summaryrefslogtreecommitdiffstats
path: root/prototypes/openstack-ansible/playbooks/configure-targethosts.yml
diff options
context:
space:
mode:
authorAlexandru Avadanii <Alexandru.Avadanii@enea.com>2017-07-18 01:27:27 +0200
committerAlexandru Avadanii <Alexandru.Avadanii@enea.com>2017-07-18 01:39:55 +0200
commitf4077629308e7374d9e92923af996cf7bf79678c (patch)
tree35f5b13aae57b876eb2774bdf27ceec34faa2834 /prototypes/openstack-ansible/playbooks/configure-targethosts.yml
parent67d8bac7b2a97531ad465f275747b3dc455d4fe4 (diff)
Revert "armband-deploy.sh: Inherit env vars for sudo"
Using sudo triggers a chain of dependencies in our infrastructure, ranging from issues cleaning up the Jenkins workspace to deploy-time permission issues. As it turns out, cleaning all looses ends after that change is not a trivial task, and the remaining work outweights the benefits of using sudo in the first place. The original motivation for using sudo was a superposition of: - hardcoded check for running as root in Fuel's ci/deploy.sh; - the ability to install packages on the hosts via apt-get/yum; - the ability to spawn VMs using virt-manager; All of the above can be mitigated by imposing a series of restrictions for the Jenkins slave / jump server workstation and the jenkins user: - check for sudo rights instead of running as root user; - explicitly use sudo for package installation and/or system-level changes; - add jenkins user to "kvm" and "libvirtd" groups; So, revert using sudo when calling the deploy script, and limit sudo actions to package installation in Armband's deploy script. To compensate running as a regular user, a series of small changes is required in Armband project itself, together with the appropiate Jenkins slave user configuration on the machines running this script. This reverts commit 67d8bac7b2a97531ad465f275747b3dc455d4fe4. Change-Id: I88df6db1a43b93b7314ceca53d353f9000f15153 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'prototypes/openstack-ansible/playbooks/configure-targethosts.yml')
0 files changed, 0 insertions, 0 deletions