[libvirt] [libvirt-jenkins-ci PATCH 4/6] guests: Implement developer flavor

Pavel Hrdina phrdina at redhat.com
Mon Oct 23 07:20:27 UTC 2017 

On Thu, Oct 19, 2017 at 05:36:30PM +0200, Andrea Bolognani wrote:
> The developer is given key-based SSH access to the guest and
> granted passwordless sudo privilege for maximum convenience.
> 
> Signed-off-by: Andrea Bolognani <abologna at redhat.com>
> ---
>  guests/group_vars/all/main.yml               |  4 +++-
>  guests/host_vars/libvirt-freebsd-10/main.yml |  1 +
>  guests/host_vars/libvirt-freebsd-11/main.yml |  1 +
>  guests/lcitool                               |  9 ++++++++-
>  guests/site.yml                              |  5 +++++
>  guests/tasks/developer.yml                   | 21 +++++++++++++++++++++
>  6 files changed, 39 insertions(+), 2 deletions(-)
>  create mode 100644 guests/tasks/developer.yml
> 
> diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml
> index d24af59..410077f 100644
> --- a/guests/group_vars/all/main.yml
> +++ b/guests/group_vars/all/main.yml
> @@ -8,8 +8,10 @@ ansible_ssh_pass: root
>  
>  jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname }}/slave-agent.jnlp
>  
> -# Paths to various command. Can be overridden on a per-host basis
> +# Paths to various commands and files that might be OS-dependent. Can
> +# be overridden on a per-host basis
>  bash: /bin/bash
>  java: /usr/bin/java
>  make: /usr/bin/make
>  sudo: /usr/bin/sudo
> +sudoers: /etc/sudoers
> diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml b/guests/host_vars/libvirt-freebsd-10/main.yml
> index 80d16d6..4f33c53 100644
> --- a/guests/host_vars/libvirt-freebsd-10/main.yml
> +++ b/guests/host_vars/libvirt-freebsd-10/main.yml
> @@ -5,6 +5,7 @@ bash: /usr/local/bin/bash
>  java: /usr/local/bin/java
>  make: /usr/local/bin/gmake
>  sudo: /usr/local/bin/sudo
> +sudoers: /usr/local/etc/sudoers
>  
>  projects:
>    - base
> diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml b/guests/host_vars/libvirt-freebsd-11/main.yml
> index 80d16d6..4f33c53 100644
> --- a/guests/host_vars/libvirt-freebsd-11/main.yml
> +++ b/guests/host_vars/libvirt-freebsd-11/main.yml
> @@ -5,6 +5,7 @@ bash: /usr/local/bin/bash
>  java: /usr/local/bin/java
>  make: /usr/local/bin/gmake
>  sudo: /usr/local/bin/sudo
> +sudoers: /usr/local/etc/sudoers
>  
>  projects:
>    - base
> diff --git a/guests/lcitool b/guests/lcitool
> index bf270f1..018640b 100755
> --- a/guests/lcitool
> +++ b/guests/lcitool
> @@ -141,6 +141,8 @@ do_install()
>          die "$PROGRAM_NAME: $GUEST: Missing configuration, guest must be installed manually"
>      }
>  
> +    load_config
> +
>      # Load configuration files. Values don't get overwritten after being
>      # set the first time, so loading the host-specific configuration before
>      # the group configuration ensures overrides work as expected
> @@ -158,6 +160,11 @@ do_install()
>          *kickstart*|*ks*) EXTRA_ARGS="ks=file:/${INSTALL_CONFIG##*/}" ;;
>      esac
>  
> +    # Only configure autostart for the guest for the ci flavor
> +    test "$FLAVOR" = ci && {
> +        AUTOSTART="--autostart"
> +    }
> +
>      virt-install \
>          --name "$GUEST" \
>          --location "$INSTALL_URL" \
> @@ -174,7 +181,7 @@ do_install()
>          --sound none \
>          --initrd-inject "$INSTALL_CONFIG" \
>          --extra-args "console=ttyS0 $EXTRA_ARGS" \
> -        --autostart \
> +        $AUTOSTART \
>          --wait 0
>  }
>  
> diff --git a/guests/site.yml b/guests/site.yml
> index 35e3220..76437bb 100644
> --- a/guests/site.yml
> +++ b/guests/site.yml
> @@ -34,3 +34,8 @@
>          - projects is defined
>          # jenkins is a pseudo-project
>          - ( 'jenkins' in projects )
> +
> +    # Configure the developer account
> +    - include: tasks/developer.yml
> +      when:
> +        - flavor == 'developer'
> diff --git a/guests/tasks/developer.yml b/guests/tasks/developer.yml
> new file mode 100644
> index 0000000..1dad8fc
> --- /dev/null
> +++ b/guests/tasks/developer.yml
> @@ -0,0 +1,21 @@
> +---
> +- name: Create developer user account
> +  user:
> +    name: developer
> +    comment: Developer
> +    password: $6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0

How about using "test:test" account?  "developer" is longer then "test"
if you need to type it or you don't want to configure your SSH config.

Is it possible to use plain password here?  There is no need to
encrypt it.

Pavel

> +    shell: '{{ bash }}'
> +
> +- name: Configure ssh access for the developer
> +  authorized_key:
> +    user: developer
> +    key: '{{ lookup("file", lookup("env", "HOME") + "/.ssh/id_rsa.pub") }}'
> +    state: present
> +
> +- name: Grant passwordless sudo access to the developer
> +  lineinfile:
> +    path: '{{ sudoers }}'
> +    line: 'developer ALL=(ALL) NOPASSWD: ALL'
> +    state: present
> +    backup: yes
> +    validate: 'visudo -cf %s'
> -- 
> 2.13.6
> 
> --
> libvir-list mailing list
> libvir-list at redhat.com
> https://www.redhat.com/mailman/listinfo/libvir-list
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/libvir-list/attachments/20171023/b039f82a/attachment-0001.sig>

More information about the libvir-list mailing list