From nobody Fri Oct 25 19:40:03 2024 Delivered-To: importer@patchew.org Received-SPF: pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) client-ip=209.132.183.28; envelope-from=patchew-devel-bounces@redhat.com; helo=mx1.redhat.com; Authentication-Results: mx.zohomail.com; spf=pass (zoho.com: domain of redhat.com designates 209.132.183.28 as permitted sender) smtp.mailfrom=patchew-devel-bounces@redhat.com; dmarc=pass(p=none dis=none) header.from=redhat.com Return-Path: Received: from mx1.redhat.com (mx1.redhat.com [209.132.183.28]) by mx.zohomail.com with SMTPS id 1520963152496279.9604961238175; Tue, 13 Mar 2018 10:45:52 -0700 (PDT) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.phx2.redhat.com [10.5.11.13]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.redhat.com (Postfix) with ESMTPS id 83D61C05B030; Tue, 13 Mar 2018 17:45:51 +0000 (UTC) Received: from colo-mx.corp.redhat.com (colo-mx01.intmail.prod.int.phx2.redhat.com [10.5.11.20]) by smtp.corp.redhat.com (Postfix) with ESMTPS id 5ABE917F53; Tue, 13 Mar 2018 17:45:51 +0000 (UTC) Received: from lists01.pubmisc.prod.ext.phx2.redhat.com (lists01.pubmisc.prod.ext.phx2.redhat.com [10.5.19.33]) by colo-mx.corp.redhat.com (Postfix) with ESMTP id 3A8D7181B9FD; Tue, 13 Mar 2018 17:45:51 +0000 (UTC) Received: from smtp.corp.redhat.com (int-mx03.intmail.prod.int.rdu2.redhat.com [10.11.54.3]) by lists01.pubmisc.prod.ext.phx2.redhat.com (8.13.8/8.13.8) with ESMTP id w2DHjnF0009066 for ; Tue, 13 Mar 2018 13:45:49 -0400 Received: by smtp.corp.redhat.com (Postfix) id B67D711301D0; Tue, 13 Mar 2018 17:45:49 +0000 (UTC) Received: from donizetti.redhat.com (ovpn-116-103.ams2.redhat.com [10.36.116.103]) by smtp.corp.redhat.com (Postfix) with ESMTP id 489C611301CD for ; Tue, 13 Mar 2018 17:45:49 +0000 (UTC) From: Paolo Bonzini To: patchew-devel@redhat.com Date: Tue, 13 Mar 2018 18:45:41 +0100 Message-Id: <20180313174545.14341-2-pbonzini@redhat.com> In-Reply-To: <20180313174545.14341-1-pbonzini@redhat.com> References: <20180313174545.14341-1-pbonzini@redhat.com> X-Scanned-By: MIMEDefang 2.78 on 10.11.54.3 X-loop: patchew-devel@redhat.com Subject: [Patchew-devel] [PATCH 1/5] deploy: fixes for tester playbook X-BeenThere: patchew-devel@redhat.com X-Mailman-Version: 2.1.12 Precedence: junk List-Id: Patchew development and discussion list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Sender: patchew-devel-bounces@redhat.com Errors-To: patchew-devel-bounces@redhat.com X-Scanned-By: MIMEDefang 2.79 on 10.5.11.13 X-Greylist: Sender IP whitelisted, not delayed by milter-greylist-4.5.16 (mx1.redhat.com [10.5.110.31]); Tue, 13 Mar 2018 17:45:51 +0000 (UTC) X-ZohoMail: RSF_0 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" The playbook to deploy testers has a few issues: 1) it hard-codes the "tester" user instead of using the variable 2) it runs the cron job as a "patchew" user, but does not try to create it 3) the tasks are still run as root, so for example patchew-cli is copied in /root, the password is stored in /root. To fix this, I'm first of all just copying the entire patchew source tree in /data (for consistency with other playbooks), and then using "become" to run subsequent tasks as the right user. This is still not perfect, as it assumes that the patchew tree are other-readable and other-executable on the source machine, but a little better than before. --- scripts/playbooks/deploy-testers.yml | 43 ++++++++++++++++++++++++++++++--= ---- 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/scripts/playbooks/deploy-testers.yml b/scripts/playbooks/deplo= y-testers.yml index fd9cb0a..4303e7e 100644 --- a/scripts/playbooks/deploy-testers.yml +++ b/scripts/playbooks/deploy-testers.yml @@ -18,25 +18,54 @@ - name: "tester_project" prompt: "Project name to test" private: no + vars: + base_dir: "/data/{{ instance_name }}" + src_dir: "{{ base_dir }}/src" + patchew_cmd: "{{ src_dir }}/patchew-cli -s {{ patchew_server }}" tasks: - debug: msg: Patchew tester deploy starting - - name: Copy patchew-cli + - name: "Ensure user patchew exists" + user: + name: patchew + shell: /bin/bash + state: present + - name: Create patchew data folder + file: + path: "{{ base_dir }}" + state: directory + - name: Copy source synchronize: - src: ../../../patchew-cli - dest: . + src: ../../../ + dest: "{{ src_dir }}" + recursive: true + group: no + owner: no + delete: yes + rsync_opts: + - "--exclude=3D*.pyc" + - "--exclude=3D*.swp" + - "--exclude=3D/venv" - name: Generate password file shell: "echo {{ tester_pass }} > $HOME/.patchew-tester-pass" + become: true + become_user: patchew - name: Login with patchew-cli - shell: "./patchew-cli login tester $(cat .patchew-tester-pass)" + shell: "{{ patchew_cmd }} login {{ tester_user }} $(cat $HOME/.patch= ew-tester-pass)" + become: true + become_user: patchew + - name: Logout with patchew-cli + shell: "{{ patchew_cmd }} logout" + become: true + become_user: patchew - name: Define PATCHEW env in cron cron: name: PATCHEW + user: patchew env: yes - value: "./patchew-cli -s {{ patchew_server }}" + value: "{{ patchew_cmd }}" - cron: name: "Patchew tester {{ instance_name }}" user: patchew minute: "*/10" - job: "{ $PATCHEW login tester $(cat .patchew-tester-pass); $PATCHE= W tester --name {{ instance_name }} --singleton -p {{ tester_project }}; } = >>$HOME/patchew-tester.log 2>&1" - + job: "{ $PATCHEW login {{ tester_user }} $(cat $HOME/.patchew-test= er-pass); $PATCHEW tester --name {{ instance_name }} --singleton -p {{ test= er_project }}; } >>$HOME/patchew-tester.log 2>&1" --=20 2.14.3 _______________________________________________ Patchew-devel mailing list Patchew-devel@redhat.com https://www.redhat.com/mailman/listinfo/patchew-devel