Allowing Wakanda to be restarted from a Gitlab continuous integration script.
What we will look at is making it so that you can have a script running as the wakanda user be allowed to stop, start and restart the Wakanda service while still being limited to standard user limitations in the Linux host operating system.
To do this we on a Linux server we will be working with the following. Wakanda 2.6.0 server is running on the Ubuntu 18.0.4 server platform. This is the only official Linux distro that Wakanda supports as of this writing. But the services and commands I will show would work on other distros if needed.
The plan to allow for this is to create a file for Wakanda in the sudoers structure. We will create a new file called wakanda in '/etc/sudoers.d/.
WARNING: make sure to follow these instructions carefully if you don't you may lock yourself out of your computer. This article does not take responsibility for what you may do if you do not follow safe practices in the creation of the files given.
We will use the 'visudo' command to edit the files given as that will afford us some protection against corrupting the sudoers stricture and preventing you from using sudo again until you fix the problem.
To edit our file execute the following command.
sudo visudo -f /etc/sudoers.d/wakandaThis will open your editor for the purposes of editing a sudoers file and allow you to edit the wakanda script.
Inside the editor we will create a line that will allow the user named 'wakanda' to execute start, stop, and restart the Wakanda server without entering a password. The commands allowed to execute are limited specifically since in most of my installations I restrict the wakanda user to be s standard user and not a member of the sudoers group.
Now put the following into the editor.
wakanda ALL=NOPASSWD:/usr/sbin/service wakanda restart, /usr/sbin/service wakanda stop, /usr/sbin/service wakanda start
Once you save this line you should be able to see your script be able to start, stop and restart your wakanda server from within the script. Assuming your CI (Continuous integration ) system is running as the wakanda user.
In my Gitlab CI, I have the following line to restart my Wakanda server after I finish installing the backend code on the server. This allows Wakanda to reload the required services and function for the server to run properly.
My Gitlab CI script is a script in the YAML markup needed for the Gitlab CI system to function. You CI system may have other needs, but the sudoers file should still allow your script to run as expected, as the user desired.
The following command is used to stop and start the service. Typically I have the following before I copy my backend in place.
- sudo service wakanda stopThen after I have finished copying all my backend resources in place I will execute the following. To get Wakanda back up and running I add the following to the script.
- sudo service wakanda start
That's all there is to it. Once you have this added to your sudoers files your scripts should be able to stop, start, and restart Wakanda without needing a password. But not giving a Wakanda more than is absolutely necessary to perform the tasks required.