Add REMOVE_SELUSER_FROM_SUDOERS_FOR_TESTING for #175

Author: elgalu

CHANGELOG.md

@@ -7,10 +7,33 @@ Note image ids also change after scm-source.json has being updated which trigger
 ###### To get container versions
     docker exec grid versions
 
+## TBD_DOCKER_TAG
+ + **Changes:** https://github.com/elgalu/docker-selenium/compare/3.5.3-p3...3.5.3-p4 (TBD_DATE)
+    + Add REMOVE_SELUSER_FROM_SUDOERS_FOR_TESTING for #175
+ + **Image tag details:**
+    + Selenium version: TBD_SELENIUM_3_VERSION (TBD_SELENIUM_3_REVISION)
+    + Chrome stable:  TBD_CHROME_STABLE
+    + Firefox stable: TBD_FIREFOX_FOR_SEL3
+    + Geckodriver: TBD_GECKO_DRIVER
+    + Chromedriver: TBD_CHROME_DRIVER (TBD_CHROMEDRIVER_COMMIT)
+    + Java: TBD_JAVA_VENDOR Java TBD_JAVA_BUILD
+    + Timezone: TBD_TIME_ZONE
+    + FROM ubuntu:UBUNTU_FLAVOR-UBUNTU_DATE
+    + Python: TBD_PYTHON_VERSION
+    + Tested on kernel dev host: 4.4.0-93-generic x86_64
+    + Tested on kernel CI  host: TBD_HOST_UNAME
+    + Built at dev host with: Docker version 17.05.0-ce, build 89658be
+    + Built at CI  host with: Docker version TBD_DOCKER_VERS, build TBD_DOCKER_BUILD
+    + Built at dev host with: Docker Compose version 1.14.0, build c7bdf9e
+    + Built at CI  host with: Docker Compose version TBD_DOCKER_COMPOSE_VERS, build TBD_DOCKER_COMPOSE_BUILD
+    + Image size: TBD_IMAGE_SIZE
+    + Digest: TBD_DIGEST
+    + Image ID: TBD_IMAGE_ID
+
 ## 3.5.3-p3
  + **Changes:** https://github.com/elgalu/docker-selenium/compare/3.5.3-p2...3.5.3-p3 (2017-09-22)
     + Upgrade Chrome patch to 61.0.3163.100
-    + Fix cannot touch /var/log/cont/docker-selenium-status.log Permission denied
+    + Fix cannot touch /var/log/cont/docker-selenium-status.log Permission denied for #175
  + **Image tag details:**
     + Selenium version: 3.5.3 (a88d25fe6b)
     + Chrome stable:  61.0.3163.100

Dockerfile

@@ -929,6 +929,7 @@ ENV FIREFOX_VERSION="${FF_VER}" \
   GA_API_VERSION="1" \
   DEBIAN_FRONTEND="" \
   USE_KUBERNETES="false" \
+  REMOVE_SELUSER_FROM_SUDOERS_FOR_TESTING="false" \
   DEBCONF_NONINTERACTIVE_SEEN=""
 
 #================================

VERSION

@@ -1 +1 @@
-3.5.3-p3
+3.5.3-p4

bin/entry.sh

@@ -3,7 +3,7 @@
 # set -e: exit asap if a command exits with a non-zero status
 set -e
 
-echoerr() { printf "%s\n" "$*" >&3; }
+echoerr() { printf "%s\n" "$*" >&2; }
 
 # print error and exit
 die () {
@@ -18,13 +18,34 @@ if [ -f /var/run/secrets/kubernetes.io/serviceaccount/token ]; then
   export USE_KUBERNETES=true
 fi
 
+# Let's stop using sudo in K8s environments
+if [ "${REMOVE_SELUSER_FROM_SUDOERS_FOR_TESTING}" == "true" ]; then
+  # This doesn't seem to work unless you logout:
+  #  sudo gpasswd -d seluser sudo
+  sudo rm $(which sudo)
+  if sudo pwd >/dev/null 2>&1; then
+    die "Somehow we still have sudo access despite having removed it. Quitting. $(sudo pwd)"
+  fi
+fi
+
+# Flag to know if we have sudo acess
+if sudo pwd >/dev/null 2>&1; then
+  export WE_HAVE_SUDO_ACCESS="true"
+else
+  export WE_HAVE_SUDO_ACCESS="false"
+fi
+
 #==============================================
 # Java blocks until kernel have enough entropy
 # to generate the /dev/random seed
 #==============================================
 # See: SeleniumHQ/docker-selenium/issues/14
 # Added a non-sudo conditional so this works on non-sudo environments like K8s
-(sudo haveged) || haveged
+if [ "${WE_HAVE_SUDO_ACCESS}" == "true" ]; then
+  sudo haveged
+else
+  haveged || true
+fi
 
 # Workaround that might help to get dbus working in docker
 #  http://stackoverflow.com/a/38355729/511069
@@ -33,18 +54,21 @@ fi
 #  - this works generates errors: DBUS_SESSION_BUS_ADDRESS="/dev/null"
 #  - this gives less erros: DBUS_SESSION_BUS_ADDRESS="unix:abstract=/dev/null"
 # Added a non-sudo conditional so this works on non-sudo environments like K8s
-(sudo rm -f /var/lib/dbus/machine-id) || (rm -f /var/lib/dbus/machine-id) || true
-(sudo mkdir -p /var/run/dbus) || (mkdir -p /var/run/dbus) || true
-(sudo service dbus restart >dbus_service.log) || (service dbus restart >dbus_service.log) || true
-# Test dbus works
-(service dbus status >dbus_service_status.log) || true
-export $(dbus-launch) || true
-export NSS_USE_SHARED_DB=ENABLED
-# echo "-- INFO: DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS}"
-#=> e.g. DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-APZO4BE4TJ,guid=6e9c098d053d3038cb0756ae57ecc885
-# echo "-- INFO: DBUS_SESSION_BUS_PID=${DBUS_SESSION_BUS_PID}"
-#=> e.g. DBUS_SESSION_BUS_PID=44
-#
+if [ "${WE_HAVE_SUDO_ACCESS}" == "true" ]; then
+  sudo rm -f /var/lib/dbus/machine-id
+  sudo mkdir -p /var/run/dbus
+  sudo service dbus restart >dbus_service.log
+
+  # Test dbus works
+  service dbus status >dbus_service_status.log
+  export $(dbus-launch)
+  export NSS_USE_SHARED_DB=ENABLED
+  # echo "-- INFO: DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS}"
+  #=> e.g. DBUS_SESSION_BUS_ADDRESS=unix:abstract=/tmp/dbus-APZO4BE4TJ,guid=6e9c098d053d3038cb0756ae57ecc885
+  # echo "-- INFO: DBUS_SESSION_BUS_PID=${DBUS_SESSION_BUS_PID}"
+  #=> e.g. DBUS_SESSION_BUS_PID=44
+fi
+
 #-----------------------------------------------
 # Perform cleanup to support `docker restart`
 stop >/dev/null 2>&1 || true
@@ -194,6 +218,10 @@ elif [ "${PICK_ALL_RANDOM_PORTS}" = "true" ]; then
   fi
 fi
 
+if [ "${SELENIUM_NODE_CH_PORT}" == "" ]; then
+  die "SELENIUM_NODE_CH_PORT is empty"
+fi
+
 if [ "${SELENIUM_NODE_FF_PORT}" = "0" ]; then
   export SELENIUM_NODE_FF_PORT=$(get_unused_port_from_range ${RANDOM_PORT_FROM} ${RANDOM_PORT_TO})
 elif [ "${PICK_ALL_RANDOM_PORTS}" = "true" ]; then
@@ -203,6 +231,10 @@ elif [ "${PICK_ALL_RANDOM_PORTS}" = "true" ]; then
   fi
 fi
 
+if [ "${SELENIUM_NODE_FF_PORT}" == "" ]; then
+  die "SELENIUM_NODE_FF_PORT is empty"
+fi
+
 if [ "${SELENIUM_MULTINODE_PORT}" = "0" ]; then
   export SELENIUM_MULTINODE_PORT=$(get_unused_port_from_range ${RANDOM_PORT_FROM} ${RANDOM_PORT_TO})
 elif [ "${PICK_ALL_RANDOM_PORTS}" = "true" ]; then
@@ -287,17 +319,18 @@ fi
 
 # -ge # greater than or equal
 if [ "${SELENIUM_NODE_CH_PORT}" -ge "40000" ] && \
-   [ "${SELENIUM_NODE_CH_PORT}" != "${DEFAULT_SELENIUM_NODE_CH_PORT}" ];then
+   [ "${SELENIUM_NODE_CH_PORT}" != "${DEFAULT_SELENIUM_NODE_CH_PORT}" ]; then
     SELENIUM_FIRST_NODE_PORT=${SELENIUM_NODE_CH_PORT}
 fi
 
-if [ "${SELENIUM_NODE_FF_PORT}" -ge "40000" ] && \
-   [ "${SELENIUM_NODE_FF_PORT}" != "${DEFAULT_SELENIUM_NODE_FF_PORT}" ];then
+if [ "${SELENIUM_NODE_FF_PORT}" -ge "40000" ]; then
+  if [ "${SELENIUM_NODE_FF_PORT}" != "${DEFAULT_SELENIUM_NODE_FF_PORT}" ]; then
     export SELENIUM_FIRST_NODE_PORT=${SELENIUM_NODE_FF_PORT}
+  fi
 fi
 
 if [ "${SELENIUM_MULTINODE_PORT}" -ge "40000" ] && \
-   [ "${SELENIUM_MULTINODE_PORT}" != "${DEFAULT_SELENIUM_MULTINODE_PORT}" ];then
+   [ "${SELENIUM_MULTINODE_PORT}" != "${DEFAULT_SELENIUM_MULTINODE_PORT}" ]; then
     export SELENIUM_FIRST_NODE_PORT=${SELENIUM_MULTINODE_PORT}
 fi
 
@@ -366,21 +399,21 @@ ga_track_start () {
 
 #--------------------------------
 # Improve etc/hosts and fix dirs
-if [ "${USE_KUBERNETES}" == "false" ]; then
+if [ "${WE_HAVE_SUDO_ACCESS}" == "true" ]; then
   sudo improve_etc_hosts.sh
 fi
 
 #-------------------------
 # Docker alongside docker
-if [ "${USE_KUBERNETES}" == "false" ]; then
+if [ "${WE_HAVE_SUDO_ACCESS}" == "true" ]; then
   docker_alongside_docker.sh
 fi
 
 #-------------------------------
 # Fix small tiny 64mb shm issue
 #-------------------------------
 # https://github.com/elgalu/docker-selenium/issues/20
-if [ "${SHM_TRY_MOUNT_UNMOUNT}" = "true" ] && [ "${USE_KUBERNETES}" == "false" ]; then
+if [ "${SHM_TRY_MOUNT_UNMOUNT}" = "true" ] && [ "${WE_HAVE_SUDO_ACCESS}" == "true" ]; then
   sudo umount /dev/shm || true
   sudo mount -t tmpfs -o rw,nosuid,nodev,noexec,relatime,size=${SHM_SIZE} \
     tmpfs /dev/shm || true

test/script_scenario_node_dies

@@ -86,6 +86,7 @@ fi
 
 echo "#================================================="
 echo "# Scenario 3b [node_dies]: Dies by killing Firefox"
+echo "#   + REMOVE_SELUSER_FROM_SUDOERS_FOR_TESTING=true"
 echo "#================================================="
 
 # Ensure clean env
@@ -95,7 +96,7 @@ docker rm -vf grid_mock || true
 # Create container for Firefox
 docker run --name=mynodes -d \
   -v /dev/shm:/dev/shm \
-  --privileged \
+  -e REMOVE_SELUSER_FROM_SUDOERS_FOR_TESTING=true \
   -e CHROME=false -e CI \
   -e SELENIUM_NODE_FF_PORT -p ${SELENIUM_NODE_FF_PORT}:${SELENIUM_NODE_FF_PORT} \
   selenium

vnc/bin/start-vnc.sh

@@ -44,7 +44,6 @@ trap shutdown SIGTERM SIGINT SIGKILL
 # Redirecting to >/dev/null until https://github.com/LibVNC/x11vnc/issues/14
 export VNC_PID="9999"
 function start_vnc() {
-  # rm -f ${VNC_TRYOUT_OUT_LOG}.${VNC_PORT}.log ${VNC_TRYOUT_ERR_LOG}.${VNC_PORT}.log
   # http://stackoverflow.com/a/21028200/511069
   x11vnc ${VNC_CLI_OPTS} \
     -rfbport ${VNC_PORT} \