Swap order of sudoers manipulation
Also use a command task to run visudo -c rather than validate as validate requires %s in the command string (and we don't need or want it). Change-Id: I9876af744ecf4995f857b6c7701e7de59b17fa98
This commit is contained in:
parent
4f1de449ec
commit
b6bf78f6e3
@ -25,14 +25,6 @@
|
|||||||
- id_rsa
|
- id_rsa
|
||||||
- id_rsa.pub
|
- id_rsa.pub
|
||||||
|
|
||||||
- name: Add sudoers role for zuul-sudo-grep.sh
|
|
||||||
copy:
|
|
||||||
dest: /etc/sudoers.d/zuul-sudo-grep
|
|
||||||
content: "zuul ALL = NOPASSWD:/usr/local/jenkins/slave_scripts/zuul-sudo-grep.sh"
|
|
||||||
mode: 0440
|
|
||||||
validate: "/usr/sbin/visudo -cf %s"
|
|
||||||
become: true
|
|
||||||
|
|
||||||
- name: Copy zuul-sudo-grep.sh to
|
- name: Copy zuul-sudo-grep.sh to
|
||||||
copy:
|
copy:
|
||||||
dest: /usr/local/jenkins/slave_scripts/zuul-sudo-grep.sh
|
dest: /usr/local/jenkins/slave_scripts/zuul-sudo-grep.sh
|
||||||
@ -40,7 +32,25 @@
|
|||||||
mode: 0755
|
mode: 0755
|
||||||
become: true
|
become: true
|
||||||
|
|
||||||
- name: Modify run-tox.sh to use zuul-sudo-grep.sh
|
- name: Add sudoers role for zuul-sudo-grep.sh
|
||||||
|
copy:
|
||||||
|
dest: /etc/sudoers.d/zuul-sudo-grep
|
||||||
|
content: "zuul ALL = NOPASSWD:/usr/local/jenkins/slave_scripts/zuul-sudo-grep.sh\n"
|
||||||
|
mode: 0440
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Validate sudoers config after edits
|
||||||
|
command: "/usr/sbin/visudo -c"
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Modify run-tox.sh to use zuul-sudo-grep.sh pre
|
||||||
|
lineinfile:
|
||||||
|
path: /usr/local/jenkins/slave_scripts/run-tox.sh
|
||||||
|
regexp: '^sudo .script_path/jenkins-sudo-grep.sh pre'
|
||||||
|
line: 'sudo $script_path/zuul-sudo-grep.sh pre'
|
||||||
|
become: true
|
||||||
|
|
||||||
|
- name: Modify run-tox.sh to use zuul-sudo-grep.sh post
|
||||||
lineinfile:
|
lineinfile:
|
||||||
path: /usr/local/jenkins/slave_scripts/run-tox.sh
|
path: /usr/local/jenkins/slave_scripts/run-tox.sh
|
||||||
regexp: '^ sudo .script_path/jenkins-sudo-grep.sh post'
|
regexp: '^ sudo .script_path/jenkins-sudo-grep.sh post'
|
||||||
|
Loading…
x
Reference in New Issue
Block a user