-
-
Notifications
You must be signed in to change notification settings - Fork 102
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
aixPb: Fixes for Users task in aix playbook #3087
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why has the warning for jenkins been left in but removed for the zeus
user?
Not sure, I'll remove the jenkins one too. The warning messages are unnecessary since to get the warning message to appear, the task must fail, but if the task fails the playbook will stop and not reach the warning message |
The reason for the tests, and the warning message, and the reason for the "localhost" was because I have never had the key access that you guys have. The Back to As such: it appears the the delegate to localhost may be wrong in the 'task' set authorized key. IMHO: the warnings have a purpose (see above), but it is your call. I'll rework above into my review. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Warnings are for a reason. The idea here is that not everyone is adoptium - and won't have the access or need to integrate with jenkins.
The three tasks are:
a) check if I have access to key (needs to be done localhost aka ansible master)
b) ensure jenkins authorization is present IF (when:) I have access to the key
c) warn about jenkins (but let playbook proceed) when ther eis no access to the key OR the insertion succeeded.
My preference is to keep the warnings - hence request changes. The goal is that both conditions are tested and if either fails - warn.
The needed change in zeus
is to delegate the first task (initial lookup) to localhost.
My personal preference, for users who do not have access to the keys and other vendor_files, is to skip running those roles entirely, that way we dont end up with half a role being run. One the reasons I removed the warnings is because their when condition did not work.
|
Probably also needs (needed) Jenkins_pubkey.defined. That gets really boring with ansible.
i.e. (not Jenkins_pubkey.defined OR Jenkins_pubkey.skipped). It’s been a long while since I tested these over and over and over again, but not as an Adoptium project member.
***@***.***>
Michael Felt
Mobile +31 (0)6 5184 4181
Email ***@***.***
From: Haroon Khel ***@***.***>
Sent: Monday, June 5, 2023 8:59 PM
To: adoptium/infrastructure ***@***.***>
Cc: Michael Felt ***@***.***>; Review requested ***@***.***>
Subject: Re: [adoptium/infrastructure] aixPb: Fixes for Users task in aix playbook (PR #3087)
My personal preference, for users who do not have access to the keys and other vendor_files, is to skip running those roles entirely, that way we dont end up with half a role being run.
One the reasons I removed the warnings is because their when condition did not work. jenkins_pubkey.skipped for example
fatal: [test-osuosl-aix715-ppc64-1]: FAILED! => {"msg": "The conditional check 'jenkins_pubkey is defined and (jenkins_pubkey.skipped == true or jenkins_pubkey.failed == true)' failed. The error was: error while evaluating conditional (jenkins_pubkey is defined and (jenkins_pubkey.skipped == true or jenkins_pubkey.failed == true)): 'dict object' has no
attribute 'skipped'\n\nThe error appears to be in
'/tmp/awx_1319_9_q0jfjc/project/ansible/playbooks/AdoptOpenJDK_AIX_Playbook/roles/users/tasks/jenkins.yml': line 21,
column 3, but may\nbe elsewhere in the file depending on the exact syntax problem.\n\nThe offending line appears to
be:\n\n\n- name: Warn about missing authorization for jenkins\n ^ here\n"}
—
Reply to this email directly, view it on GitHub <#3087 (comment)> , or unsubscribe <https://github.com/notifications/unsubscribe-auth/ACSZR5LEAWJ2MCB2IJIB6TDXJYT7DANCNFSM6AAAAAAYYMSBSY> .
You are receiving this because your review was requested. <https://github.com/notifications/beacon/ACSZR5L2DWL52D5FK73DB23XJYT7DA5CNFSM6AAAAAAYYMSBS2WGG33NNVSW45C7OR4XAZNMJFZXG5LFINXW23LFNZ2KUY3PNVWWK3TUL5UWJTS6APDJK.gif> Message ID: ***@***.*** ***@***.***> >
|
I think that's reasonable - typically someone without access to the adoptium secret data would be expected to run with |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Since the primary purpose of this is to remove the (incorrect) delegate_to: localhost
I'm approving this so it can go in. Anything further from teh reviews can be covered in separate issues/PRs if desired.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good.
* remove localhost delegation from jenkins key task * fix condition * remove unnecessary warning * remove warning message for jenkins key --------- Co-authored-by: Martijn Verburg <[email protected]>
ref #3086
The
Set authorized key for jenkins user
should not be running on localhost (ie the ansible controller). It should run on the node, hence why it was failing.I also removed an unnecessary warning which had a condition that did not work anyway