Friday, December 21, 2012

Tanuki Software's Java Service Wrapper and your Environment Variables

This post has been updated

Here's an evil little gotcha I ran into when using the Tanuki Software Java Service Wrapper to run our company bamboo server. But first you need to know a little bit of context:

We had our bamboo agent running as root for a long time and about two months ago I changed that. I created a bamboo user and installed multiple agents. Each of these into its own folder along the lines of /home/bamboo/bamboo/java-agent-1 etc. Now in each of these is a wrapper script under bin/bamboo-agent.sh. Reading up a bit on the wrapper I found out I can change the script and set the variable RUN_AS_USER=bamboo and then simply create a symlink from /etc/init.d/java-agent-1 to /home/bamboo/bamboo/java-agent-1/bin/bamboo-agent.sh and then start/stop the service just like any other normal unix service.

Ok so that's the situation. Now what happend is, that our maven build (which also creates and signs a bunch of rpm files) suddenly tried to use the gnupg keys from /root/.gnupg instead of the usual /home/bamboo/.gnupg.

So what happened? The agents were initially started under the bamboo user and working fine, then later restarted as the root user and this is where the problems started happening. So it appears, that, if the service is started as root, it may well drop to the bamboo user and run as that, but the $HOME variable (probably the root user's entire environment) has survived and so gnupg didn't do anything wrong, the environment was just pointing to the wrong user. Pretty evil little bug we had there, glad I found it within reasonable time.

How to fix it? I haven't found any information on similar problems by other people let alone an option to force the wrapper to do a clean su/sudo so for now I just put the following snippet into each of the bamboo-agent.sh files let the user (usually me anyways) deal with (read: su - bamboo and then restart the service as bamboo).

Loading ....

Have you had this problem too? How did you solve it? I'd love to hear your solutions. And for everyone else I hope this will save you a few hours hunting down that same or similar problem with the same cause.

Update: 2013-01-07

Big thanks to the tanuki guys who wrote a comment below with the fix (tested and working on my bamboo server) for those affected. In the bamboo-agent.sh in the function checkUser, you need to change

su -m $RUN_AS_USER -c "\"$REALPATH\" $2"
to
su - $RUN_AS_USER -c "\"$REALPATH\" $2"
(instead of "-m" just "-"). And with that the check if we're running as bamboo becomes obsolete!

3 comments:

  1. Hi,

    What version of the Java Service Wrapper are you using?
    This bug should have already been fixed since version 3.3.0.

    Best Regards,
    Tanuki Software Support Team

    ReplyDelete
  2. Sorry, I forgot to mention it in my first post. To fix the issue yourself with the 3.2.* version of the script, please open the checkUser() function and change the following line:
    su -m $RUN_AS_USER -c "\"$REALPATH\" $2"
    to:
    su - $RUN_AS_USER -c "\"$REALPATH\" $2"

    Merry Christmas/Frohe Weihnachten

    ReplyDelete