You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@openwhisk.apache.org by ra...@apache.org on 2017/08/03 12:44:12 UTC
[incubator-openwhisk] branch master updated: Revert "Remove
privilege escalation. (#2536)" (#2566)
This is an automated email from the ASF dual-hosted git repository.
rabbah pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/incubator-openwhisk.git
The following commit(s) were added to refs/heads/master by this push:
new 18de7a3 Revert "Remove privilege escalation. (#2536)" (#2566)
18de7a3 is described below
commit 18de7a31c004ebaa916affa434501fcf247a65fd
Author: Markus Thömmes <ma...@me.com>
AuthorDate: Thu Aug 3 14:44:10 2017 +0200
Revert "Remove privilege escalation. (#2536)" (#2566)
This reverts commit 97aba7136fa81c3d5accbbb1a32a3a83304af1b3.
---
ansible/registry.yml | 1 +
ansible/roles/cli/tasks/clean.yml | 1 +
ansible/roles/controller/tasks/clean.yml | 2 ++
ansible/roles/controller/tasks/deploy.yml | 1 +
ansible/roles/docker/tasks/clean.yml | 1 +
ansible/roles/docker/tasks/deploy.yml | 5 +++++
ansible/roles/invoker/tasks/clean.yml | 2 ++
ansible/roles/invoker/tasks/deploy.yml | 1 +
ansible/roles/nginx/tasks/clean.yml | 2 ++
ansible/roles/nginx/tasks/deploy.yml | 1 +
ansible/roles/prereq/tasks/clean.yml | 3 +++
ansible/roles/prereq/tasks/deploy.yml | 4 ++++
ansible/roles/registry/tasks/clean.yml | 1 +
ansible/roles/registry/tasks/deploy.yml | 1 +
ansible/roles/sdk/tasks/clean.yml | 1 +
tools/travis/build.sh | 1 -
16 files changed, 27 insertions(+), 1 deletion(-)
diff --git a/ansible/registry.yml b/ansible/registry.yml
index 2c3a415..f58d379 100644
--- a/ansible/registry.yml
+++ b/ansible/registry.yml
@@ -14,6 +14,7 @@
# publish cert on all hosts
- hosts: all:!ansible
+ become: true
tasks:
- include: roles/registry/tasks/publish.yml
when: mode == "deploy" and registry.gencert
diff --git a/ansible/roles/cli/tasks/clean.yml b/ansible/roles/cli/tasks/clean.yml
index e9f7a3f..eb94b90 100644
--- a/ansible/roles/cli/tasks/clean.yml
+++ b/ansible/roles/cli/tasks/clean.yml
@@ -4,3 +4,4 @@
file:
path: "{{ cli.nginxdir }}"
state: absent
+ become: true
diff --git a/ansible/roles/controller/tasks/clean.yml b/ansible/roles/controller/tasks/clean.yml
index f2a7432..2850756 100644
--- a/ansible/roles/controller/tasks/clean.yml
+++ b/ansible/roles/controller/tasks/clean.yml
@@ -12,6 +12,7 @@
file:
path: "{{ whisk_logs_dir }}/controller{{ groups['controllers'].index(inventory_hostname) }}"
state: absent
+ become: true
# Remove controller without prefix
- name: remove controller
@@ -25,3 +26,4 @@
file:
path: "{{ whisk_logs_dir }}/controller"
state: absent
+ become: true
diff --git a/ansible/roles/controller/tasks/deploy.yml b/ansible/roles/controller/tasks/deploy.yml
index a78dc43..3f62ca9 100644
--- a/ansible/roles/controller/tasks/deploy.yml
+++ b/ansible/roles/controller/tasks/deploy.yml
@@ -14,6 +14,7 @@
path: "{{ whisk_logs_dir }}/controller{{ groups['controllers'].index(inventory_hostname) }}"
state: directory
mode: 0777
+ become: true
- name: (re)start controller
docker_container:
diff --git a/ansible/roles/docker/tasks/clean.yml b/ansible/roles/docker/tasks/clean.yml
index 476fa46..72329f8 100644
--- a/ansible/roles/docker/tasks/clean.yml
+++ b/ansible/roles/docker/tasks/clean.yml
@@ -6,3 +6,4 @@
name: docker-engine
state: absent
force: yes
+ become: true
diff --git a/ansible/roles/docker/tasks/deploy.yml b/ansible/roles/docker/tasks/deploy.yml
index 508aa9d..62252d9 100644
--- a/ansible/roles/docker/tasks/deploy.yml
+++ b/ansible/roles/docker/tasks/deploy.yml
@@ -6,25 +6,30 @@
repo: deb https://apt.dockerproject.org/repo ubuntu-trusty main
update_cache: yes
state: present
+ become: true
- name: install docker
apt:
name: "docker-engine={{ docker.version }}"
state: present
force: yes
+ become: true
- name: configure docker
template:
src: docker.j2
dest: "/etc/default/docker"
+ become: true
- name: add user to docker group
user:
name: "{{docker.user|default(ansible_user_id)}}"
groups: docker
append: true
+ become: true
- name: restart docker service
service:
name: docker
state: restarted
+ become: true
diff --git a/ansible/roles/invoker/tasks/clean.yml b/ansible/roles/invoker/tasks/clean.yml
index 9992327..12b503f 100644
--- a/ansible/roles/invoker/tasks/clean.yml
+++ b/ansible/roles/invoker/tasks/clean.yml
@@ -21,6 +21,7 @@
echo "Handled $TOTAL remaining actions."
register: runc_output
ignore_errors: True
+ become: True
- debug: msg="{{ runc_output.stdout }}"
@@ -36,3 +37,4 @@
file:
path: "{{ whisk_logs_dir }}/invoker{{ groups['invokers'].index(inventory_hostname) }}"
state: absent
+ become: true
diff --git a/ansible/roles/invoker/tasks/deploy.yml b/ansible/roles/invoker/tasks/deploy.yml
index 75643ab..3fc828a 100644
--- a/ansible/roles/invoker/tasks/deploy.yml
+++ b/ansible/roles/invoker/tasks/deploy.yml
@@ -35,6 +35,7 @@
path: "{{ whisk_logs_dir }}/invoker{{ groups['invokers'].index(inventory_hostname) }}"
state: directory
mode: 0777
+ become: true
- name: define options when deploying invoker on Ubuntu
set_fact:
diff --git a/ansible/roles/nginx/tasks/clean.yml b/ansible/roles/nginx/tasks/clean.yml
index b4a88be..b8bc04e 100644
--- a/ansible/roles/nginx/tasks/clean.yml
+++ b/ansible/roles/nginx/tasks/clean.yml
@@ -12,8 +12,10 @@
file:
path: "{{ nginx.confdir }}"
state: absent
+ become: true
- name: remove nginx log directory
file:
path: "{{ whisk_logs_dir }}/nginx"
state: absent
+ become: true
diff --git a/ansible/roles/nginx/tasks/deploy.yml b/ansible/roles/nginx/tasks/deploy.yml
index f70cea0..c5b48f3 100644
--- a/ansible/roles/nginx/tasks/deploy.yml
+++ b/ansible/roles/nginx/tasks/deploy.yml
@@ -31,6 +31,7 @@
path: "{{ whisk_logs_dir }}/nginx"
state: directory
mode: 0777
+ become: true
- name: "pull the nginx:{{ nginx.version }} image"
shell: "docker pull nginx:{{ nginx.version }}"
diff --git a/ansible/roles/prereq/tasks/clean.yml b/ansible/roles/prereq/tasks/clean.yml
index fbebbdf..4e76035 100644
--- a/ansible/roles/prereq/tasks/clean.yml
+++ b/ansible/roles/prereq/tasks/clean.yml
@@ -5,13 +5,16 @@
pip:
name: requests
state: absent
+ become: true
- name: remove docker
pip:
name: docker
state: absent
+ become: true
- name: remove httplib2
pip:
name: httplib2
state: absent
+ become: true
diff --git a/ansible/roles/prereq/tasks/deploy.yml b/ansible/roles/prereq/tasks/deploy.yml
index 9b860d2..8c70631 100644
--- a/ansible/roles/prereq/tasks/deploy.yml
+++ b/ansible/roles/prereq/tasks/deploy.yml
@@ -8,19 +8,23 @@
- name: install pip
shell: "curl -k https://bootstrap.pypa.io/get-pip.py | python"
+ become: true
when: pip_result.rc != 0
- name: install requests
pip:
name: requests
version: 2.10.0
+ become: true
- name: install docker for python
pip:
name: docker
version: 2.2.1
+ become: true
- name: install httplib2
pip:
name: httplib2
version: 0.9.2
+ become: true
diff --git a/ansible/roles/registry/tasks/clean.yml b/ansible/roles/registry/tasks/clean.yml
index c067008..9d57102 100644
--- a/ansible/roles/registry/tasks/clean.yml
+++ b/ansible/roles/registry/tasks/clean.yml
@@ -9,3 +9,4 @@
file:
path: "/etc/cron.daily/recycle-registry.py"
state: absent
+ become: true
diff --git a/ansible/roles/registry/tasks/deploy.yml b/ansible/roles/registry/tasks/deploy.yml
index f12fe90..c15f38d 100644
--- a/ansible/roles/registry/tasks/deploy.yml
+++ b/ansible/roles/registry/tasks/deploy.yml
@@ -63,3 +63,4 @@
src: recycle-registry.py.j2
dest: "/etc/cron.daily/recycle-registry"
mode: 0755
+ become: true
diff --git a/ansible/roles/sdk/tasks/clean.yml b/ansible/roles/sdk/tasks/clean.yml
index 4ffded3..ca04b53 100644
--- a/ansible/roles/sdk/tasks/clean.yml
+++ b/ansible/roles/sdk/tasks/clean.yml
@@ -5,3 +5,4 @@
file:
path: "{{ nginx.confdir }}/blackbox-0.1.0.tar.gz"
state: absent
+ become: true
diff --git a/tools/travis/build.sh b/tools/travis/build.sh
index f5eead6..9813c96 100755
--- a/tools/travis/build.sh
+++ b/tools/travis/build.sh
@@ -6,7 +6,6 @@ set -e
SCRIPTDIR=$(cd $(dirname "$0") && pwd)
ROOTDIR="$SCRIPTDIR/../.."
HOMEDIR="$SCRIPTDIR/../../../"
-export PYTHONPATH=/opt/python/2.7.13/lib/python2.7/site-packages
# clone the openwhisk utilities repo.
cd $HOMEDIR
--
To stop receiving notification emails like this one, please contact
['"commits@openwhisk.apache.org" <co...@openwhisk.apache.org>'].