Use local connection and become for localhost plays

When targeting localhost with 'remote_user: root' and using 'become: yes' we lose the environment variables for the user running the playbook (eg: USER, HOME). However, if we use 'connection: local' and 'become: yes' together, it works properly. To ensure these plays have the correct access to change things on the host, we apply this change to them all. We also ensure that 'become: no' is explicitly set on any local connection plays to make the intent more obvious. Finally, we also use 'yes' and 'no' uniformly. Change-Id: I6e4607dd4aaffa0bfcda254103697bf9b28eca1a
2018-07-12 21:01:13 +01:00 · 2018-07-12 21:01:13 +01:00 · 85b51389cc
parent 61edac5df7
commit 85b51389cc
9 changed files with 43 additions and 9 deletions
--- a/get-ansible-role-requirements.yml
+++ b/get-ansible-role-requirements.yml
@ -21,6 +21,7 @@
 - name: Clone the role ansible-role-requirements
  hosts: localhost
  connection: local
+  become: no
  gather_facts: false
  tasks:

--- a/test-install-haproxy.yml
+++ b/test-install-haproxy.yml
@ -22,7 +22,7 @@
  # TODO(odyssey4me):
  # Figure out whether this issue happens for normal (non localhost)
  # delegation, and how to resolve the issue.
-  become: True
+  become: yes
  any_errors_fatal: true
  roles:
    - role: "haproxy_server"
--- a/test-install-horizon.yml
+++ b/test-install-horizon.yml
@ -26,6 +26,7 @@
 - name: Playbook to add nova service and endpoint (required by Horizon)
  hosts: localhost
  connection: local
+  become: no
  gather_facts: false
  any_errors_fatal: true
  vars:
--- a/test-install-openstack-hosts.yml
+++ b/test-install-openstack-hosts.yml
@ -15,12 +15,17 @@

 - name: Execute the openstack-host role
  hosts: localhost
-  remote_user: root
+  # This set of tasks runs against localhost
+  # and requires root access, but tests run as
+  # the user running the playbook (zuul). As
+  # such, we use a local connection and become.
+  connection: local
+  become: yes
  gather_facts: true
  any_errors_fatal: true
  pre_tasks:
    - include: "common-tasks/test-force-package-cache-update.yml"
  roles:
-    - role: "{{ openstack_hosts_rolename | default('openstack_hosts') }}"
+    - role: "openstack_hosts"
  vars_files:
    - test-vars.yml
--- a/test-prepare-containers.yml
+++ b/test-prepare-containers.yml
@ -15,7 +15,12 @@

 - name: Gather facts for the LXC hosts
  hosts: localhost
-  remote_user: root
+  # This set of tasks runs against localhost
+  # and requires root access, but tests run as
+  # the user running the playbook (zuul). As
+  # such, we use a local connection and become.
+  connection: local
+  become: yes
  gather_facts: true
  tasks:
    - include: "common-tasks/test-set-nodepool-vars.yml"
--- a/test-prepare-host.yml
+++ b/test-prepare-host.yml
@ -17,23 +17,32 @@

 - name: Playbook for configuring hosts
  hosts: localhost
-  remote_user: root
+  # This set of tasks runs against localhost
+  # and requires root access, but tests run as
+  # the user running the playbook (zuul). As
+  # such, we use a local connection and become.
+  connection: local
+  become: yes
  vars_files:
    - test-vars.yml
  tasks:
    - include: "common-tasks/test-set-nodepool-vars.yml"
+
    - name: Clear iptables rules
      shell: "{{ playbook_dir }}/iptables-clear.sh"
      tags:
        - skip_ansible_lint
+
    - name: Set ssh key fact
      set_fact:
        lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
+
    - name: Ensure roots new public ssh key is in authorized_keys
      authorized_key:
        user: root
        key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
        manage_dir: no
+
    # This is a very dirty hack due to images.linuxcontainers.org
    # constantly failing to resolve in openstack-infra.
    - name: Implement hard-coded hosts entries for consistently failing name
@ -44,12 +53,14 @@
      with_items:
        - "91.189.91.21 images.linuxcontainers.org us.images.linuxcontainers.org"
        - "91.189.88.37 images.linuxcontainers.org uk.images.linuxcontainers.org"
+
    # NOTE(mhayden): Using package_state=present on CentOS or openSUSE should allow for
    # more gate jobs to complete properly and expose more problems that can
    # be fixed (instead of timeouts).
    - name: Use present for package_state on CentOS and openSUSE
      set_fact:
        package_state: "{{ (ansible_pkg_mgr in ['dnf', 'yum', 'zypper']) | ternary('present', 'latest') }}"
+
    - name: Setup clouds.yaml
      include_role:
        name: openstack_openrc
@ -65,7 +76,12 @@

 - name: Playbook for configuring the LXC host
  hosts: localhost
-  remote_user: root
+  # This set of tasks runs against localhost
+  # and requires root access, but tests run as
+  # the user running the playbook (zuul). As
+  # such, we use a local connection and become.
+  connection: local
+  become: yes
  vars_files:
    - test-vars.yml
  roles:
--- a/test-prepare-keys.yml
+++ b/test-prepare-keys.yml
@ -22,7 +22,7 @@
  gather_facts: false
  any_errors_fatal: true
  connection: local
-  become: true
+  become: yes
  tasks:
    - name: Ensure root has a .ssh directory
      file:
@ -68,7 +68,7 @@
 - name: Playbook for establishing user ssh keys
  hosts: localhost
  connection: local
-  become: false
+  become: no
  any_errors_fatal: true
  tasks:
    # Shell used because facts may not be ready yet
--- a/test-repo-setup.yml
+++ b/test-repo-setup.yml
@ -16,6 +16,7 @@
 - name: Playbook for setting facts for git repository
  hosts: localhost
  connection: local
+  become: no
  gather_facts: false
  any_errors_fatal: true
  tasks:
--- a/test-setup-cinder-localhost.yml
+++ b/test-setup-cinder-localhost.yml
@ -15,7 +15,12 @@

 - name: Prepare cinder-volumes volume group
  hosts: localhost
-  remote_user: root
+  # This set of tasks runs against localhost
+  # and requires root access, but tests run as
+  # the user running the playbook (zuul). As
+  # such, we use a local connection and become.
+  connection: local
+  become: yes
  tasks:
    - name: Install lvm2 package
      package: