diff options
author | Michael Scherer <misc@zarb.org> | 2014-12-16 17:11:22 +0100 |
---|---|---|
committer | Michael Scherer <misc@zarb.org> | 2014-12-16 17:11:22 +0100 |
commit | 938bf3c804ef28e3a68e8d3eddc6cb97c03ee3b2 (patch) | |
tree | 3bcf196c3244146ac5bb352777c51cafa217eaa5 /roles/local_deploy | |
parent | e9b939228d5a6e41652963615e7a4cebd671fece (diff) |
Use sudo to deploy and run ansible as a regular user
Diffstat (limited to 'roles/local_deploy')
-rw-r--r-- | roles/local_deploy/files/ansible_run.sudoers | 1 | ||||
-rw-r--r-- | roles/local_deploy/files/extract_wrapper.sh | 4 | ||||
-rw-r--r-- | roles/local_deploy/files/post-receive.private.sh | 2 | ||||
-rw-r--r-- | roles/local_deploy/files/post-receive.public.sh | 5 | ||||
-rw-r--r-- | roles/local_deploy/tasks/main.yml | 8 | ||||
-rw-r--r-- | roles/local_deploy/templates/extract.sudoers | 1 |
6 files changed, 18 insertions, 3 deletions
diff --git a/roles/local_deploy/files/ansible_run.sudoers b/roles/local_deploy/files/ansible_run.sudoers new file mode 100644 index 0000000..ea995ab --- /dev/null +++ b/roles/local_deploy/files/ansible_run.sudoers @@ -0,0 +1 @@ +%admins ALL=(ALL) NOPASSWD: /usr/local/bin/ansible_run.sh diff --git a/roles/local_deploy/files/extract_wrapper.sh b/roles/local_deploy/files/extract_wrapper.sh new file mode 100644 index 0000000..240fb71 --- /dev/null +++ b/roles/local_deploy/files/extract_wrapper.sh @@ -0,0 +1,4 @@ +#!/bin/bash +export GIT_DIR=$1 +GIT_WORK_TREE=/etc/ansible/ git checkout -q -f + diff --git a/roles/local_deploy/files/post-receive.private.sh b/roles/local_deploy/files/post-receive.private.sh index e6d6abb..527c520 100644 --- a/roles/local_deploy/files/post-receive.private.sh +++ b/roles/local_deploy/files/post-receive.private.sh @@ -1,2 +1,2 @@ #!/bin/sh -GIT_WORK_TREE=/etc/ansible/ git checkout -q -f +sudo /usr/local/bin/extract_wrapper.sh diff --git a/roles/local_deploy/files/post-receive.public.sh b/roles/local_deploy/files/post-receive.public.sh index ce4da28..adcfa80 100644 --- a/roles/local_deploy/files/post-receive.public.sh +++ b/roles/local_deploy/files/post-receive.public.sh @@ -1,4 +1,5 @@ #!/bin/sh -GIT_WORK_TREE=/etc/ansible/ git checkout -q -f +sudo /usr/local/bin/extract_wrapper.sh $GIT_DIR +#GIT_WORK_TREE=/etc/ansible/ git checkout -q -f # run ansible -/usr/local/bin/ansible_run.sh +sudo /usr/local/bin/ansible_run.sh diff --git a/roles/local_deploy/tasks/main.yml b/roles/local_deploy/tasks/main.yml index 22d0b03..9215d53 100644 --- a/roles/local_deploy/tasks/main.yml +++ b/roles/local_deploy/tasks/main.yml @@ -8,8 +8,16 @@ - public - private +- template: src=extract.sudoers dest=/etc/sudoers.d/extract_{{ item }} + with_items: + - public + - private + - copy: src={{ item }} dest=/usr/local/bin/{{ item }} mode=0755 with_items: - ansible_run.sh + - extract_wrapper.sh + +- copy: src=ansible_run.sudoers dest=/etc/sudoers.d/ansible_run - cron: name="ansible run" job="/usr/local/bin/ansible_run.sh" minute=*/30 diff --git a/roles/local_deploy/templates/extract.sudoers b/roles/local_deploy/templates/extract.sudoers new file mode 100644 index 0000000..37cda43 --- /dev/null +++ b/roles/local_deploy/templates/extract.sudoers @@ -0,0 +1 @@ +%admins ALL=(ALL) NOPASSWD: /usr/local/bin/extract_wrapper.sh {{ git_repositories_dir }}/{{ item }} |