Fix sudoers in bootstrap-servers when user != group

In some cases we may want a configuration in which the kolla user's primary group name is not the same as their username. Doing this currently breaks the sudoers configuration, since user entries should reference a user, or a group prefixed with a '%'. There does not seem to be a good reason to give root privileges to the entire group (which sometimes may be a shared group), so let's revert to giving only the user root privileges. See kayobe CI test [1] in which a different user and group were configured, leading to permission denied when using kolla ansible. [1] http://logs.openstack.org/53/581053/2/check/kayobe-overcloud-centos/a70168e TrivialFix Change-Id: I677778ebd0de58df0adfa2a8705f161ec5552283
2018-07-10 12:45:19 +01:00 · 2018-07-10 12:45:19 +01:00 · 0cc2daa57d
parent 8ec92df8e3
commit 0cc2daa57d
1 changed files with 2 additions and 2 deletions
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@ -27,8 +27,8 @@
  lineinfile:
    dest: /etc/sudoers.d/kolla-ansible-users
    state: present
-    regexp: '^{{ kolla_group }}'
-    line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL'
+    regexp: '^{{ kolla_user }}'
+    line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
  become: True
  when: create_kolla_user_sudoers | bool