a4331953bd
Old legacy jobs will continue to want tocheck that the test user isn't using sudo if sudo has been disabled. Add a zuul version of the checker script and update the sudo rules to allow the zuul user to run it. Change-Id: I10720cdec309dc8418b6cf7e9badf9a04aa8e98e
39 lines
925 B
Bash
Executable File
39 lines
925 B
Bash
Executable File
#!/bin/bash
|
|
|
|
if [ ${DIB_DEBUG_TRACE:-0} -gt 0 ]; then
|
|
set -x
|
|
fi
|
|
set -eu
|
|
set -o pipefail
|
|
|
|
# Add zuul user and group. Note we don't want to rely on
|
|
# "useradd"'s group adding behaviour, because it might differ across
|
|
# distros.
|
|
groupadd zuul
|
|
useradd -m zuul -g zuul -s /bin/bash
|
|
|
|
cat > /etc/sudoers.d/zuul << EOF
|
|
zuul ALL=(ALL) NOPASSWD:ALL
|
|
EOF
|
|
chmod 0440 /etc/sudoers.d/zuul
|
|
|
|
cat > /etc/sudoers.d/zuul-sudo-grep <<EOF
|
|
zuul ALL = NOPASSWD:/usr/local/jenkins/slave_scripts/zuul-sudo-grep.sh
|
|
EOF
|
|
chmod 0440 /etc/sudoers.d/zuul-sudo-grep
|
|
|
|
visudo -c || die "Error setting zuul sudo!"
|
|
|
|
# this was copied from outside the chroot by extras.d
|
|
_pub_key=/tmp/in_target.d/zuul-user-ssh-public-key
|
|
if [ ! -f $_pub_key ]; then
|
|
die "Can not find Zuul public key!"
|
|
fi
|
|
|
|
mkdir /home/zuul/.ssh
|
|
chmod 700 /home/zuul/.ssh
|
|
cp $_pub_key /home/zuul/.ssh/authorized_keys
|
|
|
|
# cleanup everything to the right owner
|
|
chown -R zuul:zuul /home/zuul
|