a789346727
A recent change related to sudo securepath broke how sudo -E works. Now the PATH is reset by sudo as set by tox. As a result we can no longer rely on sudo -E anywhere in our gating system relating to path inheritence from the parent shell. This patch uses a shell operation in the setup_nodes.yml code to chmod the docker socket to 666 so docker containers can build properly. Now docker operations don't return a permission denied and we no longer require the sudo -E operation in any of our tox scripts. This isn't a security vulnerability because our gate scripts are only meant to be run in OpenStack infrastructure. To make this more clear I recommend moving these shell scripts to tests/gate. Change-Id: I5b3d6e280e3c12a25defedb14b5589ba642043fa Closes-Bug: #1562383
32 lines
620 B
YAML
32 lines
620 B
YAML
---
|
|
- hosts: all
|
|
sudo: yes
|
|
tasks:
|
|
- name: Setup /etc/hosts
|
|
copy:
|
|
src: /etc/hosts
|
|
dest: /etc/hosts
|
|
|
|
- name: Assign hostname
|
|
hostname:
|
|
name: "{{ inventory_hostname }}"
|
|
|
|
- name: Copy setup script
|
|
copy:
|
|
src: setup_{{ ansible_os_family }}.sh
|
|
dest: /tmp/setup.sh
|
|
mode: 0755
|
|
|
|
- hosts: all
|
|
tasks:
|
|
- name: Create log directory for node
|
|
file:
|
|
state: directory
|
|
path: /tmp/{{ inventory_hostname }}
|
|
|
|
- name: Run node setup
|
|
shell: sudo /tmp/setup.sh
|
|
|
|
- name: Changing permissions of docker socket to 666
|
|
shell: sudo chmod 0666 /run/docker.sock
|