Project

General

Profile

Actions

Bug #5010

closed

cf-* commands are no longer in PATH

Added by Jonathan CLARKE over 10 years ago. Updated over 9 years ago.

Status:
Rejected
Priority:
2
Assignee:
Jonathan CLARKE
Category:
System integration
Target version:
Severity:
UX impact:
User visibility:
Effort required:
Priority:
Name check:
Fix check:
Regression:

Description

We made a change to include in /etc/profile a change to the shell's PATH to use /var/rudder/cfengine-community/bin (or /opt/rudder/bin) so that "cf-agent" was available directly without using the full path.

However, this no longer works. I am unsure why.

Note: targeting for 2.10, but this may also apply to older versions. Please check.

Actions #1

Updated by Jonathan CLARKE over 10 years ago

  • Target version changed from 2.10.3 to 2.10.4
Actions #2

Updated by Nicolas PERRON over 10 years ago

  • Target version changed from 2.10.4 to 2.10.5
Actions #3

Updated by Vincent MEMBRÉ over 10 years ago

  • Target version changed from 2.10.5 to 2.10.6
Actions #4

Updated by Jonathan CLARKE over 10 years ago

This is ANNOYING. It needs fixing ASAP!

Actions #5

Updated by Matthieu CERDA over 10 years ago

  • Status changed from 8 to In progress

Taking care of this.

Actions #6

Updated by Matthieu CERDA over 10 years ago

  • Status changed from In progress to Discussion
  • Assignee changed from Matthieu CERDA to Jonathan CLARKE

I tested on five different machines ranging from 2.10 (the version where this change was introduced) to 2.12 (bleeding edge) and on every machine, /etc/profile.d/rudder-agent.sh contains the right value and alters the PATH to have cf-* binaries in it.

The best I can come with would be a machine ignoring profile.d or altering PATH in a local .profile / .bashrc / .xxxrc, breaking this.

I am unable to reproduce this :( Can you tell me in which conditions (OS, ...) you encoutered this problem ?

Actions #7

Updated by Jonathan CLARKE over 10 years ago

  • Status changed from Discussion to Rejected

Well, that is WEIRD.

I saw this at a customer's just a few weeks ago. He was using Rudder 2.11 on CentOS 6. I just installed a new CentOS 6 box with Rudder 2.11 (via vagrant) and it works...

I'll reject this. Thanks for looking into it Matthieu.

Actions #8

Updated by Nicolas CHARLES over 10 years ago

I've seens that quite a lot. It seems that it happens on upgraded systems

Actions #9

Updated by Nicolas CHARLES over 10 years ago

  • Status changed from Rejected to Discussion

Ha, i've been trying this, on 5 different debian 7.4 generated by vagrant
They all have the file /etc/profile.d/rudder-agent.sh, but none of them have a proper PATH setup

Actions #10

Updated by Jonathan CLARKE over 10 years ago

  • Assignee changed from Jonathan CLARKE to Matthieu CERDA

Thanks for the update Nico. Matthieu, could you look into this please?

Actions #11

Updated by Matthieu CERDA over 10 years ago

  • Target version changed from 2.10.6 to 2.10.7
Actions #12

Updated by Matthieu CERDA over 10 years ago

  • Assignee changed from Matthieu CERDA to Jonathan CLARKE
We tried together to reproduce this, the problem is simple:
  • When you run as a normal user, no problem: cf-agent is in the PATH
  • When you run a root shell using either sudo -i (simulate initial login) or sudo bash/sh, it works too. Same goes for direct root logins via console or SSH.
  • The problems happens when you use sudo -s (run the target user shell directly) or sudo su, in this case you bypass the call to /etc/profile (or for the first case, sudo cleans up the environment to only expose variables he deems safe, cleaning PATH in the process) and the PATH is not updated: no direct cf-agent call possible.

For me, it is to be expected, and changing this would mean altering the system far beyond what we are supposed to do for a simple tool calling helper (modifying sudoers, possibly global bashrc's / shellrc's, and so on) and is not adviseable.

What do you think jon ?

Actions #13

Updated by Vincent MEMBRÉ about 10 years ago

  • Target version changed from 2.10.7 to 2.10.8
Actions #14

Updated by Jonathan CLARKE about 10 years ago

  • Assignee changed from Jonathan CLARKE to Matthieu CERDA

Matthieu CERDA wrote:

We tried together to reproduce this, the problem is simple:
  • When you run as a normal user, no problem: cf-agent is in the PATH
  • When you run a root shell using either sudo -i (simulate initial login) or sudo bash/sh, it works too. Same goes for direct root logins via console or SSH.
  • The problems happens when you use sudo -s (run the target user shell directly) or sudo su, in this case you bypass the call to /etc/profile (or for the first case, sudo cleans up the environment to only expose variables he deems safe, cleaning PATH in the process) and the PATH is not updated: no direct cf-agent call possible.

For me, it is to be expected, and changing this would mean altering the system far beyond what we are supposed to do for a simple tool calling helper (modifying sudoers, possibly global bashrc's / shellrc's, and so on) and is not adviseable.

What do you think jon ?

Thank you for this detailed analysis. This now makes sense.

I think the best solution is to publish a blog post titled "10 reasons why sudo -s is considered harmful (#7 will blow your mind)" and not do anything else.

Er, sorry, just kidding, serious mode back on...

Since we are about to implement a "rudder" CLI for 3.0, that should wrap all necessary commands around cf-* binaries, I actually think it now makes sense to not have them in the path. However, it may make sense to have the rudder command installed under /usr/bin or /usr/sbin to make it available everywhere and avoid this problem.

Thoughts?

Actions #15

Updated by Matthieu CERDA about 10 years ago

Why not, actually we could just install it in /opt/rudder/bin and symlink it from /usr/bin. dpkg and rpm makes it quite easy, and we already do this with ncf actually :)

Actions #16

Updated by Matthieu CERDA about 10 years ago

  • Assignee changed from Matthieu CERDA to Jonathan CLARKE

Would that be an appropriate approach ?

Actions #17

Updated by Vincent MEMBRÉ about 10 years ago

  • Target version changed from 2.10.8 to 2.10.9
Actions #18

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.10.9 to 2.10.10
Actions #19

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.10.10 to 2.10.11
Actions #20

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.10.11 to 2.10.12
Actions #21

Updated by Vincent MEMBRÉ almost 10 years ago

  • Target version changed from 2.10.12 to 2.10.13
Actions #22

Updated by Vincent MEMBRÉ over 9 years ago

  • Target version changed from 2.10.13 to 2.10.14
Actions #23

Updated by Benoît PECCATTE over 9 years ago

  • Status changed from Discussion to Rejected

Mathieu is right in hi analysis of the sudo -s, this is expected.
As for the rudder command line, it is now in the path.
Closing this bug unless someone complains about PATH again.

Actions

Also available in: Atom PDF