From 276ac7e5fb7607430d6dccfda8fa695245796b4b Mon Sep 17 00:00:00 2001
From: "Dustin C. Hatch" <dustin@hatch.name>
Date: Sat, 29 Aug 2020 08:53:28 -0500
Subject: [PATCH] Add rw-root group

Some hosts, such as the Raspberry Pis built using default Fedora images,
do not have proper filesystem separation, but use a single volume for
the entire filesystem.  These hosts cannot have the root filesystem
mounted read-only, since all the writable data are also stored there.

When Jenkins runs configuration policy jobs, it always tries to remount
the root filesystem as read-only on every machine that it configured.
For these hosts with a single volume, this step fails, causing the job
to be marked as failed.  To avoid this, I have added a new group,
*rw-root*; hosts in this group will be omitted from the final remount
step.
---
 hosts                         | 4 ++++
 vars/applyConfigPolicy.groovy | 2 +-
 2 files changed, 5 insertions(+), 1 deletion(-)

diff --git a/hosts b/hosts
index e875adc..fe3c4f7 100644
--- a/hosts
+++ b/hosts
@@ -107,6 +107,10 @@ dns0.pyrocufflink.blue
 [radius:children]
 samba-dc
 
+[rw-root]
+build1-aarch64.pyrocufflink.blue
+build2-armv7hl.pyrocufflink.blue
+
 [samba-dc]
 dc0.pyrocufflink.blue
 
diff --git a/vars/applyConfigPolicy.groovy b/vars/applyConfigPolicy.groovy
index 843339d..d134996 100644
--- a/vars/applyConfigPolicy.groovy
+++ b/vars/applyConfigPolicy.groovy
@@ -83,7 +83,7 @@ def stageRemountRO(limit) {
     stage('Remount R/O') {
         ansiblePlaybook \
             playbook: 'remount.yml',
-            limit: limit,
+            limit: limit + ':!rw-root',
             become: true,
             vaultCredentialsId: 'ansible-vault',
             extras: '--diff'