diff options
author | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2017-07-18 01:27:27 +0200 |
---|---|---|
committer | Alexandru Avadanii <Alexandru.Avadanii@enea.com> | 2017-07-18 01:39:55 +0200 |
commit | f4077629308e7374d9e92923af996cf7bf79678c (patch) | |
tree | 35f5b13aae57b876eb2774bdf27ceec34faa2834 /prototypes/openstack-ansible/playbooks/configure-targethosts.yml | |
parent | 67d8bac7b2a97531ad465f275747b3dc455d4fe4 (diff) |
Revert "armband-deploy.sh: Inherit env vars for sudo"
Using sudo triggers a chain of dependencies in our infrastructure,
ranging from issues cleaning up the Jenkins workspace to deploy-time
permission issues.
As it turns out, cleaning all looses ends after that change is not a
trivial task, and the remaining work outweights the benefits of using
sudo in the first place.
The original motivation for using sudo was a superposition of:
- hardcoded check for running as root in Fuel's ci/deploy.sh;
- the ability to install packages on the hosts via apt-get/yum;
- the ability to spawn VMs using virt-manager;
All of the above can be mitigated by imposing a series of restrictions
for the Jenkins slave / jump server workstation and the jenkins user:
- check for sudo rights instead of running as root user;
- explicitly use sudo for package installation and/or system-level
changes;
- add jenkins user to "kvm" and "libvirtd" groups;
So, revert using sudo when calling the deploy script, and limit sudo
actions to package installation in Armband's deploy script.
To compensate running as a regular user, a series of small changes is
required in Armband project itself, together with the appropiate
Jenkins slave user configuration on the machines running this script.
This reverts commit 67d8bac7b2a97531ad465f275747b3dc455d4fe4.
Change-Id: I88df6db1a43b93b7314ceca53d353f9000f15153
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Diffstat (limited to 'prototypes/openstack-ansible/playbooks/configure-targethosts.yml')
0 files changed, 0 insertions, 0 deletions