still working on remote publishing

1eac88ca · Victor Penso · 34c90543 · 1eac88ca · 1eac88ca · 1eac88ca
Commit 1eac88ca authored Nov 11, 2013 by Victor Penso
--- a/recipes/remote.rb
+++ b/recipes/remote.rb
@@ -15,7 +15,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.

-
 # The cvmfs user operates all remote actions on the CVMFS servers
 user 'cvmfs' 

@@ -33,7 +32,7 @@ node.cvmfs.remote.each_pair do |repo,config|
  group maintainer do
    members ['cvmfs'] << maintainers
  end
- 
+
  directory "/cvmfs/#{repo}" do
    group maintainer
    mode '0775'
@@ -44,7 +43,7 @@ node.cvmfs.remote.each_pair do |repo,config|
  file rsync_exclude do
    mode "0770"
    group maintainer
-    content ".svn/*\n.libs/*\n.deps/*\n*.o"
+    content ".svn/*\n.libs/*\n.deps/*\n*.o\n"
    # The excludes for Rsync will be modified by users eventually 
    not_if do ::File.exists? rsync_exclude end
  end
@@ -56,9 +55,10 @@ node.cvmfs.remote.each_pair do |repo,config|
    'StrictHostKeyChecking' => 'no'
  }

-  sys_sudo repo do
+  # Allow all maintainers to execute the remote publishing script
+  sys_sudo maintainer do
    users maintainer.upcase => maintainers
-    rules ["#{maintainer.upcase} #{node.fqdn}=NOPASSWD:/sbin/cvmfs * #{repo}"]
+    rules ["#{maintainer.upcase} #{node.fqdn}=NOPASSWD:/sbin/cvmfs-remote * #{repo}"]
  end

 end

--- a/recipes/server.rb
+++ b/recipes/server.rb
@@ -25,6 +25,10 @@ apache_site '000-default' do
  enable false
 end

+user 'cvmfs' do
+  shell '/bin/bash'
+end
+
 # Initialize the repositories unless they exist
 node.cvmfs.server.repos.each do |repo|
  execute "cvmfs_server mkfs -o root #{repo}" do

--- a/tests/roles/cvmfs_server_test.rb
+++ b/tests/roles/cvmfs_server_test.rb
 name "cvmfs_server_test"
 description "Use to test the [cvmfs::server] recipe."
 run_list( 
+  "recipe[sys::pam]",
  "recipe[sys::ssh]",
  "recipe[cernvm-fs]" 
 )
 default_attributes(
  :sys => {
-    :ssh => {
-      :authorize => {
-        'cvmfs' => {
-          :keys => [ 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ33u0CFd+KbcT1agerP3zAbG57iXPKWT8ACznmWidHjAma23O8QvDXc3TuKu7OnsWpV6kCNpOJqw35pf7c6xRK+ZVWk8MnKkEm/Ht2UGukVWsLhlAPczG3Def8bkR0DrzOybR/ytWjnUbxGeg3EyJwgelA76KpNc/qdBeYyZI6/CgH3D0jJKfRdftv+4AC/tBBqHUeUa/RR7vG4yTasQ8HAIvCH4q5E3VO0HsWFZAxwodtOkmqaEmUoKxvXL1jCnttELzte1eQqMCkDtS4LhxfAeFGLwEDUTX+9eXstDkUY9BO0v1xDJnge5d0InVmBony1waXJU3Z7JTQTMj7aZ9' ]
-        }
-      }
-    }
+    :ssh => { :authorize => { 'cvmfs' => { :keys => [ 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ33u0CFd+KbcT1agerP3zAbG57iXPKWT8ACznmWidHjAma23O8QvDXc3TuKu7OnsWpV6kCNpOJqw35pf7c6xRK+ZVWk8MnKkEm/Ht2UGukVWsLhlAPczG3Def8bkR0DrzOybR/ytWjnUbxGeg3EyJwgelA76KpNc/qdBeYyZI6/CgH3D0jJKfRdftv+4AC/tBBqHUeUa/RR7vG4yTasQ8HAIvCH4q5E3VO0HsWFZAxwodtOkmqaEmUoKxvXL1jCnttELzte1eQqMCkDtS4LhxfAeFGLwEDUTX+9eXstDkUY9BO0v1xDJnge5d0InVmBony1waXJU3Z7JTQTMj7aZ9' ] } } }
  },
-  :cvmfs => {
-    :server => {
-      :repos => [ 'alpha.devops.test' ]
-    } 
-  }
+  :cvmfs => { :server => { :repos => [ 'alpha.devops.test' ] } }
 )