Commit 4032b22f authored by Heather Ellsworth's avatar Heather Ellsworth
Browse files

Install build-essential,pbuilder and changed privs for jenkins to be elevated for specific commands

parent b8fb13a3
...@@ -60,26 +60,37 @@ ...@@ -60,26 +60,37 @@
apt: name=vmdebootstrap state=present apt: name=vmdebootstrap state=present
- name: Install sudo - name: Install sudo
apt: name=sudo state=present apt: name=sudo state=present
- name: Install build-essential
apt: name=build-essential state=present
- name: Install pbuilder
apt: name=pbuilder state=present
- name: Clone the debian_qemuscripts repo - name: Clone the debian_qemuscripts repo
git: git:
repo: 'https://code.puri.sm/Librem5/debian_qemuscripts.git' repo: 'https://code.puri.sm/Librem5/debian_qemuscripts.git'
dest: /var/lib/jenkins/debian_qemuscripts dest: /var/lib/jenkins/debian_qemuscripts
clone: yes # clone: yes
update: yes
- name: chown -R jenkins:jenkins /var/lib/jenkins/debian_qemuscripts - name: chown -R jenkins:jenkins /var/lib/jenkins/debian_qemuscripts
file: file:
path: /var/lib/jenkins/debian_qemuscripts path: /var/lib/jenkins/debian_qemuscripts
recurse: yes recurse: yes
owner: jenkins owner: jenkins
group: jenkins group: jenkins
- name: Allow passwordless sudo - name: Allow jenkins to execute certain commands with raised privs
lineinfile: copy:
dest: /etc/sudoers content: |
regexp: '^%sudo' %jenkins ALL = (root) SETENV: NOPASSWD: /usr/sbin/debootstrap, /usr/sbin/chroot, /usr/sbin/pbuilder
line: '%sudo ALL=(ALL) NOPASSWD: ALL' dest: /etc/sudoers.d/jenkins
validate: 'visudo -cf %s'
- name: Add jenkins to sudoers group
user: name=jenkins groups=sudo append=yes state=present
notify: Restart jenkins notify: Restart jenkins
# - name: Allow passwordless sudo
# lineinfile:
# dest: /etc/sudoers
# regexp: '^%sudo'
# line: '%sudo ALL=(ALL) NOPASSWD: ALL'
# validate: 'visudo -cf %s'
# - name: Add jenkins to sudoers group
# user: name=jenkins groups=sudo append=yes state=present
# notify: Restart jenkins
handlers: handlers:
- name: Restart nginx - name: Restart nginx
systemd: name=nginx state=restarted systemd: name=nginx state=restarted
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment