[Git][qa/jenkins.debian.net][master] jenkins node: merge ionos10 sudoers into common one
Holger Levsen (@holger)
gitlab at salsa.debian.org
Wed Sep 24 13:10:02 BST 2025
Holger Levsen pushed to branch master at Debian QA / jenkins.debian.net
Commits:
7a7c1883 by Holger Levsen at 2025-09-24T14:09:06+02:00
jenkins node: merge ionos10 sudoers into common one
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
2 changed files:
- hosts/common/etc/sudoers.d/jenkins
- − hosts/ionos10-amd64/etc/sudoers.d/jenkins
Changes:
=====================================
hosts/common/etc/sudoers.d/jenkins
=====================================
@@ -46,12 +46,13 @@ jenkins ALL= \
/bin/dd if=/dev/zero of=/dev/jenkins*, \
/usr/bin/qemu-system-x86_64 *, \
/usr/bin/qemu-img *, \
- /sbin/lvcreate *, /sbin/lvremove *, /sbin/lvdisplay *, \
+ /sbin/lvcreate *, /sbin/lvremove *, /sbin/lvdisplay *, \
+ /usr/bin/virsh -q snapshot-list *, /usr/bin/virsh snapshot-delete *, \
/bin/mkdir -p /media/*, \
/bin/mkdir -p /srv/mmdebstrap-jenkins/*, /bin/chown -R jenkins\:jenkins /srv/mmdebstrap-jenkins/*, \
/usr/bin/guestmount *, \
- /bin/cp -rv /media/*, /usr/sbin/adduser jenkins docker \
- /bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*, \
+ /bin/cp -rv /media/*, \
+ /bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\
SETENV: NOPASSWD: /usr/sbin/pbuilder *, \
SETENV: NOPASSWD: /usr/bin/timeout * /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \
SETENV: NOPASSWD: /usr/bin/timeout * /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \
=====================================
hosts/ionos10-amd64/etc/sudoers.d/jenkins deleted
=====================================
@@ -1,59 +0,0 @@
-jenkins ALL= \
- NOPASSWD: /usr/sbin/debootstrap *, \
- /usr/bin/mmdebstrap *, \
- /bin/systemctl reset-failed*, \
- /bin/systemctl restart*, \
- /usr/bin/tee /schroots/*, \
- /usr/bin/tee -a /schroots/*, \
- /usr/bin/tee /etc/schroot/chroot.d/jenkins*, \
- /usr/bin/tee -a /etc/schroot/chroot.d/jenkins*, \
- /usr/bin/tee /proc/*/oom_score_adj, \
- /bin/chmod +x /schroots/*, \
- /bin/chmod +x /chroots/*, \
- /bin/tar -c --exclude ./sys/\* --exclude ./proc/\* -f /schroots/*, \
- /usr/sbin/chroot /schroots/*, \
- /usr/sbin/chroot /chroots/*, \
- /usr/sbin/chroot /media/*, \
- /bin/ls -la /media/*, \
- /bin/rm -rf --one-file-system /chroots/*, \
- /bin/rm -rf --one-file-system /schroots/*, \
- /bin/rm -rf --one-file-system /srv/workspace/pbuilder/*, \
- /bin/rm -rf --one-file-system /srv/workspace/chroots/*, \
- /bin/rm -rf --one-file-system /var/lib/sbuild/build/*, \
- /bin/mv /chroots/* /schroots/*, \
- /bin/mv /schroots/* /schroots/*, \
- /bin/umount -l /chroots/*, \
- /bin/umount -l /schroots/*, \
- /bin/umount -l /media/*, \
- /bin/rmdir /media/*, \
- /bin/mount -o loop*, \
- /bin/mount --bind *, \
- /usr/bin/du *, \
- /bin/kill *, \
- /usr/bin/file *, \
- /bin/dd if=/dev/zero of=/dev/jenkins*, \
- /usr/bin/qemu-system-x86_64 *, \
- /usr/bin/qemu-img *, \
- /sbin/lvcreate *, /sbin/lvremove *, /sbin/lvdisplay *, \
- /usr/bin/virsh -q snapshot-list *, /usr/bin/virsh snapshot-delete *, \
- /bin/mkdir -p /media/*, \
- /usr/bin/guestmount *, \
- /bin/cp -rv /media/*, \
- /bin/chown -R jenkins\:jenkins /var/lib/jenkins/jobs/*,\
- SETENV: NOPASSWD: /usr/sbin/pbuilder *, \
- SETENV: NOPASSWD: /usr/bin/timeout * /usr/bin/ionice -c 3 /usr/bin/nice /usr/sbin/pbuilder *, \
- SETENV: NOPASSWD: /usr/bin/timeout * /usr/bin/ionice -c 3 /usr/bin/nice -n 11 /usr/bin/unshare --uts -- /usr/sbin/pbuilder *, \
- /bin/mv /var/cache/pbuilder/*base*.tgz /var/cache/pbuilder/*base*.tgz, \
- /bin/rm /var/cache/pbuilder/*base*.tgz, \
- /bin/rm -v /var/cache/pbuilder/*base*.tgz, \
- /bin/rm /var/cache/pbuilder/result/*, \
- /usr/bin/dcmd rm *.changes, \
- /usr/bin/dcmd rm *.dsc, \
- /usr/bin/apt-get update, \
- /usr/bin/killall -9 timeout, \
- /usr/sbin/slay 1111, \
- /usr/sbin/slay 2222, \
- /usr/sbin/slay jenkins
-
-# keep these environment variables
-Defaults env_keep += "http_proxy", env_reset
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/7a7c1883e630b14481f85099fc931a0d3f3b188c
--
View it on GitLab: https://salsa.debian.org/qa/jenkins.debian.net/-/commit/7a7c1883e630b14481f85099fc931a0d3f3b188c
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/qa-jenkins-scm/attachments/20250924/7e021586/attachment-0001.htm>
More information about the Qa-jenkins-scm
mailing list