d3ff588013
According to our zuul-worker DIB element the path we want to remove to revoke zuul sudo access is /etc/sudoers.d/zuul: http://git.openstack.org/cgit/openstack-infra/project-config/tree/nodepool/elements/zuul-worker/install.d/60-zuul-worker Generated via: sed -i 's/zuul-sudo/zuul/' \ `git grep --files-with-match '/etc/sudoers.d/zuul-sudo'` Change-Id: Iea8cf915d815dbf876ca0cee74933f04152395b8
101 lines
3.7 KiB
YAML
101 lines
3.7 KiB
YAML
- hosts: all
|
|
name: Autoconverted job legacy-openstackci-beaker-ubuntu-trusty from old job gate-openstackci-beaker-ubuntu-trusty
|
|
tasks:
|
|
|
|
- name: Ensure legacy workspace directory
|
|
file:
|
|
path: '{{ ansible_user_dir }}/workspace'
|
|
state: directory
|
|
|
|
- shell:
|
|
cmd: sudo pip install "pip<8" "virtualenv<14"
|
|
chdir: '{{ ansible_user_dir }}/workspace'
|
|
environment: '{{ zuul | zuul_legacy_vars }}'
|
|
|
|
- shell:
|
|
cmd: |
|
|
/usr/zuul-env/bin/zuul-cloner --cache-dir /opt/git \
|
|
git://git.openstack.org openstack-infra/puppet-openstackci
|
|
executable: /bin/bash
|
|
chdir: '{{ ansible_user_dir }}/workspace'
|
|
environment: '{{ zuul | zuul_legacy_vars }}'
|
|
|
|
- shell:
|
|
cmd: |
|
|
set -e
|
|
set -x
|
|
/usr/zuul-env/bin/zuul-cloner --cache-dir /opt/git \
|
|
git://git.openstack.org openstack-infra/puppet-openstack_infra_spec_helper
|
|
executable: /bin/bash
|
|
chdir: '{{ ansible_user_dir }}/workspace'
|
|
environment: '{{ zuul | zuul_legacy_vars }}'
|
|
|
|
- shell:
|
|
cmd: |
|
|
set -e
|
|
set -x
|
|
if [ -f /usr/bin/yum ]; then
|
|
sudo yum -y remove rdo-release "centos-release-openstack-*" "centos-release-ceph-*"
|
|
sudo yum -y install libxml2-devel libxslt-devel ruby-devel zlib-devel
|
|
sudo yum -y groupinstall "Development Tools"
|
|
# Uninstall python-requests from pip, since we install it in
|
|
# system-config/install_puppet.sh
|
|
sudo pip uninstall requests -y || true
|
|
elif [ -f /usr/bin/apt-get ]; then
|
|
sudo apt-get update
|
|
sudo apt-get install -y libxml2-dev libxslt-dev ruby-dev zlib1g-dev
|
|
fi
|
|
executable: /bin/bash
|
|
chdir: '{{ ansible_user_dir }}/workspace'
|
|
environment: '{{ zuul | zuul_legacy_vars }}'
|
|
|
|
- shell:
|
|
cmd: |
|
|
echo "" | sudo tee -a /etc/ssh/sshd_config
|
|
echo "Match address 127.0.0.1" | sudo tee -a /etc/ssh/sshd_config
|
|
echo " PermitRootLogin without-password" | sudo tee -a /etc/ssh/sshd_config
|
|
echo "" | sudo tee -a /etc/ssh/sshd_config
|
|
echo "Match address ::1" | sudo tee -a /etc/ssh/sshd_config
|
|
echo " PermitRootLogin without-password" | sudo tee -a /etc/ssh/sshd_config
|
|
mkdir -p .ssh
|
|
ssh-keygen -f ~/.ssh/id_rsa -b 2048 -P ""
|
|
sudo mkdir -p /root/.ssh
|
|
cat ~/.ssh/id_rsa.pub | sudo tee -a /root/.ssh/authorized_keys
|
|
if [ -f /usr/bin/yum ]; then
|
|
sudo systemctl reload sshd
|
|
elif [ -f /usr/bin/apt-get ]; then
|
|
sudo service ssh restart
|
|
fi
|
|
executable: /bin/bash
|
|
chdir: '{{ ansible_user_dir }}/workspace'
|
|
environment: '{{ zuul | zuul_legacy_vars }}'
|
|
|
|
- shell:
|
|
cmd: |
|
|
sudo gem install bundler --no-rdoc --no-ri --verbose
|
|
chdir: '{{ ansible_user_dir }}/workspace'
|
|
environment: '{{ zuul | zuul_legacy_vars }}'
|
|
|
|
- shell:
|
|
cmd: |
|
|
set -x
|
|
sudo rm -f /etc/sudoers.d/zuul
|
|
# Prove that general sudo access is actually revoked
|
|
! sudo -n true
|
|
executable: /bin/bash
|
|
chdir: '{{ ansible_user_dir }}/workspace'
|
|
environment: '{{ zuul | zuul_legacy_vars }}'
|
|
|
|
- shell:
|
|
cmd: |
|
|
cd openstack-infra/puppet-openstackci
|
|
mkdir .bundled_gems
|
|
export GEM_HOME=`pwd`/.bundled_gems
|
|
bundle install
|
|
export BEAKER_set=nodepool-trusty
|
|
export BEAKER_debug=yes
|
|
export BEAKER_color=no
|
|
bundle exec rspec spec/acceptance
|
|
chdir: '{{ ansible_user_dir }}/workspace'
|
|
environment: '{{ zuul | zuul_legacy_vars }}'
|