The playbook to deploy testers has a few issues:
1) it hard-codes the "tester" user instead of using the variable
2) it runs the cron job as a "patchew" user, but does not try to
create it
3) the tasks are still run as root, so for example patchew-cli
is copied in /root, the password is stored in /root. To fix
this, I'm first of all just copying the entire patchew source
tree in /data (for consistency with other playbooks), and then
using "become" to run subsequent tasks as the right user.
This is still not perfect, as it assumes that the patchew tree
are other-readable and other-executable on the source machine,
but a little better than before.
---
scripts/playbooks/deploy-testers.yml | 43 ++++++++++++++++++++++++++++++------
1 file changed, 36 insertions(+), 7 deletions(-)
diff --git a/scripts/playbooks/deploy-testers.yml b/scripts/playbooks/deploy-testers.yml
index fd9cb0a..4303e7e 100644
--- a/scripts/playbooks/deploy-testers.yml
+++ b/scripts/playbooks/deploy-testers.yml
@@ -18,25 +18,54 @@
- name: "tester_project"
prompt: "Project name to test"
private: no
+ vars:
+ base_dir: "/data/{{ instance_name }}"
+ src_dir: "{{ base_dir }}/src"
+ patchew_cmd: "{{ src_dir }}/patchew-cli -s {{ patchew_server }}"
tasks:
- debug:
msg: Patchew tester deploy starting
- - name: Copy patchew-cli
+ - name: "Ensure user patchew exists"
+ user:
+ name: patchew
+ shell: /bin/bash
+ state: present
+ - name: Create patchew data folder
+ file:
+ path: "{{ base_dir }}"
+ state: directory
+ - name: Copy source
synchronize:
- src: ../../../patchew-cli
- dest: .
+ src: ../../../
+ dest: "{{ src_dir }}"
+ recursive: true
+ group: no
+ owner: no
+ delete: yes
+ rsync_opts:
+ - "--exclude=*.pyc"
+ - "--exclude=*.swp"
+ - "--exclude=/venv"
- name: Generate password file
shell: "echo {{ tester_pass }} > $HOME/.patchew-tester-pass"
+ become: true
+ become_user: patchew
- name: Login with patchew-cli
- shell: "./patchew-cli login tester $(cat .patchew-tester-pass)"
+ shell: "{{ patchew_cmd }} login {{ tester_user }} $(cat $HOME/.patchew-tester-pass)"
+ become: true
+ become_user: patchew
+ - name: Logout with patchew-cli
+ shell: "{{ patchew_cmd }} logout"
+ become: true
+ become_user: patchew
- name: Define PATCHEW env in cron
cron:
name: PATCHEW
+ user: patchew
env: yes
- value: "./patchew-cli -s {{ patchew_server }}"
+ value: "{{ patchew_cmd }}"
- cron:
name: "Patchew tester {{ instance_name }}"
user: patchew
minute: "*/10"
- job: "{ $PATCHEW login tester $(cat .patchew-tester-pass); $PATCHEW tester --name {{ instance_name }} --singleton -p {{ tester_project }}; } >>$HOME/patchew-tester.log 2>&1"
-
+ job: "{ $PATCHEW login {{ tester_user }} $(cat $HOME/.patchew-tester-pass); $PATCHEW tester --name {{ instance_name }} --singleton -p {{ tester_project }}; } >>$HOME/patchew-tester.log 2>&1"
--
2.14.3
_______________________________________________
Patchew-devel mailing list
Patchew-devel@redhat.com
https://www.redhat.com/mailman/listinfo/patchew-devel