diff --git a/roles/edpm_derive_pci_device_spec/tasks/derive_pci_device_spec.yml b/roles/edpm_derive_pci_device_spec/tasks/derive_pci_device_spec.yml index 38fcef962..c7bd7c8ea 100644 --- a/roles/edpm_derive_pci_device_spec/tasks/derive_pci_device_spec.yml +++ b/roles/edpm_derive_pci_device_spec/tasks/derive_pci_device_spec.yml @@ -25,8 +25,8 @@ path: "{{ edpm_derive_pci_device_spec_conf_dir }}" setype: "container_file_t" state: directory - owner: "{{ ansible_user }}" - group: "{{ ansible_user }}" + owner: "{{ ansible_user | default(ansible_user_id) }}" + group: "{{ ansible_user | default(ansible_user_id) }}" mode: "0755" - name: Check if edpm node has the sriov nova conf diff --git a/roles/edpm_extra_mounts/tasks/extra_mounts.yml b/roles/edpm_extra_mounts/tasks/extra_mounts.yml index 840135946..d7f1e4233 100644 --- a/roles/edpm_extra_mounts/tasks/extra_mounts.yml +++ b/roles/edpm_extra_mounts/tasks/extra_mounts.yml @@ -19,8 +19,8 @@ ansible.builtin.file: path: "{{ item.path }}" state: directory - owner: "{{ item.owner | default(omit) }}" - group: "{{ item.group | default(omit) }}" + owner: "{{ item.owner | default(ansible_user) | default(ansible_user_id) }}" + group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default('0775') }}" loop: "{{ edpm_default_mounts }}" tags: diff --git a/roles/edpm_libvirt/tasks/configure.yml b/roles/edpm_libvirt/tasks/configure.yml index a23d327ec..045637c25 100644 --- a/roles/edpm_libvirt/tasks/configure.yml +++ b/roles/edpm_libvirt/tasks/configure.yml @@ -16,8 +16,8 @@ path: "{{ item.path }}" state: directory setype: "{{ item.setype | default('container_file_t') }}" - owner: "{{ item.owner | default(ansible_user) }}" - group: "{{ item.group | default(ansible_user) }}" + owner: "{{ item.owner | default(ansible_user) | default(ansible_user_id) }}" + group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default(omit) }}" loop: - {"path": "/etc/tmpfiles.d/", "owner": "root", "group": "root"} @@ -36,9 +36,8 @@ src: "{{ item.src }}" dest: "/etc/{{ item.dest }}" mode: "{{ item.mode | default('0640') }}" - # FIXME: update to libvirt user/group - owner: "root" - group: "root" + owner: "{{ 'libvirt' | default(ansible_user) | default(ansible_user_id) }}" + group: "{{ 'libvirt' | default(ansible_user) | default(ansible_user_id) }}" loop: - {"src": "virtlogd.conf", "dest": "libvirt/virtlogd.conf"} - {"src": "virtnodedevd.conf", "dest": "libvirt/virtnodedevd.conf"} diff --git a/roles/edpm_neutron_dhcp/tasks/install.yml b/roles/edpm_neutron_dhcp/tasks/install.yml index 7828df743..3af386b72 100644 --- a/roles/edpm_neutron_dhcp/tasks/install.yml +++ b/roles/edpm_neutron_dhcp/tasks/install.yml @@ -15,6 +15,7 @@ # under the License. - name: Create neutron-dhcp-agent directories + become: true ansible.builtin.file: path: "{{ item.path }}" setype: "container_file_t" diff --git a/roles/edpm_neutron_sriov/tasks/install.yml b/roles/edpm_neutron_sriov/tasks/install.yml index 6c6f7e323..315b476b9 100644 --- a/roles/edpm_neutron_sriov/tasks/install.yml +++ b/roles/edpm_neutron_sriov/tasks/install.yml @@ -20,8 +20,8 @@ path: "{{ item.path }}" setype: "container_file_t" state: directory - owner: "{{ item.owner | default(omit) }}" - group: "{{ item.group | default(omit) }}" + owner: "{{ item.owner | default(ansible_user) | default(ansible_user_id) }}" + group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default(omit) }}" loop: - {'path': "/var/lib/openstack/config/containers", "mode": "0755", "owner": "{{ ansible_user }}", "group": "{{ ansible_user }}"} diff --git a/roles/edpm_nova/tasks/configure.yml b/roles/edpm_nova/tasks/configure.yml index 92d25f42a..c07fc0c0e 100644 --- a/roles/edpm_nova/tasks/configure.yml +++ b/roles/edpm_nova/tasks/configure.yml @@ -72,8 +72,8 @@ path: "{{ item.path }}" state: "directory" setype: "container_file_t" - owner: "{{ item.owner | default(ansible_user) }}" - group: "{{ item.group | default(ansible_user) }}" + owner: "{{ item.owner | default(ansible_user) | default(ansible_user_id) }}" + group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default(omit) }}" loop: - {"path": "{{ edpm_nova_config_dest }}", "mode": "0755"} @@ -87,8 +87,8 @@ path: "{{ item.path }}" setype: "container_file_t" state: "directory" - owner: "{{ item.owner | default(omit) }}" - group: "{{ item.group | default(omit) }}" + owner: "{{ item.owner | default(ansible_user) | default(ansible_user_id) }}" + group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default(omit) }}" loop: - {"path": "/var/lib/nova", "mode": "0755"} diff --git a/roles/edpm_nova/tasks/install.yml b/roles/edpm_nova/tasks/install.yml index ceaaff8b9..3761fb773 100644 --- a/roles/edpm_nova/tasks/install.yml +++ b/roles/edpm_nova/tasks/install.yml @@ -5,15 +5,6 @@ path: "{{ edpm_nova_tls_ca_src_dir }}/tls-ca-bundle.pem" register: ca_bundle_stat_res -# TODO(slagle) This is a temporary backwards compatible task so this can merge -# independently of the dataplane-operator change. This can be removed when -# https://github.com/openstack-k8s-operators/dataplane-operator/pull/885 -# merges. Remove the check in templates/nova_compute.json.j2 as well. -- name: Check if nova-custom ca bundle exists - ansible.builtin.stat: - path: "/var/lib/openstack/cacerts/nova-custom/tls-ca-bundle.pem" - register: nova_custom_ca_bundle_stat_res - - name: Render nova container tags: - install @@ -25,9 +16,9 @@ mode: "0644" vars: ca_bundle_exists: "{{ ca_bundle_stat_res.stat.exists }}" - nova_custom_ca_bundle_exists: "{{ nova_custom_ca_bundle_stat_res.stat.exists }}" notify: - Restart nova + - name: Deploy nova container tags: - install diff --git a/roles/edpm_nova/templates/nova_compute.json.j2 b/roles/edpm_nova/templates/nova_compute.json.j2 index 2f9dd782e..c862437cc 100644 --- a/roles/edpm_nova/templates/nova_compute.json.j2 +++ b/roles/edpm_nova/templates/nova_compute.json.j2 @@ -12,8 +12,6 @@ "/var/lib/openstack/config/nova:/var/lib/kolla/config_files:ro", {% if ca_bundle_exists|bool %} "{{ edpm_nova_tls_ca_src_dir }}/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z", -{% elif nova_custom_ca_bundle_exists|bool %} - "/var/lib/openstack/cacerts/nova-custom/tls-ca-bundle.pem:/etc/pki/ca-trust/extracted/pem/tls-ca-bundle.pem:ro,z", {% endif %} "/etc/localtime:/etc/localtime:ro", "/lib/modules:/lib/modules:ro", diff --git a/roles/edpm_swift/tasks/configure.yml b/roles/edpm_swift/tasks/configure.yml index 512610f1a..c98014f83 100644 --- a/roles/edpm_swift/tasks/configure.yml +++ b/roles/edpm_swift/tasks/configure.yml @@ -34,8 +34,8 @@ path: "{{ item.path }}" state: "directory" setype: "container_file_t" - owner: "{{ item.owner | default(ansible_user) }}" - group: "{{ item.group | default(ansible_user) }}" + owner: "{{ item.owner | default(ansible_user) | default(ansible_user_id) }}" + group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default(omit) }}" loop: - {"path": "{{ edpm_swift_config_dest }}", "mode": "0755"} @@ -49,8 +49,8 @@ path: "{{ item.path }}" state: "directory" setype: "container_file_t" - owner: "{{ item.owner | default(ansible_user) }}" - group: "{{ item.group | default(ansible_user) }}" + owner: "{{ item.owner | default(ansible_user) | default(ansible_user_id) }}" + group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" mode: "{{ item.mode | default(omit) }}" loop: - {"path": "/srv/node", "mode": "0750", "owner": "swift", "group": "swift"} diff --git a/roles/edpm_telemetry/molecule/default/converge.yml b/roles/edpm_telemetry/molecule/default/converge.yml index e14a00756..6bf2d3a0a 100644 --- a/roles/edpm_telemetry/molecule/default/converge.yml +++ b/roles/edpm_telemetry/molecule/default/converge.yml @@ -7,5 +7,3 @@ name: "osp.edpm.edpm_telemetry" vars: telemetry_test: true - ansible_user: root - ansible_user_dir: /root diff --git a/roles/edpm_telemetry_logging/molecule/default/converge.yml b/roles/edpm_telemetry_logging/molecule/default/converge.yml index 7f2b90275..d3860e22b 100644 --- a/roles/edpm_telemetry_logging/molecule/default/converge.yml +++ b/roles/edpm_telemetry_logging/molecule/default/converge.yml @@ -7,5 +7,3 @@ name: "osp.edpm.edpm_telemetry_logging" vars: telemetry_test: true - ansible_user: root - ansible_user_dir: /root diff --git a/roles/edpm_telemetry_logging/tasks/configure.yml b/roles/edpm_telemetry_logging/tasks/configure.yml index 12e3ef4de..46fb58c0a 100644 --- a/roles/edpm_telemetry_logging/tasks/configure.yml +++ b/roles/edpm_telemetry_logging/tasks/configure.yml @@ -42,6 +42,7 @@ remote_src: "{{ telemetry_test | default('false') }}" - name: Deploy rsyslog configuration + become: true ansible.builtin.copy: src: "{{ edpm_telemetry_logging_config_src }}/10-telemetry.conf" dest: "{{ edpm_telemetry_rsyslog_config_dest }}/10-telemetry.conf" diff --git a/roles/edpm_users/tasks/main.yml b/roles/edpm_users/tasks/main.yml index 84c22c3d0..87829647d 100644 --- a/roles/edpm_users/tasks/main.yml +++ b/roles/edpm_users/tasks/main.yml @@ -23,8 +23,8 @@ ansible.builtin.file: path: "{{ item.path }}" state: directory - owner: "{{ item.owner | default(omit) }}" - group: "{{ item.group | default(omit) }}" + owner: "{{ item.owner | default(ansible_user) | default(ansible_user_id) }}" + group: "{{ item.group | default(ansible_user) | default(ansible_user_id) }}" setype: "{{ item.setype | default(omit) }}" seuser: "{{ item.seuser | default(omit) }}" mode: "{{ item.mode | default(omit) }}"