scap sudo violation on first puppet run
Closed, DuplicatePublic
Actions

Assigned To

None

Authored By

	fgiunchedi
	Jan 18 2018, 9:31 AM

Description

I've ran into this while reimaging restbase machines, looks like on first puppet run scap tries to restart services via service but fails because sudo rules for its deploy user are not yet in place:

Error: Execution of '/usr/bin/scap deploy-local --repo cassandra/metrics-collector -D log_json:False' returned 70: 09:12:27 Using deprecated git_fat config, swap to git_binary_manager
09:12:27 Fetch from: http://tin.eqiad.wmnet/cassandra/metrics-collector/.git
09:12:28 Checkout rev: df909a1baf95f4746202810c9193865bcf55e093
09:12:28 Git fat initialize
09:12:28 Git fat pull '/srv/deployment/cassandra/metrics-collector-cache/revs/df909a1baf95f4746202810c9193865bcf55e093'
09:12:31 config_deploy is not enabled in scap.cfg, skipping.
09:12:31 Restarting service 'cassandra-metrics-collector'
09:12:31 Unhandled error:
Traceback (most recent call last):
  File "/usr/lib/python2.7/dist-packages/scap/cli.py", line 330, in run
    exit_status = app.main(app.extra_arguments)
  File "/usr/lib/python2.7/dist-packages/scap/deploy.py", line 146, in main
    getattr(self, stage)()
  File "/usr/lib/python2.7/dist-packages/scap/deploy.py", line 428, in restart_service
    service, self.config.get('require_valid_service', False))
  File "/usr/lib/python2.7/dist-packages/scap/tasks.py", line 740, in handle_services
    restart_service(service)
  File "/usr/lib/python2.7/dist-packages/scap/utils.py", line 402, in context_wrapper
    return func(*args, **kwargs)
  File "/usr/lib/python2.7/dist-packages/scap/tasks.py", line 754, in restart_service
    subprocess.check_call(cmd)
  File "/usr/lib/python2.7/subprocess.py", line 540, in check_call
    raise CalledProcessError(retcode, cmd)
CalledProcessError: Command '['sudo', '-n', '/usr/sbin/service', 'cassandra-metrics-collector', 'restart']' returned non-zero exit status 1
09:12:31 deploy-local failed: <CalledProcessError> Command '['sudo', '-n', '/usr/sbin/service', 'cassandra-metrics-collector', 'restart']' returned non-zero exit status 1

Details

	Subject	Repo	Branch	Lines +/-
	scap: require sudo rules to be in place before deploy	operations/puppet	production	+31 -29

Customize query in gerrit

Event Timeline

fgiunchedi created this task.Jan 18 2018, 9:31 AM

Restricted Application added a subscriber: Aklapper. · View Herald TranscriptJan 18 2018, 9:31 AM

fgiunchedi added a project: SRE.Jan 18 2018, 9:31 AM

Change 404945 had a related patch set uploaded (by Filippo Giunchedi; owner: Filippo Giunchedi):
[operations/puppet@production] scap: require sudo rules to be in place before deploy

https://gerrit.wikimedia.org/r/404945

gerritbot added a project: Patch-For-Review.Jan 18 2018, 9:35 AM

Change 404945 merged by Filippo Giunchedi:
[operations/puppet@production] scap: require sudo rules to be in place before deploy

https://gerrit.wikimedia.org/r/404945

Dzahn triaged this task as High priority.Jan 30 2018, 12:38 AM

Dzahn lowered the priority of this task from High to Medium.

• Phabricator_maintenance moved this task from Backlog to Acknowledged on the SRE board.Jan 26 2019, 9:43 PM

Ladsgroup removed a project: Patch-For-Review.May 28 2019, 3:37 PM

jbond closed this task as a duplicate of T257317: scap deploy --init on deployment server fails on first puppet run.Nov 4 2022, 3:39 PM