Handle no-sudo in stage-output
The stage-output role had two assumptions: 1) The zuul_copy_output variable would always be defined 2) The role would be able to sudo on the remote node To make it easier for users who want to use this in a base job, remove both of those assumptions. 1) We now supply a default empty dict if the variable is not defined so that the role does not fail with an error. 2) We check to see if we can sudo on the remote node, and if we can, we do when copying files; otherwise we don't, and assume that the user will only specify files they have access to (if they don't then the copy will fail). Change-Id: I5428c44adfafac4872342b59a92de311f41687b6
This commit is contained in:
parent
0fcc5ff5ac
commit
f0d7c980b5
@ -1,12 +1,20 @@
|
|||||||
- name: Register sources
|
- name: Register sources
|
||||||
stat:
|
stat:
|
||||||
path: "{{ zj_source.key }}"
|
path: "{{ zj_source.key }}"
|
||||||
loop: "{{ zuul_copy_output|dict2items }}"
|
loop: "{{ zuul_copy_output | default({}) | dict2items }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: zj_source
|
loop_var: zj_source
|
||||||
register: sources
|
register: sources
|
||||||
no_log: true
|
no_log: true
|
||||||
|
|
||||||
|
# See if we're running with sudo; if so, we'll set 'become' later so
|
||||||
|
# we can copy root-owned files; if not, we'll just be able to copy
|
||||||
|
# user files.
|
||||||
|
- name: Check sudo
|
||||||
|
command: sudo -n true
|
||||||
|
failed_when: false
|
||||||
|
register: sudo_result
|
||||||
|
|
||||||
- name: Build the extensions list from a dict (or empty)
|
- name: Build the extensions list from a dict (or empty)
|
||||||
set_fact:
|
set_fact:
|
||||||
extension_list: >
|
extension_list: >
|
||||||
@ -50,7 +58,7 @@
|
|||||||
all_sources: "{{ results.results | selectattr('ansible_facts', 'defined') | map(attribute='ansible_facts') | list }}"
|
all_sources: "{{ results.results | selectattr('ansible_facts', 'defined') | map(attribute='ansible_facts') | list }}"
|
||||||
|
|
||||||
- name: Ensure target folders exist
|
- name: Ensure target folders exist
|
||||||
become: true
|
become: "{{ sudo_result.rc == 0 }}"
|
||||||
file:
|
file:
|
||||||
path: "{{ stage_dir }}/{{ zj_output_dirs }}"
|
path: "{{ stage_dir }}/{{ zj_output_dirs }}"
|
||||||
state: directory
|
state: directory
|
||||||
@ -67,7 +75,7 @@
|
|||||||
# remote_src copy does not work recursively, synchronise is restricted by
|
# remote_src copy does not work recursively, synchronise is restricted by
|
||||||
# zuul, using command
|
# zuul, using command
|
||||||
command: cp -pRL {{ zj_source.source }} {{ stage_dir }}/{{ zj_source.dest }}
|
command: cp -pRL {{ zj_source.source }} {{ stage_dir }}/{{ zj_source.dest }}
|
||||||
become: true
|
become: "{{ sudo_result.rc == 0 }}"
|
||||||
with_items: "{{ all_sources }}"
|
with_items: "{{ all_sources }}"
|
||||||
loop_control:
|
loop_control:
|
||||||
loop_var: zj_source
|
loop_var: zj_source
|
||||||
@ -78,7 +86,7 @@
|
|||||||
dest: "{{ stage_dir }}/logs"
|
dest: "{{ stage_dir }}/logs"
|
||||||
mode: u=rwX,g=rX,o=rX
|
mode: u=rwX,g=rX,o=rX
|
||||||
recurse: yes
|
recurse: yes
|
||||||
become: yes
|
become: "{{ sudo_result.rc == 0 }}"
|
||||||
|
|
||||||
- name: Discover log files that match extension_list
|
- name: Discover log files that match extension_list
|
||||||
find:
|
find:
|
||||||
|
21
test-playbooks/stage-output.yaml
Normal file
21
test-playbooks/stage-output.yaml
Normal file
@ -0,0 +1,21 @@
|
|||||||
|
- hosts: all
|
||||||
|
tasks:
|
||||||
|
- name: Write a test file
|
||||||
|
copy:
|
||||||
|
content: "Test file"
|
||||||
|
dest: "/tmp/test-output.txt"
|
||||||
|
- name: Test stage-output with a file
|
||||||
|
include_role:
|
||||||
|
name: stage-output
|
||||||
|
vars:
|
||||||
|
zuul_copy_output:
|
||||||
|
/tmp/test-output.txt: logs
|
||||||
|
- name: Test stage-output with no input
|
||||||
|
include_role:
|
||||||
|
name: stage-output
|
||||||
|
- name: Remove sudo
|
||||||
|
include_role:
|
||||||
|
name: revoke-sudo
|
||||||
|
- name: Test stage-output without sudo
|
||||||
|
include_role:
|
||||||
|
name: stage-output
|
@ -688,6 +688,14 @@
|
|||||||
- test-playbooks/update-json-file.yaml
|
- test-playbooks/update-json-file.yaml
|
||||||
- roles/update-json-file/.*
|
- roles/update-json-file/.*
|
||||||
|
|
||||||
|
- job:
|
||||||
|
name: zuul-jobs-test-stage-output
|
||||||
|
description: Test the state-output role
|
||||||
|
run: test-playbooks/stage-output.yaml
|
||||||
|
files:
|
||||||
|
- test-playbooks/stage-output.yaml
|
||||||
|
- roles/stage-output/.*
|
||||||
|
|
||||||
# -* AUTOGENERATED *-
|
# -* AUTOGENERATED *-
|
||||||
# The following project section is autogenerated by
|
# The following project section is autogenerated by
|
||||||
# tox -e update-test-platforms
|
# tox -e update-test-platforms
|
||||||
@ -742,6 +750,7 @@
|
|||||||
- zuul-jobs-test-shake-build
|
- zuul-jobs-test-shake-build
|
||||||
- zuul-jobs-test-ensure-zookeeper
|
- zuul-jobs-test-ensure-zookeeper
|
||||||
- zuul-jobs-test-update-json-file
|
- zuul-jobs-test-update-json-file
|
||||||
|
- zuul-jobs-test-stage-output
|
||||||
gate:
|
gate:
|
||||||
jobs: &id001
|
jobs: &id001
|
||||||
- zuul-jobs-test-add-authorized-keys
|
- zuul-jobs-test-add-authorized-keys
|
||||||
@ -787,5 +796,6 @@
|
|||||||
- zuul-jobs-test-shake-build
|
- zuul-jobs-test-shake-build
|
||||||
- zuul-jobs-test-ensure-zookeeper
|
- zuul-jobs-test-ensure-zookeeper
|
||||||
- zuul-jobs-test-update-json-file
|
- zuul-jobs-test-update-json-file
|
||||||
|
- zuul-jobs-test-stage-output
|
||||||
periodic-weekly:
|
periodic-weekly:
|
||||||
jobs: *id001
|
jobs: *id001
|
||||||
|
Loading…
Reference in New Issue
Block a user