[PLAT-13080] Do not use sudo command if the user is already root in n…

…ode-agent installer Summary: Some customers do not have sudo but can run as root using other commands. This change detects it. Test Plan: Installed node-agent using this (cloud) For on-prem manual. ``` [ec2-user@ip-10-9-103-155 ~]$ sudo mv /usr/bin/sudo /usr/bin/sido [ec2-user@ip-10-9-103-155 ~]$ sudo -bash: /usr/bin/sudo: No such file or directory [ec2-user@ip-10-9-103-155 ~]$ sido su - Last login: Tue Mar 12 03:01:29 UTC 2024 on pts/0 [root@ip-10-9-103-155 ~]# cd /home/yugabyte/ [root@ip-10-9-103-155 yugabyte]# ls installer.sh node-agent [root@ip-10-9-103-155 yugabyte]# ./installer.sh -c install_service --user yugabyte Using node agent port 9070. * Starting YB Node Agent install_service. * Installing Node Agent Systemd Service [Unit] Description=YB Anywhere Node Agent After=network-online.target [Service] User=yugabyte WorkingDirectory=/home/yugabyte/node-agent LimitCORE=infinity LimitNOFILE=1048576 LimitNPROC=12000 ExecStart=/home/yugabyte/node-agent/pkg/bin/node-agent server start Restart=always RestartSec=2 [Install] WantedBy=multi-user.target * Starting the systemd service * Started the systemd service * Run 'systemctl status yb-node-agent' to check the status of the yb-node-agent * Run 'sudo systemctl stop yb-node-agent' to stop the yb-node-agent service ``` Also validated state transition via upgrade and new install. Reviewers: cwang, nbhatia, amalyshev Reviewed By: nbhatia Subscribers: yugaware Differential Revision: https://phorge.dev.yugabyte.com/D33049
yugabyte · Mar 13, 2024 · 3619c81 · 3619c81
1 parent 9b4bf2b
commit 3619c81
Show file tree

Hide file tree

Showing 2 changed files with 42 additions and 22 deletions.
diff --git a/managed/node-agent/resources/node-agent-installer.sh b/managed/node-agent/resources/node-agent-installer.sh
@@ -55,6 +55,14 @@ popd () {
   command popd > /dev/null
 }
 
+run_as_super_user() {
+  if [ $(id -u) = 0 ]; then
+    "$@"
+  else
+    sudo "$@"
+  fi
+}
+
 export_path() {
   if [[ ":$PATH:" != *":$1:"* ]]; then
     PATH="$1${PATH:+":$PATH"}"
@@ -135,8 +143,8 @@ uninstall_node_agent() {
   local RUNNING=""
   RUNNING=$(systemctl list-units | grep -F yb-node-agent.service)
   if [ -n "$RUNNING" ]; then
-    sudo systemctl stop yb-node-agent
-    sudo systemctl disable yb-node-agent
+    run_as_super_user systemctl stop yb-node-agent
+    run_as_super_user systemctl disable yb-node-agent
   fi
   if [ -n "$NODE_AGENT_UUID" ]; then
     local STATUS_CODE=""
@@ -213,7 +221,9 @@ setup_symlink() {
 check_sudo_access() {
   SUDO_ACCESS="false"
   set +e
-  if sudo -n pwd >/dev/null 2>&1; then
+  if [ $(id -u) = 0 ]; then
+    SUDO_ACCESS="true"
+  elif sudo -n pwd >/dev/null 2>&1; then
     SUDO_ACCESS="true"
   fi
   if [ "$OS" = "Linux" ]; then
@@ -225,10 +235,10 @@ check_sudo_access() {
 modify_firewall() {
   set +e
   if command -v firewall-cmd >/dev/null 2>&1; then
-    is_running=$(sudo firewall-cmd --state 2> /dev/null)
+    is_running=$(run_as_super_user firewall-cmd --state 2> /dev/null)
     if [ "$is_running" = "running" ]; then
-        sudo firewall-cmd --add-port=${NODE_PORT}/tcp --permanent \
-        && sudo systemctl restart firewalld
+        run_as_super_user firewall-cmd --add-port=${NODE_PORT}/tcp --permanent
+        run_as_super_user systemctl restart firewalld
     fi
   fi
   set -e
@@ -241,27 +251,27 @@ modify_selinux() {
       # The changes made with chcon are temporary in the sense that the context of the file
       # altered with chcon goes back to default when restorecon is run.
       # It should not even try to reach out to the repo.
-      sudo chcon -R -t bin_t "$NODE_AGENT_HOME"
+      run_as_super_user chcon -R -t bin_t "$NODE_AGENT_HOME"
     else
       if command -v yum >/dev/null 2>&1; then
-        sudo yum install -y policycoreutils-python-utils
+        run_as_super_user yum install -y policycoreutils-python-utils
       elif command -v apt-get >/dev/null 2>&1; then
-        sudo apt-get update -y
-        sudo apt-get install -y semanage-utils
+        run_as_super_user apt-get update -y
+        run_as_super_user apt-get install -y semanage-utils
       fi
     fi
   fi
   # Check if semanage was installed in the previous steps.
   if command -v semanage >/dev/null 2>&1; then
-    sudo semanage port -lC | grep -F "$NODE_PORT" >/dev/null 2>&1
+    run_as_super_user semanage port -lC | grep -F "$NODE_PORT" >/dev/null 2>&1
     if [ "$?" -ne 0 ]; then
-      sudo semanage port -a -t http_port_t -p tcp "$NODE_PORT"
+      run_as_super_user semanage port -a -t http_port_t -p tcp "$NODE_PORT"
     fi
-    sudo semanage fcontext -lC | grep -F "$NODE_AGENT_HOME(/.*)?" >/dev/null 2>&1
+    run_as_super_user semanage fcontext -lC | grep -F "$NODE_AGENT_HOME(/.*)?" >/dev/null 2>&1
     if [ "$?" -ne 0 ]; then
-      sudo semanage fcontext -a -t bin_t "$NODE_AGENT_HOME(/.*)?"
+      run_as_super_user semanage fcontext -a -t bin_t "$NODE_AGENT_HOME(/.*)?"
     fi
-    sudo restorecon -ir "$NODE_AGENT_HOME"
+    run_as_super_user restorecon -ir "$NODE_AGENT_HOME"
   fi
   set -e
 }
@@ -272,7 +282,7 @@ install_systemd_service() {
   fi
   modify_firewall
   echo "* Installing Node Agent Systemd Service"
-  sudo tee "$SYSTEMD_PATH/$SERVICE_NAME"  <<-EOF
+  run_as_super_user tee "$SYSTEMD_PATH/$SERVICE_NAME"  <<-EOF
   [Unit]
   Description=YB Anywhere Node Agent
   After=network-online.target
@@ -291,10 +301,10 @@ install_systemd_service() {
   WantedBy=multi-user.target
 EOF
   echo "* Starting the systemd service"
-  sudo systemctl daemon-reload
+  run_as_super_user systemctl daemon-reload
   #To enable the node-agent service on reboot.
-  sudo systemctl enable yb-node-agent
-  sudo systemctl restart yb-node-agent
+  run_as_super_user systemctl enable yb-node-agent
+  run_as_super_user systemctl restart yb-node-agent
   echo "* Started the systemd service"
   echo "* Run 'systemctl status yb-node-agent' to check\
  the status of the yb-node-agent"
@@ -314,6 +324,8 @@ Options:
     Yugabyte Anywhere URL.
   -t, --api_token (REQUIRED with install command)
     Api token to download the build files.
+  -ip, --node_ip (Required for uninstall command)
+    Server IP.
   -p, --node_port (OPTIONAL with install command)
     Server port.
   --user (REQUIRED only for install_service command)
@@ -421,8 +433,8 @@ main() {
         set +e
         RUNNING=$(systemctl list-units | grep -F yb-node-agent.service)
         if [ -n "$RUNNING" ]; then
-          sudo systemctl stop yb-node-agent
-          sudo systemctl disable yb-node-agent
+          run_as_super_user systemctl stop yb-node-agent
+          run_as_super_user systemctl disable yb-node-agent
         fi
         set -e
       fi

diff --git a/managed/src/main/java/com/yugabyte/yw/models/NodeAgent.java b/managed/src/main/java/com/yugabyte/yw/models/NodeAgent.java
@@ -54,6 +54,7 @@
 import java.util.UUID;
 import java.util.function.Consumer;
 import java.util.stream.Collectors;
+import lombok.AccessLevel;
 import lombok.Getter;
 import lombok.Setter;
 import lombok.extern.slf4j.Slf4j;
@@ -202,6 +203,7 @@ public static class Config {
 
   @Enumerated(EnumType.STRING)
   @ApiModelProperty(value = "Node agent state", accessMode = READ_ONLY)
+  @Setter(AccessLevel.NONE)
   private State state;
 
   @WhenModified
@@ -254,6 +256,13 @@ public SortByIF getOrderField() {
     }
   }
 
+  public void setState(State state) {
+    if (this.state != null) {
+      this.state.validateTransition(state);
+    }
+    this.state = state;
+  }
+
   public static Optional<NodeAgent> maybeGet(UUID uuid) {
     NodeAgent nodeAgent = finder.byId(uuid);
     if (nodeAgent == null) {
@@ -382,7 +391,6 @@ public byte[] getServerKey() {
   public void saveState(State state) {
     updateInTxn(
         n -> {
-          n.validateStateTransition(state);
           n.setState(state);
           n.save();
         });