From cee37b80040ad4847f030f88f37df1312a5d7638 Mon Sep 17 00:00:00 2001
From: Pau Espin Pedrol <pespin@sysmocom.de>
Date: Fri, 26 Oct 2018 14:21:45 +0200
Subject: ansible: ogt: Deploy osmo-gsm-tester_netns_exec.sh

Related: OS#2308
Change-Id: I587dd5630b211a906351f064c718f8f4c5fe6273
---
 .../roles/gsm-tester/files/osmo-gsm-tester_netns_exec.sh    |  5 +++++
 ansible/roles/gsm-tester/tasks/main.yml                     | 13 +++++++++++++
 2 files changed, 18 insertions(+)
 create mode 100755 ansible/roles/gsm-tester/files/osmo-gsm-tester_netns_exec.sh

(limited to 'ansible/roles/gsm-tester')

diff --git a/ansible/roles/gsm-tester/files/osmo-gsm-tester_netns_exec.sh b/ansible/roles/gsm-tester/files/osmo-gsm-tester_netns_exec.sh
new file mode 100755
index 0000000..336b746
--- /dev/null
+++ b/ansible/roles/gsm-tester/files/osmo-gsm-tester_netns_exec.sh
@@ -0,0 +1,5 @@
+#!/bin/bash
+netns="$1"
+shift
+#TODO: Later on I may want to call myself with specific ENV and calling sudo in order to run inside the netns but with dropped privileges
+ip netns exec $netns "$@"
diff --git a/ansible/roles/gsm-tester/tasks/main.yml b/ansible/roles/gsm-tester/tasks/main.yml
index 61db8e9..4f57b17 100644
--- a/ansible/roles/gsm-tester/tasks/main.yml
+++ b/ansible/roles/gsm-tester/tasks/main.yml
@@ -237,6 +237,19 @@
     dest: /etc/sudoers.d/osmo-gsm-tester_setcap_net_admin
     mode: 0440
 
+- name: create a wrapper script to run processes on modem netns
+  copy:
+    src: osmo-gsm-tester_netns_exec.sh
+    dest: /usr/local/bin/osmo-gsm-tester_netns_exec.sh
+    mode: 755
+
+- name: allow osmo-gsm-tester sudo osmo-gsm-tester_netns_exec.sh
+  copy:
+    content: |
+      %osmo-gsm-tester ALL=(root) NOPASSWD: /usr/local/bin/osmo-gsm-tester_netns_exec.sh
+    dest: /etc/sudoers.d/osmo-gsm-tester_netns_exec
+    mode: 0440
+
 - name: logrotate limit filesizes to 10M
   copy:
     content: "maxsize 10M"
-- 
cgit v1.2.3