On Thu, Oct 19, 2017 at 05:36:30PM +0200, Andrea Bolognani wrote: > The developer is given key-based SSH access to the guest and > granted passwordless sudo privilege for maximum convenience. > > Signed-off-by: Andrea Bolognani <abologna@xxxxxxxxxx> > --- > guests/group_vars/all/main.yml | 4 +++- > guests/host_vars/libvirt-freebsd-10/main.yml | 1 + > guests/host_vars/libvirt-freebsd-11/main.yml | 1 + > guests/lcitool | 9 ++++++++- > guests/site.yml | 5 +++++ > guests/tasks/developer.yml | 21 +++++++++++++++++++++ > 6 files changed, 39 insertions(+), 2 deletions(-) > create mode 100644 guests/tasks/developer.yml > > diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml > index d24af59..410077f 100644 > --- a/guests/group_vars/all/main.yml > +++ b/guests/group_vars/all/main.yml > @@ -8,8 +8,10 @@ ansible_ssh_pass: root > > jenkins_url: https://ci.centos.org/computer/{{ inventory_hostname }}/slave-agent.jnlp > > -# Paths to various command. Can be overridden on a per-host basis > +# Paths to various commands and files that might be OS-dependent. Can > +# be overridden on a per-host basis > bash: /bin/bash > java: /usr/bin/java > make: /usr/bin/make > sudo: /usr/bin/sudo > +sudoers: /etc/sudoers > diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml b/guests/host_vars/libvirt-freebsd-10/main.yml > index 80d16d6..4f33c53 100644 > --- a/guests/host_vars/libvirt-freebsd-10/main.yml > +++ b/guests/host_vars/libvirt-freebsd-10/main.yml > @@ -5,6 +5,7 @@ bash: /usr/local/bin/bash > java: /usr/local/bin/java > make: /usr/local/bin/gmake > sudo: /usr/local/bin/sudo > +sudoers: /usr/local/etc/sudoers > > projects: > - base > diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml b/guests/host_vars/libvirt-freebsd-11/main.yml > index 80d16d6..4f33c53 100644 > --- a/guests/host_vars/libvirt-freebsd-11/main.yml > +++ b/guests/host_vars/libvirt-freebsd-11/main.yml > @@ -5,6 +5,7 @@ bash: /usr/local/bin/bash > java: /usr/local/bin/java > make: /usr/local/bin/gmake > sudo: /usr/local/bin/sudo > +sudoers: /usr/local/etc/sudoers > > projects: > - base > diff --git a/guests/lcitool b/guests/lcitool > index bf270f1..018640b 100755 > --- a/guests/lcitool > +++ b/guests/lcitool > @@ -141,6 +141,8 @@ do_install() > die "$PROGRAM_NAME: $GUEST: Missing configuration, guest must be installed manually" > } > > + load_config > + > # Load configuration files. Values don't get overwritten after being > # set the first time, so loading the host-specific configuration before > # the group configuration ensures overrides work as expected > @@ -158,6 +160,11 @@ do_install() > *kickstart*|*ks*) EXTRA_ARGS="ks=file:/${INSTALL_CONFIG##*/}" ;; > esac > > + # Only configure autostart for the guest for the ci flavor > + test "$FLAVOR" = ci && { > + AUTOSTART="--autostart" > + } > + > virt-install \ > --name "$GUEST" \ > --location "$INSTALL_URL" \ > @@ -174,7 +181,7 @@ do_install() > --sound none \ > --initrd-inject "$INSTALL_CONFIG" \ > --extra-args "console=ttyS0 $EXTRA_ARGS" \ > - --autostart \ > + $AUTOSTART \ > --wait 0 > } > > diff --git a/guests/site.yml b/guests/site.yml > index 35e3220..76437bb 100644 > --- a/guests/site.yml > +++ b/guests/site.yml > @@ -34,3 +34,8 @@ > - projects is defined > # jenkins is a pseudo-project > - ( 'jenkins' in projects ) > + > + # Configure the developer account > + - include: tasks/developer.yml > + when: > + - flavor == 'developer' > diff --git a/guests/tasks/developer.yml b/guests/tasks/developer.yml > new file mode 100644 > index 0000000..1dad8fc > --- /dev/null > +++ b/guests/tasks/developer.yml > @@ -0,0 +1,21 @@ > +--- > +- name: Create developer user account > + user: > + name: developer > + comment: Developer > + password: $6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0 How about using "test:test" account? "developer" is longer then "test" if you need to type it or you don't want to configure your SSH config. Is it possible to use plain password here? There is no need to encrypt it. Pavel > + shell: '{{ bash }}' > + > +- name: Configure ssh access for the developer > + authorized_key: > + user: developer > + key: '{{ lookup("file", lookup("env", "HOME") + "/.ssh/id_rsa.pub") }}' > + state: present > + > +- name: Grant passwordless sudo access to the developer > + lineinfile: > + path: '{{ sudoers }}' > + line: 'developer ALL=(ALL) NOPASSWD: ALL' > + state: present > + backup: yes > + validate: 'visudo -cf %s' > -- > 2.13.6 > > -- > libvir-list mailing list > libvir-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/libvir-list
Attachment:
signature.asc
Description: PGP signature
-- libvir-list mailing list libvir-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/libvir-list
