Level 11
Hey @mhopkins321, did you get this to work? I'm curious about what the final issue was.
Jan 2, 2015
6
Level 5
Accessing Ubuntu upstart (start and stop) from auto deploy script
I'm using Forge for a Hubot project. Certainly not what Forge was designed for, but it works well enough. When ssh'ed to the box I'd run
sudo stop sterling
cd /home/forge/sterling.site
git pull origin master
sudo start sterling
And the upstart script runs great. However, when I attempt to do these same commands from forge I get the below error
stop: Rejected send message, 1 matched rules; type="method_call", sender=":1.451" (uid=1001 pid=21730 comm="stop sterling ") interface="com.ubuntu.Upstart0_6.Job" member="Stop" error name="(unset)" requested_reply="0" destination="com.ubuntu.Upstart" (uid=0 pid=1 comm="/sbin/init ")
Any thoughts as to how I can fix this?
Level 5
@fideloper no not yet. So far my "automatic deploy" consists of git pull. Then manually ssh in and sudo stop sterling sudo start sterling
it's sort of annoying. I need to submit a ticket to Taylor and get his thoughts on things. I'm guessing it's some sort of permission/chmod/linux magic solution
EDIT: worth noting, I don't believe this to be a forge issue. npm + sudo and who owns what have always given me issues. Most likely I installed node or npm wrong. I'd prefer to just be able to do stop sterling start sterling
Level 11
Ah so it sorta sounds like the issue is that user "forge" needs to input the password for the sudo start/sudo stop commands.
(Altho I'm not familiar with the error you get back, idk what that's saying...)
In any case, you can grant user "forge" the ability to run the "service" command using sudo without a password, so it can run sudo service sterling stop and sudo service sterling start without getting prompted for a password.
To do so, login as user forge, and:
Edit the visudo file, which can grant users/groups the ability to use sudo in certain ways:
sudo visudo
This will open the /etc/sudoers file in an editor, either vim or nano (I think Nano on Forge servers)
At the bottom of the file, add:
forge ALL=NOPASSWD:/usr/sbin/service
This is giving user forge the ability to run use sudo with the /usr/sbin/service command without needing a password. (The "ALL" stuff I explain in more in https://book.serversforhackers.com if you're interested!)
Note that this is potentially a security issue - if someone logs in with user forge they'll be able to start/stop any service (nginx, sshd, and so on) without needing the forge user's password.
You can get more specific with that command to only allow the service command to be used with specific services, such as sterling:
# Try this:
forge ALL=NOPASSWD:/usr/sbin/service sterling *
# OR this (but not both, they conflict):
forge ALL=NOPASSWD:/usr/sbin/service sterling stop, /usr/sbin/service sterling start, /usr/sbin/service sterling status
Save and exit that and the changes should take effect immediately.
Last note: I'm using the "service" command, which will work just as well as using the Upstart sysctl "shortcut" commands start, stop (and so on) directly.
The service command will check for defined upstart services in /etc/init AND SysVInit services defined in /etc/init.d, so I like to use that to cover all your bases. (It will work with systemd as well).
2 likes
Level 65
I actually prefer to add that stuff to an overrides files for sudo changes.
visudo -f /etc/sudoers.d/myoverrides
Level 5
@fideloper @bashy thanks guys! This is super helpful. I'll be sitting down to try and make this work this afternoon! Thank you for also addressing the exact question I was goi to ask at the end of your post!
Level 5
It works! Thanks!!
Please or to participate in this conversation.