The developer is given key-based SSH access to the guest and
granted passwordless sudo privilege for maximum convenience.
Signed-off-by: Andrea Bolognani <abologna(a)redhat.com>
---
guests/group_vars/all/main.yml | 4 +++-
guests/host_vars/libvirt-freebsd-10/main.yml | 1 +
guests/host_vars/libvirt-freebsd-11/main.yml | 1 +
guests/lcitool | 9 ++++++++-
guests/site.yml | 5 +++++
guests/tasks/developer.yml | 21 +++++++++++++++++++++
6 files changed, 39 insertions(+), 2 deletions(-)
create mode 100644 guests/tasks/developer.yml
diff --git a/guests/group_vars/all/main.yml b/guests/group_vars/all/main.yml
index d24af59..410077f 100644
--- a/guests/group_vars/all/main.yml
+++ b/guests/group_vars/all/main.yml
@@ -8,8 +8,10 @@ ansible_ssh_pass: root
jenkins_url:
https://ci.centos.org/computer/{{ inventory_hostname }}/slave-agent.jnlp
-# Paths to various command. Can be overridden on a per-host basis
+# Paths to various commands and files that might be OS-dependent. Can
+# be overridden on a per-host basis
bash: /bin/bash
java: /usr/bin/java
make: /usr/bin/make
sudo: /usr/bin/sudo
+sudoers: /etc/sudoers
diff --git a/guests/host_vars/libvirt-freebsd-10/main.yml
b/guests/host_vars/libvirt-freebsd-10/main.yml
index 80d16d6..4f33c53 100644
--- a/guests/host_vars/libvirt-freebsd-10/main.yml
+++ b/guests/host_vars/libvirt-freebsd-10/main.yml
@@ -5,6 +5,7 @@ bash: /usr/local/bin/bash
java: /usr/local/bin/java
make: /usr/local/bin/gmake
sudo: /usr/local/bin/sudo
+sudoers: /usr/local/etc/sudoers
projects:
- base
diff --git a/guests/host_vars/libvirt-freebsd-11/main.yml
b/guests/host_vars/libvirt-freebsd-11/main.yml
index 80d16d6..4f33c53 100644
--- a/guests/host_vars/libvirt-freebsd-11/main.yml
+++ b/guests/host_vars/libvirt-freebsd-11/main.yml
@@ -5,6 +5,7 @@ bash: /usr/local/bin/bash
java: /usr/local/bin/java
make: /usr/local/bin/gmake
sudo: /usr/local/bin/sudo
+sudoers: /usr/local/etc/sudoers
projects:
- base
diff --git a/guests/lcitool b/guests/lcitool
index bf270f1..018640b 100755
--- a/guests/lcitool
+++ b/guests/lcitool
@@ -141,6 +141,8 @@ do_install()
die "$PROGRAM_NAME: $GUEST: Missing configuration, guest must be installed
manually"
}
+ load_config
+
# Load configuration files. Values don't get overwritten after being
# set the first time, so loading the host-specific configuration before
# the group configuration ensures overrides work as expected
@@ -158,6 +160,11 @@ do_install()
*kickstart*|*ks*) EXTRA_ARGS="ks=file:/${INSTALL_CONFIG##*/}" ;;
esac
+ # Only configure autostart for the guest for the ci flavor
+ test "$FLAVOR" = ci && {
+ AUTOSTART="--autostart"
+ }
+
virt-install \
--name "$GUEST" \
--location "$INSTALL_URL" \
@@ -174,7 +181,7 @@ do_install()
--sound none \
--initrd-inject "$INSTALL_CONFIG" \
--extra-args "console=ttyS0 $EXTRA_ARGS" \
- --autostart \
+ $AUTOSTART \
--wait 0
}
diff --git a/guests/site.yml b/guests/site.yml
index 35e3220..76437bb 100644
--- a/guests/site.yml
+++ b/guests/site.yml
@@ -34,3 +34,8 @@
- projects is defined
# jenkins is a pseudo-project
- ( 'jenkins' in projects )
+
+ # Configure the developer account
+ - include: tasks/developer.yml
+ when:
+ - flavor == 'developer'
diff --git a/guests/tasks/developer.yml b/guests/tasks/developer.yml
new file mode 100644
index 0000000..1dad8fc
--- /dev/null
+++ b/guests/tasks/developer.yml
@@ -0,0 +1,21 @@
+---
+- name: Create developer user account
+ user:
+ name: developer
+ comment: Developer
+ password:
$6$YEzeb0A3t7jn/IwW$oMPH0mpKPPeuABH3gKDom08rLccOKBm6CrXT/deBsdP77MjBHxwHQ5EJM0MAc/sOsGKCNX0zjYYjlXP.KNUmP0
How about using "test:test" account? "developer" is longer then
"test"
if you need to type it or you don't want to configure your SSH config.
Is it possible to use plain password here? There is no need to
encrypt it.
Pavel
+ shell: '{{ bash }}'
+
+- name: Configure ssh access for the developer
+ authorized_key:
+ user: developer
+ key: '{{ lookup("file", lookup("env", "HOME") +
"/.ssh/id_rsa.pub") }}'
+ state: present
+
+- name: Grant passwordless sudo access to the developer
+ lineinfile:
+ path: '{{ sudoers }}'
+ line: 'developer ALL=(ALL) NOPASSWD: ALL'
+ state: present
+ backup: yes
+ validate: 'visudo -cf %s'
--
2.13.6
--
libvir-list mailing list
libvir-list(a)redhat.com
https://www.redhat.com/mailman/listinfo/libvir-list