Avoid insecure umask which breaks loading of ansible.cfg
Ansible had a security fix which now prevents it from loading ansible.cfg files that are world writable (o+w) which is exactly what the old jobs did in order to make devstack work with hardlinks across multiple users. We replace the hardlinks with CoW and reset the permissions to system default which is what is to be expected for source code. Change-Id: Ia1bfc89ee8edecd1ebad3487e8c63bdda4d083a0 Partial-Bug: 1807703
This commit is contained in:
parent
932fc21571
commit
b62acc6360
|
@ -24,14 +24,23 @@
|
|||
path: '{{ workspace }}/logs'
|
||||
state: directory
|
||||
|
||||
- name: Hard link tripleo-ci to openstack namespace dir
|
||||
- name: Assure src folder has safe permissions
|
||||
# Workaround for https://bugs.launchpad.net/tripleo/+bug/1807703
|
||||
file:
|
||||
path: /home/zuul/src/
|
||||
state: directory
|
||||
mode: u=rwX,g=rX,o=rX
|
||||
recurse: yes
|
||||
|
||||
- name: Copy tripleo-ci to openstack namespace dir
|
||||
shell:
|
||||
cmd: |
|
||||
set -e
|
||||
set -x
|
||||
# we still need all the repos under the same root directory, but instead of using
|
||||
# zuul-cloner, use the wrapped commands directly
|
||||
cp -dRl /home/zuul/src/git.openstack.org/openstack-infra/tripleo-ci .
|
||||
# reflink is an safer alternative to hardlinking which could fail
|
||||
cp -dR --reflink=auto /home/zuul/src/git.openstack.org/openstack-infra/tripleo-ci .
|
||||
executable: /bin/bash
|
||||
chdir: '{{ tripleo_root }}'
|
||||
environment: '{{ zuul | zuul_legacy_vars }}'
|
||||
|
|
Loading…
Reference in New Issue