Marek Skrobacki

deploying RVM without sudo access using SaltStack

while this may sound contradictive, couple weeks ago I needed to switch over my deployment infrastructure from Puppet to Saltstack. I generally love architecture and simplicity of SaltStack so bought the idea almost immediately and started re-writing my manifests into Salt’s states.

Most of my Rails applications are based on similar set of tools - user based rvm, bundle of nginx and unicorn, all of this deployed and managed by combination of Capistrano and SaltStack/Puppet. It took me just couple hours to rewrite most fof the manifests, but I got stuck on RVM. Most of the deployments that I’ve seen online lean towards system-wide RVM. Having spent bigger part of my career in security, I don’t like to give developers (even myself) full root privileges if it’s not absolutely necessary. I believe in this case, installing couple Ruby gems is just not good enough for justifying sudo access.

Unfortunately it turns out, authors of SaltStack’s RVM module didn’t think about possibility of having user-based RVM with non-sudo access. I decided to dig through code and check if I can provide some sort of dirty hack or other workaround. It turned out to be easier than I thought - just couple hours later I’ve submitted PullRequest which was merged into main codebase. Not only did I fix my problem, but also contributed something to opensource tools that I’m using daily - it feel great!

On top of that, I can keep deploying my rails apps with super awesome zero-downtime deployment scripts!