From fb6a2ae4c81ae7b2f587ed7462f6cfd50b5219d1 Mon Sep 17 00:00:00 2001
From: Theo Chatzimichos <tampakrap@gmail.com>
Date: Nov 10 2017 18:59:29 +0000
Subject: run the saltmaster gitfs deploy job as root from the gitlab runner


salt-call needs root access to access various files like /var/log/salt
and /var/cache

---

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 543e51b..7938782 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,7 +12,7 @@ test_roles_job:
 
 deploy_job:
   stage: deploy
-  script: salt-call event.fire_master update salt/fileserver/gitfs/update
+  script: sudo salt-call event.fire_master update salt/fileserver/gitfs/update
   only:
     - production
   tags:
diff --git a/pillar/role/worker_gitlab.sls b/pillar/role/worker_gitlab.sls
new file mode 100644
index 0000000..bcb334b
--- /dev/null
+++ b/pillar/role/worker_gitlab.sls
@@ -0,0 +1,6 @@
+sudoers:
+  included_files:
+    /etc/sudoers.d/gitlab-runner_nopasswd_saltmaster_deploy:
+      users:
+        gitlab-runner:
+          - 'ALL=(ALL) NOPASSWD: /usr/bin/salt-call event.fire_master update salt/fileserver/gitfs/update'