-
Notifications
You must be signed in to change notification settings - Fork 8
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update on demand for the git cache on build server #262
base: master
Are you sure you want to change the base?
Update on demand for the git cache on build server #262
Conversation
0bf4005
to
d920e29
Compare
service: | ||
name: update-git-mirror | ||
state: started | ||
become_user: root |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please put it in a separate block. It makes it easier to see that you're switching users.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This require also add second block for task below.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes.
service: | ||
name: update-git-mirror | ||
state: started | ||
become_user: root |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
You should not have to run it as root. The whole idea with setuid
was to allow normal users to run it.
EDIT: After finishing the review I see that systemctl
does not let use do what we wanted to achieve. We need to use sudo
after all. See my comment in the issue that explains the problem and shows what we want to do instead: #191 (comment)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I know, we agreed to use systemctl with sudo. We only run sudo with systemctl that is less dangerous than when we run all scripts with sudo. The systemd service control what is execute.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I thought we agreed to use systemctl
to avoid sudo
(which is more problematic because it requires messing with /etc/sudoers/
) and to use sudo
as a last resort if systemd
does not have any feature that let's you define who can run a service. It doesn't so let's go with sudo
. I don't see any benefit in having a service if you need to use sudo
anyway.
…le with repositories list
…ing `update-git-mirror.sh` script
…to support new solution
…lete old configuration
…lete old configuration
…lete old configuration
…lete old configuration
…lete old configuration
… and file with repositories list
…ol running `update-git-mirror.sh` script
…lete old configuration
…ol running `update-git-mirror.sh` script
…lete old configuration
… and file with repositories list
d920e29
to
67c2063
Compare
…lete old configuration
Resolves #191