This post has been updated
Here's an evil little gotcha I ran into when using the Tanuki Software Java Service Wrapper to run our company bamboo server. But first you need to know a little bit of context:
We had our bamboo agent running as root for a long time and about two months ago I changed that. I created a bamboo user and installed multiple agents. Each of these into its own folder along the lines of /home/bamboo/bamboo/java-agent-1
etc. Now in each of these is a wrapper script under bin/bamboo-agent.sh
. Reading up a bit on the wrapper I found out I can change the script and set the variable RUN_AS_USER=bamboo
and then simply create a symlink from /etc/init.d/java-agent-1
to /home/bamboo/bamboo/java-agent-1/bin/bamboo-agent.sh
and then start/stop the service just like any other normal unix service.
Ok so that's the situation. Now what happend is, that our maven build (which also creates and signs a bunch of rpm files) suddenly tried to use the gnupg keys from /root/.gnupg
instead of the usual /home/bamboo/.gnupg
.
So what happened? The agents were initially started under the bamboo user and working fine, then later restarted as the root user and this is where the problems started happening. So it appears, that, if the service is started as root, it may well drop to the bamboo user and run as that, but the $HOME
variable (probably the root user's entire environment) has survived and so gnupg didn't do anything wrong, the environment was just pointing to the wrong user. Pretty evil little bug we had there, glad I found it within reasonable time.
How to fix it? I haven't found any information on similar problems by other people let alone an option to force the wrapper to do a clean su/sudo so for now I just put the following snippet into each of the bamboo-agent.sh
files let the user (usually me anyways) deal with (read: su - bamboo and then restart the service as bamboo).
Have you had this problem too? How did you solve it? I'd love to hear your solutions. And for everyone else I hope this will save you a few hours hunting down that same or similar problem with the same cause.
Update: 2013-01-07
Big thanks to the tanuki guys who wrote a comment below with the fix (tested and working on my bamboo server) for those affected. In the bamboo-agent.sh in the function checkUser, you need to change
su -m $RUN_AS_USER -c "\"$REALPATH\" $2"to
su - $RUN_AS_USER -c "\"$REALPATH\" $2"(instead of "-m" just "-"). And with that the check if we're running as bamboo becomes obsolete!
Hi,
ReplyDeleteWhat version of the Java Service Wrapper are you using?
This bug should have already been fixed since version 3.3.0.
Best Regards,
Tanuki Software Support Team
Sorry, I forgot to mention it in my first post. To fix the issue yourself with the 3.2.* version of the script, please open the checkUser() function and change the following line:
ReplyDeletesu -m $RUN_AS_USER -c "\"$REALPATH\" $2"
to:
su - $RUN_AS_USER -c "\"$REALPATH\" $2"
Merry Christmas/Frohe Weihnachten
Great, thank you! This works :)
DeleteThis comment has been removed by the author.
ReplyDeleteIt looks good, it seems to load ok when you check it, it does the job you intended it did when you first thought but is the HTML valid?.
ReplyDeleteSteve
Café Casino builds trust and confidence by subjecting itself to common audits and evaluations by iTechlabs. These common checks ensure the the} platform uses truthful randomly generated numbers and validates payouts supplied. Bovada doesn’t cost 까모벳 you any withdrawal charges regardless of participant earnings. You can receive payouts by way of bitcoin transfers, a courier check, or bank transfers.
ReplyDeleteCylinder Head Assembly for 400 Series
ReplyDelete