[Patchew-devel] [PATCH 1/5] deploy: fixes for tester playbook

Paolo Bonzini posted 5 patches 6 years, 7 months ago
[Patchew-devel] [PATCH 1/5] deploy: fixes for tester playbook
Posted by Paolo Bonzini 6 years, 7 months ago
The playbook to deploy testers has a few issues:

1) it hard-codes the "tester" user instead of using the variable

2) it runs the cron job as a "patchew" user, but does not try to
create it

3) the tasks are still run as root, so for example patchew-cli
is copied in /root, the password is stored in /root.  To fix
this, I'm first of all just copying the entire patchew source
tree in /data (for consistency with other playbooks), and then
using "become" to run subsequent tasks as the right user.

This is still not perfect, as it assumes that the patchew tree
are other-readable and other-executable on the source machine,
but a little better than before.
---
 scripts/playbooks/deploy-testers.yml | 43 ++++++++++++++++++++++++++++++------
 1 file changed, 36 insertions(+), 7 deletions(-)

diff --git a/scripts/playbooks/deploy-testers.yml b/scripts/playbooks/deploy-testers.yml
index fd9cb0a..4303e7e 100644
--- a/scripts/playbooks/deploy-testers.yml
+++ b/scripts/playbooks/deploy-testers.yml
@@ -18,25 +18,54 @@
     - name: "tester_project"
       prompt: "Project name to test"
       private: no
+  vars:
+    base_dir: "/data/{{ instance_name }}"
+    src_dir: "{{ base_dir }}/src"
+    patchew_cmd: "{{ src_dir }}/patchew-cli -s {{ patchew_server }}"
   tasks:
     - debug:
         msg: Patchew tester deploy starting
-    - name: Copy patchew-cli
+    - name: "Ensure user patchew exists"
+      user:
+        name: patchew
+        shell: /bin/bash
+        state: present
+    - name: Create patchew data folder
+      file:
+        path: "{{ base_dir }}"
+        state: directory
+    - name: Copy source
       synchronize:
-        src: ../../../patchew-cli
-        dest: .
+        src: ../../../
+        dest: "{{ src_dir }}"
+        recursive: true
+        group: no
+        owner: no
+        delete: yes
+        rsync_opts:
+          - "--exclude=*.pyc"
+          - "--exclude=*.swp"
+          - "--exclude=/venv"
     - name: Generate password file
       shell: "echo {{ tester_pass }} > $HOME/.patchew-tester-pass"
+      become: true
+      become_user: patchew
     - name: Login with patchew-cli
-      shell: "./patchew-cli login tester $(cat .patchew-tester-pass)"
+      shell: "{{ patchew_cmd }} login {{ tester_user }} $(cat $HOME/.patchew-tester-pass)"
+      become: true
+      become_user: patchew
+    - name: Logout with patchew-cli
+      shell: "{{ patchew_cmd }} logout"
+      become: true
+      become_user: patchew
     - name: Define PATCHEW env in cron
       cron:
         name: PATCHEW
+        user: patchew
         env: yes
-        value: "./patchew-cli -s {{ patchew_server }}"
+        value: "{{ patchew_cmd }}"
     - cron:
         name: "Patchew tester {{ instance_name }}"
         user: patchew
         minute: "*/10"
-        job: "{ $PATCHEW login tester $(cat .patchew-tester-pass); $PATCHEW tester --name {{ instance_name }} --singleton -p {{ tester_project }}; } >>$HOME/patchew-tester.log 2>&1"
-
+        job: "{ $PATCHEW login {{ tester_user }} $(cat $HOME/.patchew-tester-pass); $PATCHEW tester --name {{ instance_name }} --singleton -p {{ tester_project }}; } >>$HOME/patchew-tester.log 2>&1"
-- 
2.14.3


_______________________________________________
Patchew-devel mailing list
Patchew-devel@redhat.com
https://www.redhat.com/mailman/listinfo/patchew-devel