jesus/provisioning
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
provisioning/docs/book/quick-reference/SUDO_PASSWORD_HANDLING.html
Jesús Pérez 6a59d34bb1
chore: update provisioning configuration and documentation 
Update configuration files, templates, and internal documentation
for the provisioning repository system.

Configuration Updates:
- KMS configuration modernization
- Plugin system settings
- Service port mappings
- Test cluster topologies
- Installation configuration examples
- VM configuration defaults
- Cedar authorization policies

Documentation Updates:
- Library module documentation
- Extension API guides
- AI system documentation
- Service management guides
- Test environment setup
- Plugin usage guides
- Validator configuration documentation

All changes are backward compatible.
2025-12-11 21:50:42 +00:00

353 lines
18 KiB
HTML
Raw Permalink Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

<!DOCTYPE HTML>
<html lang="en" class="ayu sidebar-visible" dir="ltr">
<head>
<!-- Book generated using mdBook -->
<meta charset="UTF-8">
<title>Sudo Password Handling - Provisioning Platform Documentation</title>
<!-- Custom HTML head -->
<meta name="description" content="Complete documentation for the Provisioning Platform - Infrastructure automation with Nushell, KCL, and Rust">
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="theme-color" content="#ffffff">
<link rel="icon" href="../favicon.svg">
<link rel="shortcut icon" href="../favicon.png">
<link rel="stylesheet" href="../css/variables.css">
<link rel="stylesheet" href="../css/general.css">
<link rel="stylesheet" href="../css/chrome.css">
<link rel="stylesheet" href="../css/print.css" media="print">
<!-- Fonts -->
<link rel="stylesheet" href="../FontAwesome/css/font-awesome.css">
<link rel="stylesheet" href="../fonts/fonts.css">
<!-- Highlight.js Stylesheets -->
<link rel="stylesheet" id="highlight-css" href="../highlight.css">
<link rel="stylesheet" id="tomorrow-night-css" href="../tomorrow-night.css">
<link rel="stylesheet" id="ayu-highlight-css" href="../ayu-highlight.css">
<!-- Custom theme stylesheets -->
<!-- Provide site root and default themes to javascript -->
<script>
const path_to_root = "../";
const default_light_theme = "ayu";
const default_dark_theme = "navy";
</script>
<!-- Start loading toc.js asap -->
<script src="../toc.js"></script>
</head>
<body>
<div id="mdbook-help-container">
<div id="mdbook-help-popup">
<h2 class="mdbook-help-title">Keyboard shortcuts</h2>
<div>
<p>Press <kbd></kbd> or <kbd></kbd> to navigate between chapters</p>
<p>Press <kbd>S</kbd> or <kbd>/</kbd> to search in the book</p>
<p>Press <kbd>?</kbd> to show this help</p>
<p>Press <kbd>Esc</kbd> to hide this help</p>
</div>
</div>
</div>
<div id="body-container">
<!-- Work around some values being stored in localStorage wrapped in quotes -->
<script>
try {
let theme = localStorage.getItem('mdbook-theme');
let sidebar = localStorage.getItem('mdbook-sidebar');
if (theme.startsWith('"') && theme.endsWith('"')) {
localStorage.setItem('mdbook-theme', theme.slice(1, theme.length - 1));
}
if (sidebar.startsWith('"') && sidebar.endsWith('"')) {
localStorage.setItem('mdbook-sidebar', sidebar.slice(1, sidebar.length - 1));
}
} catch (e) { }
</script>
<!-- Set the theme before any content is loaded, prevents flash -->
<script>
const default_theme = window.matchMedia("(prefers-color-scheme: dark)").matches ? default_dark_theme : default_light_theme;
let theme;
try { theme = localStorage.getItem('mdbook-theme'); } catch(e) { }
if (theme === null || theme === undefined) { theme = default_theme; }
const html = document.documentElement;
html.classList.remove('ayu')
html.classList.add(theme);
html.classList.add("js");
</script>
<input type="checkbox" id="sidebar-toggle-anchor" class="hidden">
<!-- Hide / unhide sidebar before it is displayed -->
<script>
let sidebar = null;
const sidebar_toggle = document.getElementById("sidebar-toggle-anchor");
if (document.body.clientWidth >= 1080) {
try { sidebar = localStorage.getItem('mdbook-sidebar'); } catch(e) { }
sidebar = sidebar || 'visible';
} else {
sidebar = 'hidden';
}
sidebar_toggle.checked = sidebar === 'visible';
html.classList.remove('sidebar-visible');
html.classList.add("sidebar-" + sidebar);
</script>
<nav id="sidebar" class="sidebar" aria-label="Table of contents">
<!-- populated by js -->
<mdbook-sidebar-scrollbox class="sidebar-scrollbox"></mdbook-sidebar-scrollbox>
<noscript>
<iframe class="sidebar-iframe-outer" src="../toc.html"></iframe>
</noscript>
<div id="sidebar-resize-handle" class="sidebar-resize-handle">
<div class="sidebar-resize-indicator"></div>
</div>
</nav>
<div id="page-wrapper" class="page-wrapper">
<div class="page">
<div id="menu-bar-hover-placeholder"></div>
<div id="menu-bar" class="menu-bar sticky">
<div class="left-buttons">
<label id="sidebar-toggle" class="icon-button" for="sidebar-toggle-anchor" title="Toggle Table of Contents" aria-label="Toggle Table of Contents" aria-controls="sidebar">
<i class="fa fa-bars"></i>
</label>
<button id="theme-toggle" class="icon-button" type="button" title="Change theme" aria-label="Change theme" aria-haspopup="true" aria-expanded="false" aria-controls="theme-list">
<i class="fa fa-paint-brush"></i>
</button>
<ul id="theme-list" class="theme-popup" aria-label="Themes" role="menu">
<li role="none"><button role="menuitem" class="theme" id="default_theme">Auto</button></li>
<li role="none"><button role="menuitem" class="theme" id="light">Light</button></li>
<li role="none"><button role="menuitem" class="theme" id="rust">Rust</button></li>
<li role="none"><button role="menuitem" class="theme" id="coal">Coal</button></li>
<li role="none"><button role="menuitem" class="theme" id="navy">Navy</button></li>
<li role="none"><button role="menuitem" class="theme" id="ayu">Ayu</button></li>
</ul>
<button id="search-toggle" class="icon-button" type="button" title="Search (`/`)" aria-label="Toggle Searchbar" aria-expanded="false" aria-keyshortcuts="/ s" aria-controls="searchbar">
<i class="fa fa-search"></i>
</button>
</div>
<h1 class="menu-title">Provisioning Platform Documentation</h1>
<div class="right-buttons">
<a href="../print.html" title="Print this book" aria-label="Print this book">
<i id="print-button" class="fa fa-print"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform" title="Git repository" aria-label="Git repository">
<i id="git-repository-button" class="fa fa-github"></i>
</a>
<a href="https://github.com/provisioning/provisioning-platform/edit/main/provisioning/docs/src/quick-reference/SUDO_PASSWORD_HANDLING.md" title="Suggest an edit" aria-label="Suggest an edit">
<i id="git-edit-button" class="fa fa-edit"></i>
</a>
</div>
</div>
<div id="search-wrapper" class="hidden">
<form id="searchbar-outer" class="searchbar-outer">
<input type="search" id="searchbar" name="searchbar" placeholder="Search this book ..." aria-controls="searchresults-outer" aria-describedby="searchresults-header">
</form>
<div id="searchresults-outer" class="searchresults-outer hidden">
<div id="searchresults-header" class="searchresults-header"></div>
<ul id="searchresults">
</ul>
</div>
</div>
<!-- Apply ARIA attributes after the sidebar and the sidebar toggle button are added to the DOM -->
<script>
document.getElementById('sidebar-toggle').setAttribute('aria-expanded', sidebar === 'visible');
document.getElementById('sidebar').setAttribute('aria-hidden', sidebar !== 'visible');
Array.from(document.querySelectorAll('#sidebar a')).forEach(function(link) {
link.setAttribute('tabIndex', sidebar === 'visible' ? 0 : -1);
});
</script>
<div id="content" class="content">
<main>
<h1 id="sudo-password-handling---quick-reference"><a class="header" href="#sudo-password-handling---quick-reference">Sudo Password Handling - Quick Reference</a></h1>
<h2 id="when-sudo-is-required"><a class="header" href="#when-sudo-is-required">When Sudo is Required</a></h2>
<p>Sudo password is needed when <code>fix_local_hosts: true</code> in your server configuration. This modifies:</p>
<ul>
<li><code>/etc/hosts</code> - Maps server hostnames to IP addresses</li>
<li><code>~/.ssh/config</code> - Adds SSH connection shortcuts</li>
</ul>
<h2 id="quick-solutions"><a class="header" href="#quick-solutions">Quick Solutions</a></h2>
<h3 id="-best-cache-credentials-first"><a class="header" href="#-best-cache-credentials-first">✅ Best: Cache Credentials First</a></h3>
<pre><code class="language-bash">sudo -v &amp;&amp; provisioning -c server create
</code></pre>
<p>Credentials cached for 5 minutes, no prompts during operation.</p>
<h3 id="-alternative-disable-host-fixing"><a class="header" href="#-alternative-disable-host-fixing">✅ Alternative: Disable Host Fixing</a></h3>
<pre><code class="language-kcl"># In your settings.k or server config
fix_local_hosts = false
</code></pre>
<p>No sudo required, manual <code>/etc/hosts</code> management.</p>
<h3 id="-manual-enter-password-when-prompted"><a class="header" href="#-manual-enter-password-when-prompted">✅ Manual: Enter Password When Prompted</a></h3>
<pre><code class="language-bash">provisioning -c server create
# Enter password when prompted
# Or press CTRL-C to cancel
</code></pre>
<h2 id="ctrl-c-handling"><a class="header" href="#ctrl-c-handling">CTRL-C Handling</a></h2>
<h3 id="ctrl-c-behavior"><a class="header" href="#ctrl-c-behavior">CTRL-C Behavior</a></h3>
<p><strong>IMPORTANT</strong>: Pressing CTRL-C at the sudo password prompt will interrupt the entire operation due to how Unix signals work. This is <strong>expected behavior</strong> and cannot be caught by Nushell.</p>
<p>When you press CTRL-C at the password prompt:</p>
<pre><code>Password: [CTRL-C]
Error: nu::shell::error
× Operation interrupted
</code></pre>
<p><strong>Why this happens</strong>: SIGINT (CTRL-C) is sent to the entire process group, including Nushell itself. The signal propagates before exit code handling can occur.</p>
<h3 id="graceful-handling-non-ctrl-c-cancellation"><a class="header" href="#graceful-handling-non-ctrl-c-cancellation">Graceful Handling (Non-CTRL-C Cancellation)</a></h3>
<p>The system <strong>does</strong> handle these cases gracefully:</p>
<p><strong>No password provided</strong> (just press Enter):</p>
<pre><code>Password: [Enter]
⚠ Operation cancelled - sudo password required but not provided
Run 'sudo -v' first to cache credentials, or run without --fix-local-hosts
</code></pre>
<p><strong>Wrong password 3 times</strong>:</p>
<pre><code>Password: [wrong]
Password: [wrong]
Password: [wrong]
⚠ Operation cancelled - sudo password required but not provided
Run 'sudo -v' first to cache credentials, or run without --fix-local-hosts
</code></pre>
<h3 id="recommended-approach"><a class="header" href="#recommended-approach">Recommended Approach</a></h3>
<p>To avoid password prompts entirely:</p>
<pre><code class="language-bash"># Best: Pre-cache credentials (lasts 5 minutes)
sudo -v &amp;&amp; provisioning -c server create
# Alternative: Disable host modification
# Set fix_local_hosts = false in your server config
</code></pre>
<h2 id="common-commands"><a class="header" href="#common-commands">Common Commands</a></h2>
<pre><code class="language-bash"># Cache sudo for 5 minutes
sudo -v
# Check if cached
sudo -n true &amp;&amp; echo "Cached" || echo "Not cached"
# Create alias for convenience
alias prvng='sudo -v &amp;&amp; provisioning'
# Use the alias
prvng -c server create
</code></pre>
<h2 id="troubleshooting"><a class="header" href="#troubleshooting">Troubleshooting</a></h2>
<div class="table-wrapper"><table><thead><tr><th>Issue</th><th>Solution</th></tr></thead><tbody>
<tr><td>“Password required” error</td><td>Run <code>sudo -v</code> first</td></tr>
<tr><td>CTRL-C doesnt work cleanly</td><td>Update to latest version</td></tr>
<tr><td>Too many password prompts</td><td>Set <code>fix_local_hosts = false</code></td></tr>
<tr><td>Sudo not available</td><td>Must disable <code>fix_local_hosts</code></td></tr>
<tr><td>Wrong password 3 times</td><td>Run <code>sudo -k</code> to reset, then <code>sudo -v</code></td></tr>
</tbody></table>
</div>
<h2 id="environment-specific-settings"><a class="header" href="#environment-specific-settings">Environment-Specific Settings</a></h2>
<h3 id="development-local"><a class="header" href="#development-local">Development (Local)</a></h3>
<pre><code class="language-kcl">fix_local_hosts = true # Convenient for local testing
</code></pre>
<h3 id="cicd-automation"><a class="header" href="#cicd-automation">CI/CD (Automation)</a></h3>
<pre><code class="language-kcl">fix_local_hosts = false # No interactive prompts
</code></pre>
<h3 id="production-servers"><a class="header" href="#production-servers">Production (Servers)</a></h3>
<pre><code class="language-kcl">fix_local_hosts = false # Managed by configuration management
</code></pre>
<h2 id="what-fix_local_hosts-does"><a class="header" href="#what-fix_local_hosts-does">What fix_local_hosts Does</a></h2>
<p>When enabled:</p>
<ol>
<li>Removes old hostname entries from <code>/etc/hosts</code></li>
<li>Adds new hostname → IP mapping to <code>/etc/hosts</code></li>
<li>Adds SSH config entry to <code>~/.ssh/config</code></li>
<li>Removes old SSH host keys for the hostname</li>
</ol>
<p>When disabled:</p>
<ul>
<li>You manually manage <code>/etc/hosts</code> entries</li>
<li>You manually manage <code>~/.ssh/config</code> entries</li>
<li>SSH to servers using IP addresses instead of hostnames</li>
</ul>
<h2 id="security-note"><a class="header" href="#security-note">Security Note</a></h2>
<p>The provisioning tool <strong>never</strong> stores or caches your sudo password. It only:</p>
<ul>
<li>Checks if sudo credentials are already cached (via <code>sudo -n true</code>)</li>
<li>Detects when sudo fails due to missing credentials</li>
<li>Provides helpful error messages and exit cleanly</li>
</ul>
<p>Your sudo password timeout is controlled by the systems sudoers configuration (default: 5 minutes).</p>
</main>
<nav class="nav-wrapper" aria-label="Page navigation">
<!-- Mobile navigation buttons -->
<a rel="prev" href="../PROVISIONING.html" class="mobile-nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../STRUCTURE_COMPARISON.html" class="mobile-nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
<div style="clear: both"></div>
</nav>
</div>
</div>
<nav class="nav-wide-wrapper" aria-label="Page navigation">
<a rel="prev" href="../PROVISIONING.html" class="nav-chapters previous" title="Previous chapter" aria-label="Previous chapter" aria-keyshortcuts="Left">
<i class="fa fa-angle-left"></i>
</a>
<a rel="next prefetch" href="../STRUCTURE_COMPARISON.html" class="nav-chapters next" title="Next chapter" aria-label="Next chapter" aria-keyshortcuts="Right">
<i class="fa fa-angle-right"></i>
</a>
</nav>
</div>
<!-- Livereload script (if served using the cli tool) -->
<script>
const wsProtocol = location.protocol === 'https:' ? 'wss:' : 'ws:';
const wsAddress = wsProtocol + "//" + location.host + "/" + "__livereload";
const socket = new WebSocket(wsAddress);
socket.onmessage = function (event) {
if (event.data === "reload") {
socket.close();
location.reload();
}
};
window.onbeforeunload = function() {
socket.close();
}
</script>
<script>
window.playground_copyable = true;
</script>
<script src="../elasticlunr.min.js"></script>
<script src="../mark.min.js"></script>
<script src="../searcher.js"></script>
<script src="../clipboard.min.js"></script>
<script src="../highlight.js"></script>
<script src="../book.js"></script>
<!-- Custom JS scripts -->
</div>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink