DGNum/colmena
13
0
Fork 1
Code Issues 6 Pull requests 2 Projects Releases Packages Wiki Activity

host/local: Upload keys with sudo as well

Browse source
This commit is contained in:
Zhaofeng Li 2022-06-10 11:29:25 -07:00
parent d7aa4ab864
commit dd3f4b252c
4 changed files with 18 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
integration-tests/apply-local/default.nix
View file

@ -4,6 +4,13 @@ let
tools = pkgs.callPackage ../tools.nix { tools = pkgs.callPackage ../tools.nix {
targets = []; targets = [];
prebuiltTarget = "deployer"; prebuiltTarget = "deployer";
extraDeployerConfig = {
users.users.colmena = {
isNormalUser = true;
extraGroups = [ "wheel" ];
};
security.sudo.wheelNeedsPassword = false;
};
}; };
in tools.makeTest { in tools.makeTest {
name = "colmena-apply-local"; name = "colmena-apply-local";
@ -11,7 +18,8 @@ in tools.makeTest {
bundle = ./.; bundle = ./.;
testScript = '' testScript = ''
deployer.succeed("cd /tmp/bundle && ${tools.colmenaExec} apply-local") deployer.succeed("cd /tmp/bundle && sudo -u colmena ${tools.colmenaExec} apply-local --sudo")
deployer.succeed("grep SUCCESS /etc/deployment") deployer.succeed("grep SUCCESS /etc/deployment")
deployer.succeed("grep SECRET /run/keys/key-text")
''; '';
} }

3
integration-tests/apply-local/hive.nix
View file

@ -19,5 +19,8 @@ in {
}; };
environment.etc."deployment".text = "SUCCESS"; environment.etc."deployment".text = "SUCCESS";
# /run/keys/key-text
deployment.keys."key-text".text = "SECRET";
}; };
} }

5
integration-tests/tools.nix
View file

@ -10,6 +10,7 @@
{ insideVm ? false { insideVm ? false
, deployers ? [ "deployer" ] # Nodes configured as deployers (with Colmena and pre-built system closure) , deployers ? [ "deployer" ] # Nodes configured as deployers (with Colmena and pre-built system closure)
, targets ? [ "alpha" "beta" "gamma" ] # Nodes configured as targets (minimal config) , targets ? [ "alpha" "beta" "gamma" ] # Nodes configured as targets (minimal config)
, extraDeployerConfig ? {} # Extra config on the deployer
, prebuiltTarget ? "alpha" # Target node to prebuild system closure for, or null , prebuiltTarget ? "alpha" # Target node to prebuild system closure for, or null
, pkgs ? if insideVm then import <nixpkgs> {} else throw "Must specify pkgs" , pkgs ? if insideVm then import <nixpkgs> {} else throw "Must specify pkgs"
@ -38,6 +39,10 @@ let
# so it can build system profiles for the targets without # so it can build system profiles for the targets without
# network access. # network access.
deployerConfig = { lib, config, ... }: { deployerConfig = { lib, config, ... }: {
imports = [
extraDeployerConfig
];
nix.nixPath = [ nix.nixPath = [
"nixpkgs=${pkgs.path}" "nixpkgs=${pkgs.path}"
]; ];

4
src/nix/host/local.rs
View file

@ -143,9 +143,7 @@ impl Local {
let path = key.path(); let path = key.path();
let key_script = format!("'{}'", key_uploader::generate_script(key, path, require_ownership)); let key_script = format!("'{}'", key_uploader::generate_script(key, path, require_ownership));
let mut command = Command::new("sh"); let mut command = self.make_privileged_command(&["sh", "-c", &key_script]);
command.args(&["-c", &key_script]);
command.stdin(Stdio::piped()); command.stdin(Stdio::piped());
command.stderr(Stdio::piped()); command.stderr(Stdio::piped());
command.stdout(Stdio::piped()); command.stdout(Stdio::piped());