Commit 4032b22f authored by Heather Ellsworth's avatar Heather Ellsworth
Browse files

Install build-essential,pbuilder and changed privs for jenkins to be elevated for specific commands

parent b8fb13a3
......@@ -60,26 +60,37 @@
apt: name=vmdebootstrap state=present
- name: Install sudo
apt: name=sudo state=present
- name: Install build-essential
apt: name=build-essential state=present
- name: Install pbuilder
apt: name=pbuilder state=present
- name: Clone the debian_qemuscripts repo
git:
repo: 'https://code.puri.sm/Librem5/debian_qemuscripts.git'
dest: /var/lib/jenkins/debian_qemuscripts
clone: yes
# clone: yes
update: yes
- name: chown -R jenkins:jenkins /var/lib/jenkins/debian_qemuscripts
file:
path: /var/lib/jenkins/debian_qemuscripts
recurse: yes
owner: jenkins
group: jenkins
- name: Allow passwordless sudo
lineinfile:
dest: /etc/sudoers
regexp: '^%sudo'
line: '%sudo ALL=(ALL) NOPASSWD: ALL'
validate: 'visudo -cf %s'
- name: Add jenkins to sudoers group
user: name=jenkins groups=sudo append=yes state=present
- name: Allow jenkins to execute certain commands with raised privs
copy:
content: |
%jenkins ALL = (root) SETENV: NOPASSWD: /usr/sbin/debootstrap, /usr/sbin/chroot, /usr/sbin/pbuilder
dest: /etc/sudoers.d/jenkins
notify: Restart jenkins
# - name: Allow passwordless sudo
# lineinfile:
# dest: /etc/sudoers
# regexp: '^%sudo'
# line: '%sudo ALL=(ALL) NOPASSWD: ALL'
# validate: 'visudo -cf %s'
# - name: Add jenkins to sudoers group
# user: name=jenkins groups=sudo append=yes state=present
# notify: Restart jenkins
handlers:
- name: Restart nginx
systemd: name=nginx state=restarted
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment