Merge pull request #683 from jpodivin/removing-become

Reworking file and directory ownership
openstack-k8s-operators · Jul 26, 2024 · c6ad1d0 · c6ad1d0
2 parents 62b9ba1 + 3450d0d
commit c6ad1d0
Show file tree

Hide file tree

Showing 55 changed files with 75 additions and 39 deletions.
diff --git a/.github/workflows/molecule.yaml b/.github/workflows/molecule.yaml
@@ -43,6 +43,7 @@ jobs:
         - edpm_timezone
         - edpm_tuned
         - edpm_telemetry
+        - edpm_telemetry_logging
         - edpm_update
         - edpm_users
         - env_data

diff --git a/playbooks/bootstrap.yml b/playbooks/bootstrap.yml
@@ -7,11 +7,9 @@
       ansible.builtin.wait_for_connection:
         delay: "{{ edpm_wait_for_connection_delay | default(10) }}"
         timeout: "{{ edpm_wait_for_connection_timeout | default(600) }}"
-
 - name: Bootstrap node
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/ceph_client.yml b/playbooks/ceph_client.yml
@@ -3,7 +3,6 @@
 - name: Configure EDPM as client of Ceph
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/configure_network.yml b/playbooks/configure_network.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM Network
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/configure_os.yml b/playbooks/configure_os.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM Operating System Configure
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/configure_ovs_dpdk.yml b/playbooks/configure_ovs_dpdk.yml
@@ -3,7 +3,6 @@
 - name: Configure OvS DPDK
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   tasks:
     - name: Configure OvS DPDK configs
       ansible.builtin.import_role:

diff --git a/playbooks/frr.yml b/playbooks/frr.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM FRR
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/install_os.yml b/playbooks/install_os.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM Operating System Install
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:
@@ -25,6 +24,8 @@
     - name: Install and configure time service using timesync system role
       ansible.builtin.include_role:
         name: "{{ lookup('ansible.builtin.env', 'EDPM_SYSTEMROLES', default='fedora.linux_system_roles') + '.timesync' }}"
+        apply:
+          become: true
       tags:
         - dataplane_chrony
     - name: Install edpm_logrotate_crond

diff --git a/playbooks/neutron_dhcp.yml b/playbooks/neutron_dhcp.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM Neutron DHCP agent
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/neutron_metadata.yml b/playbooks/neutron_metadata.yml
@@ -2,7 +2,6 @@
 - name: Deploy EDPM Neutron OVN Metadata agent
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/neutron_ovn.yaml b/playbooks/neutron_ovn.yaml
@@ -2,7 +2,6 @@
 - name: Deploy EDPM Neutron OVN agent
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/neutron_sriov.yml b/playbooks/neutron_sriov.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM Neutron SR-IOV agent
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/nova.yml b/playbooks/nova.yml
@@ -2,7 +2,6 @@
 
 - name: Deploy EDPM Nova storage infrastructure
   ansible.builtin.import_playbook: nova_storage.yml
-
 - name: Deploy EDPM Nova
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear

diff --git a/playbooks/nova_storage.yml b/playbooks/nova_storage.yml
@@ -2,7 +2,6 @@
 
 - name: Deploy Nova storage infrastructure
   hosts: all
-  become: true
   strategy: linear
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
@@ -12,13 +11,11 @@
         name: osp.edpm.edpm_iscsid
       tags:
         - edpm_iscsid
-
     - name: Deploy multipath daemon
       ansible.builtin.import_role:
         name: osp.edpm.edpm_multipathd
       tags:
         - edpm_multipathd
-
     - name: Support NVMe-oF protocols
       ansible.builtin.import_role:
         name: osp.edpm.edpm_nvmeof

diff --git a/playbooks/ovn.yml b/playbooks/ovn.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM OVN
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/ovn_bgp_agent.yml b/playbooks/ovn_bgp_agent.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM OVN BGP Agent
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/pre_adoption_validation.yml b/playbooks/pre_adoption_validation.yml
@@ -3,7 +3,6 @@
 - name: Validate adoption configuration
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/reboot.yml b/playbooks/reboot.yml
@@ -3,7 +3,6 @@
 - name: Reboot nodes if reboot is required
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   tasks:
     - name: Run edpm_reboot
       ansible.builtin.import_role:

diff --git a/playbooks/run_os.yml b/playbooks/run_os.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM Operating System Run
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/select_kernel_ddp_package.yml b/playbooks/select_kernel_ddp_package.yml
@@ -3,7 +3,6 @@
 - name: Select Kernel DDP Package
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/sriov_derive_device_spec.yml b/playbooks/sriov_derive_device_spec.yml
@@ -3,7 +3,6 @@
 - name: Derive sriov device_spec
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/ssh_known_hosts.yml b/playbooks/ssh_known_hosts.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM SSH Known Hosts
   hosts: "{{ edpm_override_hosts | default('all', true) }}"
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/playbooks/swift.yml b/playbooks/swift.yml
@@ -3,7 +3,6 @@
 - name: Deploy EDPM Swift
   hosts: all
   strategy: linear
-  become: true
   any_errors_fatal: "{{ edpm_any_errors_fatal | default(true) }}"
   max_fail_percentage: "{{ edpm_max_fail_percentage | default(0) }}"
   tasks:

diff --git a/roles/edpm_container_manage/tasks/main.yml b/roles/edpm_container_manage/tasks/main.yml
@@ -24,6 +24,7 @@
   become: true
 
 - name: Generate containers configs data
+  become: true
   block:
     - name: "Find all matching configs configs for in {{ edpm_container_manage_config }}"
       container_config_data:

diff --git a/roles/edpm_container_rm/tasks/edpm_podman_container_rm.yml b/roles/edpm_container_rm/tasks/edpm_podman_container_rm.yml
@@ -21,6 +21,7 @@
   register: systemd_healthcheck_exists
 
 - name: "Tear-down healthcheck: [ {{ container }} ]"
+  become: true
   when:
     - systemd_healthcheck_exists.stat.exists
   block:
@@ -46,6 +47,7 @@
   register: systemd_exists
 
 - name: "Tear-down container: [ {{ container }} ]"
+  become: true
   when:
     - systemd_exists.stat.exists
   block:
@@ -66,19 +68,22 @@
   register: systemd_requires_exists
 
 - name: "Remove systemd requires: [ {{ container }} ]"
+  become: true
   ansible.builtin.file:
     path: "/etc/systemd/system/edpm_{{ container }}.service.requires"
     state: absent
   when:
     - systemd_requires_exists.stat.exists
 
 - name: Reload systemd services if needed
+  become: true
   when:
     - systemd_healthcheck_exists.stat.exists or systemd_exists.stat.exists or systemd_requires_exists.stat.exists
   ansible.builtin.systemd:
     daemon_reload: true
 
 - name: Stop and remove container if exists
+  become: true
   containers.podman.podman_container:
     name: "{{ container }}"
     state: absent

diff --git a/roles/edpm_container_standalone/tasks/main.yml b/roles/edpm_container_standalone/tasks/main.yml
@@ -18,26 +18,30 @@
 # "edpm_container_standalone" will search for and load any operating system variable file
 
 - name: "Ensure directory exists: {{ edpm_container_standalone_kolla_config_dir }}"
+  become: true
   ansible.builtin.file:
     path: "{{ edpm_container_standalone_kolla_config_dir }}"
     state: directory
     recurse: true
     setype: container_file_t
 
 - name: Create kolla config files
+  become: true
   ansible.builtin.copy:
     content: "{{ item.value | to_nice_json }}"
     dest: "{{ edpm_container_standalone_kolla_config_dir ~ '/' ~ item.key ~ '.json' }}"
     mode: "0600"
   loop: "{{ edpm_container_standalone_kolla_config_files | dict2items }}"
 
 - name: "Create config file {{ edpm_container_standalone_container_startup_config_dir + '/' + edpm_container_standalone_service }}"
+  become: true
   ansible.builtin.file:
     path: "{{ edpm_container_standalone_container_startup_config_dir }}/{{ edpm_container_standalone_service }}"
     state: directory
     mode: "0755"
 
 - name: "Render container definitions: [{{ edpm_container_standalone_service }} ]"
+  become: true
   ansible.builtin.copy:
     content: "{{ item.value | to_nice_json }}"
     dest: "{{ edpm_container_standalone_container_startup_config_dir }}/{{ edpm_container_standalone_service }}/{{ item.key }}.json"

diff --git a/roles/edpm_frr/tasks/configure.yml b/roles/edpm_frr/tasks/configure.yml
@@ -39,7 +39,6 @@
           Please check value of Ansible variable edpm_frr_bgp_uplinks.
 
 - name: Configure FRR
-  become: true
   ansible.builtin.template:
     src: frr.conf.j2
     dest: "{{ edpm_frr_config_basedir }}/etc/frr/frr.conf"
@@ -49,7 +48,6 @@
   register: _frr_config_result
 
 - name: Configure FRR daemons
-  become: true
   ansible.builtin.template:
     src: daemons.j2
     dest: "{{ edpm_frr_config_basedir }}/etc/frr/daemons"

diff --git a/roles/edpm_frr/tasks/install.yml b/roles/edpm_frr/tasks/install.yml
@@ -21,6 +21,8 @@
     state: directory
     setype: "{{ item.setype }}"
     mode: "{{ item.mode }}"
+    owner: "{{ ansible_user | default(ansible_user_id) }}"
+    group: "{{ ansible_user | default(ansible_user_id) }}"
   loop:
     - {'path': /var/log/containers/frr, 'setype': container_file_t, 'mode': '0750'}
     - {'path': "{{ edpm_frr_config_basedir }}", 'setype': container_file_t, 'mode': '0750'}
@@ -44,7 +46,6 @@
       - "selinux"
 
 - name: Create directory {{ edpm_frr_config_basedir }}
-  become: true
   ansible.builtin.file:
     path: "{{ edpm_frr_config_basedir }}/etc/frr"
     recurse: true

diff --git a/roles/edpm_install_certs/tasks/adoption.yml b/roles/edpm_install_certs/tasks/adoption.yml
@@ -22,6 +22,7 @@
   register: requests
 
 - name: Backup certificate requests
+  become: true
   tags:
     - adoption
   ansible.builtin.copy:
@@ -32,6 +33,7 @@
   when: requests.matched != 0
 
 - name: Remove certificate requests
+  become: true
   tags:
     - adoption
   ansible.builtin.file:

diff --git a/roles/edpm_iscsid/tasks/run.yml b/roles/edpm_iscsid/tasks/run.yml
@@ -43,6 +43,7 @@
 # the manage_iscsid_stat changed.
 
 - name: Restart iscsid container to refresh /etcd/iscsid.conf
+  become: true
   when:
     - not manage_iscsid_stat.changed|bool
     - iscsi_restart_stat.stat.exists|bool
@@ -51,6 +52,7 @@
     state: restarted
 
 - name: Remove iscsid container restart sentinel file
+  become: true
   ansible.builtin.file:
     path: /etc/iscsi/.iscsid_restart_required
     state: absent
diff --git a/roles/edpm_kernel/tasks/kernelargs.yml b/roles/edpm_kernel/tasks/kernelargs.yml
@@ -51,6 +51,7 @@
   ansible.builtin.include_tasks: hugepages.yml
 
 - name: Check if the kernelargs entry is already present in the file
+  become: true
   ansible.builtin.replace:
     regexp: EDPM_KERNEL_ARGS
     dest: /etc/default/grub

diff --git a/roles/edpm_kernel/tasks/reboot.yaml b/roles/edpm_kernel/tasks/reboot.yaml
@@ -69,12 +69,14 @@
     msg: "Creating edpm_kernel file under reboot_required for applying kernel args settings"
 
 - name: Create a reboot_required directory if it does not exist
+  become: true
   ansible.builtin.file:
     path: /var/lib/openstack/reboot_required
     state: directory
     mode: '0755'
 
 - name: Create file for reboot required
+  become: true
   ansible.builtin.file:
     path: /var/lib/openstack/reboot_required/edpm_kernel
     state: touch

diff --git a/roles/edpm_kernel/tasks/upgrade_tasks.yml b/roles/edpm_kernel/tasks/upgrade_tasks.yml
@@ -15,11 +15,13 @@
 # under the License.
 
 - name: Fix grub entries to have name start with GRUB_
+  become: true
   ansible.builtin.replace:
     path: '/etc/default/grub'
     regexp: '^(EDPM_KERNEL_ARGS)(.*)'
     replace: 'GRUB_\1\2'
 - name: Fix grub entries in append statement
+  become: true
   ansible.builtin.replace:
     path: '/etc/default/grub'
     regexp: '(.*){(EDPM_KERNEL_ARGS)}(.*)'

diff --git a/roles/edpm_libvirt/tasks/configure.yml b/roles/edpm_libvirt/tasks/configure.yml
@@ -152,7 +152,7 @@
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
     remote_src: true
-    mode: "0600"
+    mode: "0644"
     owner: "root"
     group: "root"
   when: edpm_libvirt_tls_certs_enabled