You are viewing a plain text version of this content. The canonical link for it is here.
Posted to reviews@aurora.apache.org by Dmitriy Shirchenko <ca...@gmail.com> on 2016/04/18 20:33:15 UTC
Re: Review Request 46290: adding --setuid-health-checks to not demote
health check user:group to role
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/
-----------------------------------------------------------
(Updated April 18, 2016, 6:33 p.m.)
Review request for Aurora, Bill Farner and Zameer Manji.
Summary (updated)
-----------------
adding --setuid-health-checks to not demote health check user:group to role
Bugs: AURORA-1666
https://issues.apache.org/jira/browse/AURORA-1666
Repository: aurora
Description (updated)
-------
adding --setuid-health-checks flag to not demote health check user:group to role
Diffs
-----
RELEASE-NOTES.md a0536ec352119952d4d58aa5f36e5e9a7b7d2e6e
src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
Diff: https://reviews.apache.org/r/46290/diff/
Testing
-------
- end to end tests
- added unit tests
Thanks,
Dmitriy Shirchenko
Re: Review Request 46290: adding --setuid-health-checks to not demote
health check user:group to role
Posted by Dmitriy Shirchenko <ca...@gmail.com>.
> On April 18, 2016, 6:33 p.m., Joshua Cohen wrote:
> > There was a discussion in IRC about just configuring your health check to be `sudo ...`. I may have missed the resolution of that discussion, was that not a feasible approach?
It is not because the actual shell command (with or without sudo) gets executed after
```
pwd.getpwnam
```
tries to get user that may not exist. Executor fails hard on that line.
- Dmitriy
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/#review129401
-----------------------------------------------------------
On April 18, 2016, 6:34 p.m., Dmitriy Shirchenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46290/
> -----------------------------------------------------------
>
> (Updated April 18, 2016, 6:34 p.m.)
>
>
> Review request for Aurora, Bill Farner and Zameer Manji.
>
>
> Bugs: AURORA-1666
> https://issues.apache.org/jira/browse/AURORA-1666
>
>
> Repository: aurora
>
>
> Description
> -------
>
> adding --setuid-health-checks flag to not demote health check user:group to role
>
>
> Diffs
> -----
>
> RELEASE-NOTES.md 99d261b7928576f91d4b69bdc6be7210578ee7b3
> src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
> src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
> src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
>
> Diff: https://reviews.apache.org/r/46290/diff/
>
>
> Testing
> -------
>
> - end to end tests
> - added unit tests
>
>
> Thanks,
>
> Dmitriy Shirchenko
>
>
Re: Review Request 46290: adding --setuid-health-checks to not demote
health check user:group to role
Posted by Bill Farner <wf...@apache.org>.
> On April 18, 2016, 11:33 a.m., Joshua Cohen wrote:
> > There was a discussion in IRC about just configuring your health check to be `sudo ...`. I may have missed the resolution of that discussion, was that not a feasible approach?
>
> Dmitriy Shirchenko wrote:
> It is not because the actual shell command (with or without sudo) gets executed after
> ```
> pwd.getpwnam
> ```
> tries to get user that may not exist. Executor fails hard on that line.
That would require the user to have sudo privileges, which i don't think is the case here. I believe the use case is one where there's another system between the user and Aurora, and that system is injecting the health check command(s).
- Bill
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/#review129401
-----------------------------------------------------------
On April 18, 2016, 11:34 a.m., Dmitriy Shirchenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46290/
> -----------------------------------------------------------
>
> (Updated April 18, 2016, 11:34 a.m.)
>
>
> Review request for Aurora, Bill Farner and Zameer Manji.
>
>
> Bugs: AURORA-1666
> https://issues.apache.org/jira/browse/AURORA-1666
>
>
> Repository: aurora
>
>
> Description
> -------
>
> adding --setuid-health-checks flag to not demote health check user:group to role
>
>
> Diffs
> -----
>
> RELEASE-NOTES.md 99d261b7928576f91d4b69bdc6be7210578ee7b3
> src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
> src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
> src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
>
> Diff: https://reviews.apache.org/r/46290/diff/
>
>
> Testing
> -------
>
> - end to end tests
> - added unit tests
>
>
> Thanks,
>
> Dmitriy Shirchenko
>
>
Re: Review Request 46290: adding --setuid-health-checks to not demote
health check user:group to role
Posted by Joshua Cohen <jc...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/#review129401
-----------------------------------------------------------
There was a discussion in IRC about just configuring your health check to be `sudo ...`. I may have missed the resolution of that discussion, was that not a feasible approach?
- Joshua Cohen
On April 18, 2016, 6:33 p.m., Dmitriy Shirchenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46290/
> -----------------------------------------------------------
>
> (Updated April 18, 2016, 6:33 p.m.)
>
>
> Review request for Aurora, Bill Farner and Zameer Manji.
>
>
> Bugs: AURORA-1666
> https://issues.apache.org/jira/browse/AURORA-1666
>
>
> Repository: aurora
>
>
> Description
> -------
>
> adding --setuid-health-checks flag to not demote health check user:group to role
>
>
> Diffs
> -----
>
> RELEASE-NOTES.md a0536ec352119952d4d58aa5f36e5e9a7b7d2e6e
> src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
> src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
> src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
>
> Diff: https://reviews.apache.org/r/46290/diff/
>
>
> Testing
> -------
>
> - end to end tests
> - added unit tests
>
>
> Thanks,
>
> Dmitriy Shirchenko
>
>
Re: Review Request 46290: Adding a flag to control whether the
executor runs health checks as the job's role's user
Posted by Aurora ReviewBot <wf...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/#review129417
-----------------------------------------------------------
Ship it!
Master (f4a0845) is green with this patch.
./build-support/jenkins/build.sh
I will refresh this build result if you post a review containing "@ReviewBot retry"
- Aurora ReviewBot
On April 18, 2016, 7:02 p.m., Dmitriy Shirchenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46290/
> -----------------------------------------------------------
>
> (Updated April 18, 2016, 7:02 p.m.)
>
>
> Review request for Aurora, Bill Farner and Zameer Manji.
>
>
> Bugs: AURORA-1666
> https://issues.apache.org/jira/browse/AURORA-1666
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding a flag to control whether the executor runs health checks as the job's role's user
>
>
> Diffs
> -----
>
> RELEASE-NOTES.md 99d261b7928576f91d4b69bdc6be7210578ee7b3
> src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
> src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
> src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
>
> Diff: https://reviews.apache.org/r/46290/diff/
>
>
> Testing
> -------
>
> - end to end tests
> - added unit tests
>
>
> Thanks,
>
> Dmitriy Shirchenko
>
>
Re: Review Request 46290: Adding a flag to control whether the
executor runs health checks as the job's role's user
Posted by Bill Farner <wf...@apache.org>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/#review129414
-----------------------------------------------------------
Ship it!
Ship It!
- Bill Farner
On April 18, 2016, 12:02 p.m., Dmitriy Shirchenko wrote:
>
> -----------------------------------------------------------
> This is an automatically generated e-mail. To reply, visit:
> https://reviews.apache.org/r/46290/
> -----------------------------------------------------------
>
> (Updated April 18, 2016, 12:02 p.m.)
>
>
> Review request for Aurora, Bill Farner and Zameer Manji.
>
>
> Bugs: AURORA-1666
> https://issues.apache.org/jira/browse/AURORA-1666
>
>
> Repository: aurora
>
>
> Description
> -------
>
> Adding a flag to control whether the executor runs health checks as the job's role's user
>
>
> Diffs
> -----
>
> RELEASE-NOTES.md 99d261b7928576f91d4b69bdc6be7210578ee7b3
> src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
> src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
> src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
>
> Diff: https://reviews.apache.org/r/46290/diff/
>
>
> Testing
> -------
>
> - end to end tests
> - added unit tests
>
>
> Thanks,
>
> Dmitriy Shirchenko
>
>
Re: Review Request 46290: Adding a flag to control whether the
executor runs health checks as the job's role's user
Posted by Dmitriy Shirchenko <ca...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/
-----------------------------------------------------------
(Updated April 18, 2016, 7:02 p.m.)
Review request for Aurora, Bill Farner and Zameer Manji.
Bugs: AURORA-1666
https://issues.apache.org/jira/browse/AURORA-1666
Repository: aurora
Description
-------
Adding a flag to control whether the executor runs health checks as the job's role's user
Diffs (updated)
-----
RELEASE-NOTES.md 99d261b7928576f91d4b69bdc6be7210578ee7b3
src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
Diff: https://reviews.apache.org/r/46290/diff/
Testing
-------
- end to end tests
- added unit tests
Thanks,
Dmitriy Shirchenko
Re: Review Request 46290: Adding a flag to control whether the
executor runs health checks as the job's role's user
Posted by Dmitriy Shirchenko <ca...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/
-----------------------------------------------------------
(Updated April 18, 2016, 7:01 p.m.)
Review request for Aurora, Bill Farner and Zameer Manji.
Bugs: AURORA-1666
https://issues.apache.org/jira/browse/AURORA-1666
Repository: aurora
Description
-------
Adding a flag to control whether the executor runs health checks as the job's role's user
Diffs (updated)
-----
RELEASE-NOTES.md 99d261b7928576f91d4b69bdc6be7210578ee7b3
src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
Diff: https://reviews.apache.org/r/46290/diff/
Testing
-------
- end to end tests
- added unit tests
Thanks,
Dmitriy Shirchenko
Re: Review Request 46290: Adding a flag to control whether the
executor runs health checks as the job's role's user
Posted by Dmitriy Shirchenko <ca...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/
-----------------------------------------------------------
(Updated April 18, 2016, 6:43 p.m.)
Review request for Aurora, Bill Farner and Zameer Manji.
Bugs: AURORA-1666
https://issues.apache.org/jira/browse/AURORA-1666
Repository: aurora
Description
-------
Adding a flag to control whether the executor runs health checks as the job's role's user
Diffs (updated)
-----
RELEASE-NOTES.md 99d261b7928576f91d4b69bdc6be7210578ee7b3
src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
Diff: https://reviews.apache.org/r/46290/diff/
Testing
-------
- end to end tests
- added unit tests
Thanks,
Dmitriy Shirchenko
Re: Review Request 46290: Adding a flag to control whether the
executor runs health checks as the job's role's user
Posted by Dmitriy Shirchenko <ca...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/
-----------------------------------------------------------
(Updated April 18, 2016, 6:42 p.m.)
Review request for Aurora, Bill Farner and Zameer Manji.
Summary (updated)
-----------------
Adding a flag to control whether the executor runs health checks as the job's role's user
Bugs: AURORA-1666
https://issues.apache.org/jira/browse/AURORA-1666
Repository: aurora
Description (updated)
-------
Adding a flag to control whether the executor runs health checks as the job's role's user
Diffs
-----
RELEASE-NOTES.md 99d261b7928576f91d4b69bdc6be7210578ee7b3
src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
Diff: https://reviews.apache.org/r/46290/diff/
Testing
-------
- end to end tests
- added unit tests
Thanks,
Dmitriy Shirchenko
Re: Review Request 46290: adding --setuid-health-checks to not demote
health check user:group to role
Posted by Dmitriy Shirchenko <ca...@gmail.com>.
-----------------------------------------------------------
This is an automatically generated e-mail. To reply, visit:
https://reviews.apache.org/r/46290/
-----------------------------------------------------------
(Updated April 18, 2016, 6:34 p.m.)
Review request for Aurora, Bill Farner and Zameer Manji.
Bugs: AURORA-1666
https://issues.apache.org/jira/browse/AURORA-1666
Repository: aurora
Description
-------
adding --setuid-health-checks flag to not demote health check user:group to role
Diffs (updated)
-----
RELEASE-NOTES.md 99d261b7928576f91d4b69bdc6be7210578ee7b3
src/main/python/apache/aurora/executor/bin/thermos_executor_main.py 40a0cd6396a78c591debf5e2be11363ecf496231
src/main/python/apache/aurora/executor/common/health_checker.py d8675beb8f16ebdd2d6946367784411fe84a5cfc
src/test/python/apache/aurora/executor/common/test_health_checker.py 4ab7a2fab651abd5ab8a0f312d10c444800e8b7a
Diff: https://reviews.apache.org/r/46290/diff/
Testing
-------
- end to end tests
- added unit tests
Thanks,
Dmitriy Shirchenko