Skip to content

C
configuration
Commit e8b4a2ce by Will Daly
Options

Security updates; added xml_grep requirements

parent f14ab1e2
Showing with 33 additions and 19 deletions
playbooks/roles/jenkins_worker/tasks/jscover.yml
...@@ -14,14 +14,9 @@ ...@@ -14,14 +14,9 @@
creates=/usr/local/bin/JSCover-all.jar creates=/usr/local/bin/JSCover-all.jar
- name: JSCover | Set JSCover permissions - name: JSCover | Set JSCover permissions
command: chmod go+rx /usr/local/bin/JSCover-all.jar file: path="/usr/local/bin/JSCover-all.jar" state=file
owner=root group=root mode=0755
- name: JSCover | Add bash script - name: JSCover | Configure environment variables
template: src=jscover.sh.j2 dest={{ jenkins_user_home }}/jscover template: src=jscover.sh.j2 dest=/etc/profile.d/jscover.sh
owner={{ jenkins_user }} group={{ jenkins_group }} mode=0755 owner=root group=root mode=0755
- name: JSCover | Add source of jscover.sh to .bashrc
lineinfile:
dest="{{ jenkins_user_home }}/.bashrc"
regexp=". {{ jenkins_user_home }}/jscover"
line=". {{ jenkins_user_home }}/jscover"
playbooks/roles/jenkins_worker/tasks/main.yml
...@@ -13,3 +13,4 @@ ...@@ -13,3 +13,4 @@
- include: xvfb.yml - include: xvfb.yml
- include: browsers.yml - include: browsers.yml
- include: jscover.yml - include: jscover.yml
- include: secure_home.yml
playbooks/roles/jenkins_worker/tasks/secure_home.yml 0 → 100644
---
# Ensure that code executed by the worker can't be
# installed to execute on login.
- name: Set permissions on .bash_profile
file: path="{{ jenkins_user_home }}/.bash_profile" state=file
owner="{{ jenkins_user }}" group="{{ jenkins_group }}"
mode=0500
- name: Set permissions on .bashrc
file: path="{{ jenkins_user_home }}/.bashrc" state=file
owner="{{ jenkins_user }}" group="{{ jenkins_group }}"
mode=0500
- name: Set permissions on rbenv config
file: path="{{ jenkins_user_home }}/rbenv" state=file
owner="{{ jenkins_user }}" group="{{ jenkins_group }}"
mode=0500
ignore_errors: yes
playbooks/roles/jenkins_worker/tasks/system.yml
...@@ -3,7 +3,7 @@ ...@@ -3,7 +3,7 @@
group: name={{ jenkins_group }} state=present group: name={{ jenkins_group }} state=present
- name: jenkins | Add the jenkins user to the group - name: jenkins | Add the jenkins user to the group
user: name={{ jenkins_user }} append=yes groups={{ jenkins_group }} user: name={{ jenkins_user }} append=yes group={{ jenkins_group }}
- name: jenkins | Create .ssh directory - name: jenkins | Create .ssh directory
file: path={{ jenkins_user_home }}/.ssh state=directory file: path={{ jenkins_user_home }}/.ssh state=directory
...@@ -19,7 +19,7 @@ ...@@ -19,7 +19,7 @@
- name: jenkins | Set key permissions - name: jenkins | Set key permissions
file: path={{ jenkins_user_home }}/.ssh/authorized_keys file: path={{ jenkins_user_home }}/.ssh/authorized_keys
owner={{ jenkins_user }} group={{ jenkins_group }} owner={{ jenkins_user }} group={{ jenkins_group }}
mode=600 mode=400
- name: jenkins | Create directory for builds - name: jenkins | Create directory for builds
file: path={{ jenkins_workspace }} file: path={{ jenkins_workspace }}
...@@ -29,18 +29,17 @@ ...@@ -29,18 +29,17 @@
- name: jenkins | Install system packages - name: jenkins | Install system packages
apt: pkg=${item} apt: pkg=${item}
with_items: with_items:
- npm - build-essential
- gfortran
- graphviz - graphviz
- npm
- libgraphviz-dev - libgraphviz-dev
- gfortran
- libopenblas-dev - libopenblas-dev
- liblapack-dev - liblapack-dev
- libxml2-dev - libxml2-dev
- libgeos-dev - libgeos-dev
- libmysqlclient-dev - libmysqlclient-dev
- build-essential
- pkg-config
- libxslt1-dev - libxslt1-dev
tags: - npm
- system_pkgs - pkg-config
- unzip
- xml-twig-tools
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment