openstack-zuul-jobs/playbooks/legacy/swift-tox-xfs-tmp-func-post-as-copy-centos-7/run.yaml
Jeremy Stanley d3ff588013 Correctly revoke /etc/sudoers.d/zuul
According to our zuul-worker DIB element the path we want to remove
to revoke zuul sudo access is /etc/sudoers.d/zuul:

http://git.openstack.org/cgit/openstack-infra/project-config/tree/nodepool/elements/zuul-worker/install.d/60-zuul-worker

Generated via:

    sed -i 's/zuul-sudo/zuul/' \
        `git grep --files-with-match '/etc/sudoers.d/zuul-sudo'`

Change-Id: Iea8cf915d815dbf876ca0cee74933f04152395b8
2017-09-28 19:19:04 +00:00

100 lines
3.3 KiB
YAML

- hosts: all
name: Autoconverted job legacy-swift-tox-xfs-tmp-func-post-as-copy-centos-7 from
old job gate-swift-tox-xfs-tmp-func-post-as-copy-centos-7
tasks:
- name: Ensure legacy workspace directory
file:
path: '{{ ansible_user_dir }}/workspace'
state: directory
- shell:
cmd: |
set -e
set -x
CLONEMAP=`mktemp`
REQS_DIR=`mktemp -d`
function cleanup {
mkdir -p $WORKSPACE
rm -rf $CLONEMAP $REQS_DIR
}
trap cleanup EXIT
cat > $CLONEMAP << EOF
clonemap:
- name: $ZUUL_PROJECT
dest: .
EOF
# zuul cloner works poorly if there are 2 names that are the
# same in here.
if [[ "$ZUUL_PROJECT" != "openstack/requirements" ]]; then
cat >> $CLONEMAP << EOF
- name: openstack/requirements
dest: $REQS_DIR
EOF
fi
/usr/zuul-env/bin/zuul-cloner -m $CLONEMAP --cache-dir /opt/git \
git://git.openstack.org $ZUUL_PROJECT openstack/requirements
# REQS_DIR is not set for openstack/requirements and there is also
# no need to copy in this case.
if [[ "$ZUUL_PROJECT" != "openstack/requirements" ]]; then
cp $REQS_DIR/upper-constraints.txt ./
fi
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: /usr/local/jenkins/slave_scripts/install-distro-packages.sh
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -e
set -x
# create a large-ish file that we will mount as a loopback
truncate -s 1GB $HOME/1G_xfs_file
# format the new file as xfs
/sbin/mkfs.xfs $HOME/1G_xfs_file
# loopback mount the file
mkdir -p $HOME/xfstmp
sudo mount -o loop,noatime,nodiratime $HOME/1G_xfs_file $HOME/xfstmp
sudo chmod 777 $HOME/xfstmp
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -x
sudo rm -f /etc/sudoers.d/zuul
# Prove that general sudo access is actually revoked
! sudo -n true
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
set -x
export TMPDIR=$HOME/xfstmp
/usr/local/jenkins/slave_scripts/run-tox.sh func-post-as-copy
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'
- shell:
cmd: |
OUT=`git ls-files --other --exclude-standard --directory`
if [ -z "$OUT" ]; then
echo "No extra files created during test."
exit 0
else
echo "The following un-ignored files were created during the test:"
echo "$OUT"
exit 0 # TODO: change to 1 to fail tests.
fi
executable: /bin/bash
chdir: '{{ ansible_user_dir }}/workspace'
environment: '{{ zuul | zuul_legacy_vars }}'