	if sudo {
+		archiveReceiverCommand = []string{`sudo`, `-n`}
 	}
 
+	archiveReceiverCommand = append(
+		archiveReceiverCommand,
+		[]string{
+			`tar`, `-x`, `--verbose`, `--directory`,
+			rootDir,
+		}...,
+	)
+
 	execution, err := runRemoteExecution(lockedNodes, archiveReceiverCommand)
 	if err != nil {
 		return nil, hierr.Errorf(
@@ -32,7 +42,11 @@ func startArchiveReceivers(
 	return execution, nil
 }
 
-func archiveFilesToWriter(target io.Writer, files []string) error {
+func archiveFilesToWriter(
+	target io.Writer,
+	files []string,
+	preserveUID, preserveGID bool,
+) error {
 	workDir, err := os.Getwd()
 	if err != nil {
 		return hierr.Errorf(
@@ -50,7 +64,13 @@ func archiveFilesToWriter(target io.Writer, files []string) error {
 			fileName,
 		)
 
-		writeFileToArchive(fileName, archive, workDir)
+		writeFileToArchive(
+			fileName,
+			archive,
+			workDir,
+			preserveUID,
+			preserveGID,
+		)
 	}
 
 	tracef("closing archive stream, %d files sent", len(files))
@@ -70,6 +90,7 @@ func writeFileToArchive(
 	fileName string,
 	archive *tar.Writer,
 	workDir string,
+	preserveUID, preserveGID bool,
 ) error {
 	fileInfo, err := os.Stat(fileName)
 
@@ -100,12 +121,17 @@ func writeFileToArchive(
 		Mode: int64(fileInfo.Sys().(*syscall.Stat_t).Mode),
 		Size: fileInfo.Size(),
 
-		Uid: int(fileInfo.Sys().(*syscall.Stat_t).Uid),
-		Gid: int(fileInfo.Sys().(*syscall.Stat_t).Gid),
-
 		ModTime: fileInfo.ModTime(),
 	}
 
+	if preserveUID {
+		header.Uid = int(fileInfo.Sys().(*syscall.Stat_t).Uid)
+	}
+
+	if preserveGID {
+		header.Gid = int(fileInfo.Sys().(*syscall.Stat_t).Gid)
+	}
+
 	tracef(
 		hierr.Errorf(
 			fmt.Sprintf(

main.go

@@ -82,11 +82,10 @@ Options:
                           [default: $HOME/.ssh/id_rsa]
     -p --password        Enable password authentication.
                           Exclude '-k' option.
-    -x --no-sudo         Do not try to obtain root (via 'sudo -i').
-                          By default, orgalorg will try to obtain root and do
-                          all actions from root, because it's most common use
-                          case. To prevent that behaviour, this option can be
-                          used.
+    -x --sudo            Obtain root via 'sudo -n'.
+                          By default, orgalorg will not obtain root and do
+                          all actions from specified user. To change that
+                          behaviour, this option can be used.
     -t --no-lock-abort   Try to obtain global lock, but only print warning if
                           it cannot be done, do not stop execution.
     -r --root <root>     Specify root dir to extract files into.
@@ -207,8 +206,13 @@ func command(args map[string]interface{}) error {
 		lockFile     = args["--lock-file"].(string)
 		commandToRun = args["<command>"].([]string)
 		stdin, _     = args["--stdin"].(string)
+		sudo         = args["--sudo"].(bool)
 	)
 
+	if sudo {
+		commandToRun = append([]string{"sudo", "-n"}, commandToRun...)
+	}
+
 	runners, err := createRunnerFactory(args)
 	if err != nil {
 		return hierr.Errorf(
@@ -365,20 +369,28 @@ func upload(
 	filesList []string,
 ) error {
 	var (
-		rootDir = args["--root"].(string)
+		rootDir     = args["--root"].(string)
+		preserveUID = !args["--no-preserve-uid"].(bool)
+		preserveGID = !args["--no-preserve-gid"].(bool)
+		sudo        = args["--sudo"].(bool)
 	)
 
 	logger.Infof(`file upload started into: '%s'`, rootDir)
 
-	receivers, err := startArchiveReceivers(cluster, rootDir)
+	receivers, err := startArchiveReceivers(cluster, rootDir, sudo)
 	if err != nil {
 		return hierr.Errorf(
 			err,
 			`can't start archive receivers on the cluster`,
 		)
 	}
 
-	err = archiveFilesToWriter(receivers.stdin, filesList)
+	err = archiveFilesToWriter(
+		receivers.stdin,
+		filesList,
+		preserveUID,
+		preserveGID,
+	)
 	if err != nil {
 		return hierr.Errorf(
 			err,

run_tests

@@ -51,7 +51,7 @@ fi
 :init() {
     :build:init
 
-    hastur:init openssh,pam,util-linux,tar,iproute2
+    hastur:init openssh,pam,util-linux,tar,iproute2,sudo,sed
 }
 
 :cleanup() {

tests/setup.sh

@@ -7,12 +7,14 @@
 
     tests:ensure containers:run "$container_name" -- \
         /usr/bin/sh -c "
-            /usr/bin/useradd -G wheel $(:ssh:get-username)
+            useradd -G wheel $(:ssh:get-username)
 
-            /usr/bin/mkdir -p \\\\
+            sed -r \"/wheel.*NOPASSWD/s/^#//\" -i /etc/sudoers
+
+            mkdir -p \\\\
                 /home/$(:ssh:get-username)/.ssh
 
-            /usr/bin/chown -R \\\\
+            chown -R \\\\
                 $(:ssh:get-username): /home/$(:ssh:get-username)" \
 
     tests:ensure :ssh:copy-id "$container_name" \

tests/testcases/commands/can-run-command-under-sudo.test.sh

@@ -0,0 +1,7 @@
+tests:ensure :orgalorg-key -C 'whoami'
+
+containers:do tests:assert-stdout "$orgalorg_user"
+
+tests:ensure :orgalorg-key -x -C 'whoami'
+
+containers:do tests:assert-stdout "root"