Deployer: Deploy as X user and restart services as Z user
| Q | A |
| --- | --- |
| Issue Type | Question |
| Deployer Version | 3.3.0 |
| Local Machine OS | MacOSX Yosemite 10.10.2 |
| Remote Machine OS | Debian GNU/Linux 7.7 & Debian GNU/Linux 8 |
Description
Hello.
We started creating our first deployer deploy script and we are really happy till now!
However, we faced a problem that we couldn't solve ourselves:
Our deployment process is to deploy as X user and do other things that require sudo permissions
as Z user.
Is it possible to do such a thing?
We tried to reproduce that in our deployer script, but it didn't work:
Content of deploy.php
task('php-fpm:restart', function () {
server('staging', 'our-staging-server.example.com')
->user('Z')
->identityFile('~/.ssh/id_rsa')
->env('branch', 'deployer-test')
->env('deploy_path', '/var/www/our_application');
run('sudo /etc/init.d/php5-fpm restart');
})->desc('Restart PHP-FPM service');
after('success', 'php-fpm:restart');
Output log
That step fails with both in the deployment sequence and when executed as a separate step too:
[RuntimeException]
sudo: no tty present and no askpass program specified
I think that this clearly means that the task is still executed with user X (deployment user)
instead of user Z (sudoer).
mylk
All 8 comments
Use sudo for this: sudo -u [user] command
Configure sudo to do not ask password for it.
antonmedv
on 23 May 2016
Hello @elfet, thanks for your time responding.
That still requires our "deploy" user to be in the sudoers, which is something that is not allowed by our security policy.
mylk
on 23 May 2016
Hmmm, so now only one solution: create separate task for it ad run it after deploy.
antonmedv
on 23 May 2016
You mean something external or something like the one described in the description of my question?
Thanks in advance.
mylk
on 23 May 2016
Thank you @elfet we finally solved it like you said in an external script:
task("restart:php-fpm", function () {
runLocally("dep -f=admin.php restart:php-fpm staging");
})->desc("Restart PHP-FPM");
Not that beautiful but works!
mylk
on 30 May 2016
@mylk Would you mind sharing more exact details? We currently have the exact problem and I would like to see if your solution can work in our environment.
smithandre
on 31 May 2016
Hello @smithandre we concluded to the following:
- have server settings in servers.yml for both the deployment and the admin user
- have two different php scripts, one for the actual deployment ran with the deployment users and one for the admin tasks
- run the admin related task from the deploy script
Example from the servers.yml:
development:
host: myserver.dev
user: deploy
forward_agent: true
stage: development
env: dev
development_admin:
host: myserver.dev
user: admin
forward_agent: true
stage: development_admin
env: dev
Example from the deployment script:
task("reload:php-fpm", function () {
runLocally("dep -f=recipe/admin.php reload:php-fpm {{server.name}}_admin");
})->desc("Reload PHP-FPM");
Example from the admin tasks script (recipe/admin.php):
require "symfony.php";
serverList(__DIR__ . "/../servers.yml");
task("reload:php-fpm", function () {
run("sudo /etc/init.d/php5-fpm reload");
})->desc("Reload PHP-FPM");
Quick and/but dirty.
I hope that helped.
mylk
on 1 Jun 2016
Thanks @mylk exactly what I needed.
smithandre
on 2 Jun 2016
Related issues
dima-stefantsov
路
4Comments
sweebee
路
3Comments
krve
路
4Comments
antonmedv
路
5Comments
ovaiskhan11
路
4Comments
Most helpful comment
Hello @smithandre we concluded to the following:
Example from the servers.yml:
Example from the deployment script:
Example from the admin tasks script (recipe/admin.php):
Quick and/but dirty.
I hope that helped.