Merge pull request #234 from nadvornik/sudo

Allow migration with non-root user on source server
uyuni-project · Apr 19, 2024 · 424a4e8 · 424a4e8
2 parents 16c5fbb + 8d34ba2
commit 424a4e8
Show file tree

Hide file tree

Showing 9 changed files with 20 additions and 14 deletions.
diff --git a/mgradm/cmd/install/kubernetes/utils.go b/mgradm/cmd/install/kubernetes/utils.go
@@ -75,7 +75,7 @@ func installForKubernetes(globalFlags *types.GlobalFlags,
 
 	if err := install_shared.RunSetup(cnx, &flags.InstallFlags, args[0], envs); err != nil {
 		if stopErr := shared_kubernetes.Stop(shared_kubernetes.ServerFilter); stopErr != nil {
-			log.Error().Msgf("Failed to stop service: %v", stopErr)
+			log.Error().Msgf(L("Failed to stop service: %v"), stopErr)
 		}
 		return err
 	}

diff --git a/mgradm/cmd/install/podman/utils.go b/mgradm/cmd/install/podman/utils.go
@@ -109,7 +109,7 @@ func installForPodman(
 
 	if err := install_shared.RunSetup(cnx, &flags.InstallFlags, fqdn, env); err != nil {
 		if stopErr := shared_podman.StopService(shared_podman.ServerService); stopErr != nil {
-			log.Error().Msgf("Failed to stop service: %v", stopErr)
+			log.Error().Msgf(L("Failed to stop service: %v"), stopErr)
 		}
 		return err
 	}

diff --git a/mgradm/cmd/migrate/kubernetes/utils.go b/mgradm/cmd/migrate/kubernetes/utils.go
@@ -51,7 +51,7 @@ func migrateToKubernetes(
 	sshConfigPath, sshKnownhostsPath := migration_shared.GetSshPaths()
 
 	// Prepare the migration script and folder
-	scriptDir, err := adm_utils.GenerateMigrationScript(fqdn, true)
+	scriptDir, err := adm_utils.GenerateMigrationScript(fqdn, flags.User, true)
 	if err != nil {
 		return fmt.Errorf(L("failed to generate migration script: %s"), err)
 	}

diff --git a/mgradm/cmd/migrate/podman/utils.go b/mgradm/cmd/migrate/podman/utils.go
@@ -34,7 +34,7 @@ func migrateToPodman(globalFlags *types.GlobalFlags, flags *podmanMigrateFlags,
 	sshAuthSocket := migration_shared.GetSshAuthSocket()
 	sshConfigPath, sshKnownhostsPath := migration_shared.GetSshPaths()
 
-	tz, oldPgVersion, newPgVersion, err := podman.RunMigration(serverImage, flags.Image.PullPolicy, sshAuthSocket, sshConfigPath, sshKnownhostsPath, sourceFqdn)
+	tz, oldPgVersion, newPgVersion, err := podman.RunMigration(serverImage, flags.Image.PullPolicy, sshAuthSocket, sshConfigPath, sshKnownhostsPath, sourceFqdn, flags.User)
 	if err != nil {
 		return fmt.Errorf(L("cannot run migration script: %s"), err)
 	}

diff --git a/mgradm/cmd/migrate/shared/flags.go b/mgradm/cmd/migrate/shared/flags.go
@@ -7,17 +7,20 @@ package shared
 import (
 	"github.com/spf13/cobra"
 	"github.com/uyuni-project/uyuni-tools/mgradm/shared/utils"
+	. "github.com/uyuni-project/uyuni-tools/shared/l10n"
 	"github.com/uyuni-project/uyuni-tools/shared/types"
 )
 
 // MigrateFlags represents flag required by migration command.
 type MigrateFlags struct {
 	Image          types.ImageFlags `mapstructure:",squash"`
 	MigrationImage types.ImageFlags `mapstructure:"migration"`
+	User           string
 }
 
 // AddMigrateFlags add migration flags to a command.
 func AddMigrateFlags(cmd *cobra.Command) {
 	utils.AddImageFlag(cmd)
 	utils.AddMigrationImageFlag(cmd)
+	cmd.Flags().String("user", "root", L("User on the source server. Non-root user must have passwordless sudo privileges (NOPASSWD tag in /etc/sudoers)."))
 }
diff --git a/mgradm/shared/podman/podman.go b/mgradm/shared/podman/podman.go
@@ -158,8 +158,8 @@ func RunContainer(name string, image string, extraArgs []string, cmd []string) e
 }
 
 // RunMigration migrate an existing remote server to a container.
-func RunMigration(serverImage string, pullPolicy string, sshAuthSocket string, sshConfigPath string, sshKnownhostsPath string, sourceFqdn string) (string, string, string, error) {
-	scriptDir, err := adm_utils.GenerateMigrationScript(sourceFqdn, false)
+func RunMigration(serverImage string, pullPolicy string, sshAuthSocket string, sshConfigPath string, sshKnownhostsPath string, sourceFqdn string, user string) (string, string, string, error) {
+	scriptDir, err := adm_utils.GenerateMigrationScript(sourceFqdn, user, false)
 	if err != nil {
 		return "", "", "", fmt.Errorf(L("cannot generate migration script: %s"), err)
 	}

diff --git a/mgradm/shared/templates/migrateScriptTemplate.go b/mgradm/shared/templates/migrateScriptTemplate.go
@@ -17,18 +17,17 @@ SSH_CONFIG=""
 if test -e /tmp/ssh_config; then
   SSH_CONFIG="-F /tmp/ssh_config"
 fi
-SSH="ssh -A $SSH_CONFIG "
-SCP="scp -A $SSH_CONFIG "
+SSH="ssh -o User={{ .User }} -A $SSH_CONFIG "
 
 echo "Stopping spacewalk service..."
-$SSH {{ .SourceFqdn }} "spacewalk-service stop ; systemctl start postgresql.service"
+$SSH {{ .SourceFqdn }} "sudo spacewalk-service stop ; sudo systemctl start postgresql.service"
 
 $SSH {{ .SourceFqdn }} \
  "echo \"COPY (SELECT MIN(CONCAT(org_id, '-', label)) AS target, base_path FROM rhnKickstartableTree GROUP BY base_path) TO STDOUT WITH CSV;\" \
- |spacewalk-sql --select-mode - " > distros
+ |sudo spacewalk-sql --select-mode - " > distros
 
 echo "Stopping posgresql service..."
-$SSH {{ .SourceFqdn }} "systemctl stop postgresql.service"
+$SSH {{ .SourceFqdn }} "sudo systemctl stop postgresql.service"
 
 while IFS="," read -r target path ; do
     echo "-/ $path"
@@ -123,8 +122,9 @@ cp /etc/pki/trust/anchors/LOCAL-RHN-ORG-TRUSTED-SSL-CERT /var/lib/uyuni-tools/RH
 
 if test "extractedSSL" != "1"; then
   # For third party certificates, the CA chain is in the certificate file.
-  $SCP {{ .SourceFqdn }}:/etc/pki/tls/private/spacewalk.key /var/lib/uyuni-tools/
-  $SCP {{ .SourceFqdn }}:/etc/pki/tls/certs/spacewalk.crt /var/lib/uyuni-tools/
+  rsync -e "$SSH" --rsync-path='sudo rsync' -avz {{ .SourceFqdn }}:/etc/pki/tls/private/spacewalk.key /var/lib/uyuni-tools/
+  rsync -e "$SSH" --rsync-path='sudo rsync' -avz {{ .SourceFqdn }}:/etc/pki/tls/certs/spacewalk.crt /var/lib/uyuni-tools/
+
 fi
 
 echo "Removing useless ssl-build folder..."
@@ -140,6 +140,7 @@ echo "DONE"`
 type MigrateScriptTemplateData struct {
 	Volumes    []types.VolumeMount
 	SourceFqdn string
+	User       string
 	Kubernetes bool
 }
 

diff --git a/mgradm/shared/utils/exec.go b/mgradm/shared/utils/exec.go
@@ -152,7 +152,7 @@ func RunMigration(cnx *shared.Connection, tmpPath string, scriptName string) err
 }
 
 // GenerateMigrationScript generates the script that perform migration.
-func GenerateMigrationScript(sourceFqdn string, kubernetes bool) (string, error) {
+func GenerateMigrationScript(sourceFqdn string, user string, kubernetes bool) (string, error) {
 	scriptDir, err := os.MkdirTemp("", "mgradm-*")
 	if err != nil {
 		return "", fmt.Errorf(L("failed to create temporary directory: %s"), err)
@@ -161,6 +161,7 @@ func GenerateMigrationScript(sourceFqdn string, kubernetes bool) (string, error)
 	data := templates.MigrateScriptTemplateData{
 		Volumes:    utils.ServerVolumeMounts,
 		SourceFqdn: sourceFqdn,
+		User:       user,
 		Kubernetes: kubernetes,
 	}
 

diff --git a/uyuni-tools.changes.nadvornik.sudo b/uyuni-tools.changes.nadvornik.sudo
@@ -0,0 +1 @@
+- Allow migration with non-root user on source server
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1 @@
		- Allow migration with non-root user on source server