From a2227d8dc6dfad2650e79ede430e722127c86c0a Mon Sep 17 00:00:00 2001
From: gavanderhoorn <g.a.vanderhoorn@tudelft.nl>
Date: Mon, 29 Jan 2018 18:48:16 +0100
Subject: [PATCH] agent: make sure agent user can use cron.

---
 modules/profile/manifests/jenkins/agent.pp | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/modules/profile/manifests/jenkins/agent.pp b/modules/profile/manifests/jenkins/agent.pp
index b5c31721..7bf4af5f 100644
--- a/modules/profile/manifests/jenkins/agent.pp
+++ b/modules/profile/manifests/jenkins/agent.pp
@@ -114,6 +114,19 @@
     require => User[$agent_username],
   }
 
+  # ensure jenkins-agent user is allowed to use cron
+  file { "/etc/cron.allow":
+    mode => '0600',
+    owner => 'root',
+    group => 'root',
+    ensure => 'file',
+  }
+  file_line { 'allow_jenkins_user_to_use_cron':
+    path => '/etc/cron.allow',
+    line => "${agent_username}",
+    require => File['/etc/cron.allow'],
+  }
+
   # clean up containers and dangling images https://github.com/docker/docker/issues/928#issuecomment-58619854
   cron {'docker_cleanup_images':
     command => "bash -c \"python3 -u /home/${agent_username}/cleanup_docker_images.py --minimum-free-percent 10 --minimum-free-space 50\"",
@@ -123,7 +136,7 @@
     hour    => '*',
     minute  => '*/15',
     weekday => absent,
-    require => User[$agent_username],
+    require => [ User[$agent_username], File_line['allow_jenkins_user_to_use_cron'] ],
   }
 
   exec { 'systemctl-daemon-reload':