Use local connection and become for localhost plays
When targeting localhost with 'remote_user: root' and using 'become: yes' we lose the environment variables for the user running the playbook (eg: USER, HOME). However, if we use 'connection: local' and 'become: yes' together, it works properly. To ensure these plays have the correct access to change things on the host, we apply this change to them all. We also ensure that 'become: no' is explicitly set on any local connection plays to make the intent more obvious. Finally, we also use 'yes' and 'no' uniformly. Change-Id: I6e4607dd4aaffa0bfcda254103697bf9b28eca1a
This commit is contained in:
parent
61edac5df7
commit
85b51389cc
|
@ -21,6 +21,7 @@
|
||||||
- name: Clone the role ansible-role-requirements
|
- name: Clone the role ansible-role-requirements
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
connection: local
|
connection: local
|
||||||
|
become: no
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
tasks:
|
tasks:
|
||||||
|
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
# TODO(odyssey4me):
|
# TODO(odyssey4me):
|
||||||
# Figure out whether this issue happens for normal (non localhost)
|
# Figure out whether this issue happens for normal (non localhost)
|
||||||
# delegation, and how to resolve the issue.
|
# delegation, and how to resolve the issue.
|
||||||
become: True
|
become: yes
|
||||||
any_errors_fatal: true
|
any_errors_fatal: true
|
||||||
roles:
|
roles:
|
||||||
- role: "haproxy_server"
|
- role: "haproxy_server"
|
||||||
|
|
|
@ -26,6 +26,7 @@
|
||||||
- name: Playbook to add nova service and endpoint (required by Horizon)
|
- name: Playbook to add nova service and endpoint (required by Horizon)
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
connection: local
|
connection: local
|
||||||
|
become: no
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
any_errors_fatal: true
|
any_errors_fatal: true
|
||||||
vars:
|
vars:
|
||||||
|
|
|
@ -15,12 +15,17 @@
|
||||||
|
|
||||||
- name: Execute the openstack-host role
|
- name: Execute the openstack-host role
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
remote_user: root
|
# This set of tasks runs against localhost
|
||||||
|
# and requires root access, but tests run as
|
||||||
|
# the user running the playbook (zuul). As
|
||||||
|
# such, we use a local connection and become.
|
||||||
|
connection: local
|
||||||
|
become: yes
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
any_errors_fatal: true
|
any_errors_fatal: true
|
||||||
pre_tasks:
|
pre_tasks:
|
||||||
- include: "common-tasks/test-force-package-cache-update.yml"
|
- include: "common-tasks/test-force-package-cache-update.yml"
|
||||||
roles:
|
roles:
|
||||||
- role: "{{ openstack_hosts_rolename | default('openstack_hosts') }}"
|
- role: "openstack_hosts"
|
||||||
vars_files:
|
vars_files:
|
||||||
- test-vars.yml
|
- test-vars.yml
|
||||||
|
|
|
@ -15,7 +15,12 @@
|
||||||
|
|
||||||
- name: Gather facts for the LXC hosts
|
- name: Gather facts for the LXC hosts
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
remote_user: root
|
# This set of tasks runs against localhost
|
||||||
|
# and requires root access, but tests run as
|
||||||
|
# the user running the playbook (zuul). As
|
||||||
|
# such, we use a local connection and become.
|
||||||
|
connection: local
|
||||||
|
become: yes
|
||||||
gather_facts: true
|
gather_facts: true
|
||||||
tasks:
|
tasks:
|
||||||
- include: "common-tasks/test-set-nodepool-vars.yml"
|
- include: "common-tasks/test-set-nodepool-vars.yml"
|
||||||
|
|
|
@ -17,23 +17,32 @@
|
||||||
|
|
||||||
- name: Playbook for configuring hosts
|
- name: Playbook for configuring hosts
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
remote_user: root
|
# This set of tasks runs against localhost
|
||||||
|
# and requires root access, but tests run as
|
||||||
|
# the user running the playbook (zuul). As
|
||||||
|
# such, we use a local connection and become.
|
||||||
|
connection: local
|
||||||
|
become: yes
|
||||||
vars_files:
|
vars_files:
|
||||||
- test-vars.yml
|
- test-vars.yml
|
||||||
tasks:
|
tasks:
|
||||||
- include: "common-tasks/test-set-nodepool-vars.yml"
|
- include: "common-tasks/test-set-nodepool-vars.yml"
|
||||||
|
|
||||||
- name: Clear iptables rules
|
- name: Clear iptables rules
|
||||||
shell: "{{ playbook_dir }}/iptables-clear.sh"
|
shell: "{{ playbook_dir }}/iptables-clear.sh"
|
||||||
tags:
|
tags:
|
||||||
- skip_ansible_lint
|
- skip_ansible_lint
|
||||||
|
|
||||||
- name: Set ssh key fact
|
- name: Set ssh key fact
|
||||||
set_fact:
|
set_fact:
|
||||||
lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
||||||
|
|
||||||
- name: Ensure roots new public ssh key is in authorized_keys
|
- name: Ensure roots new public ssh key is in authorized_keys
|
||||||
authorized_key:
|
authorized_key:
|
||||||
user: root
|
user: root
|
||||||
key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
||||||
manage_dir: no
|
manage_dir: no
|
||||||
|
|
||||||
# This is a very dirty hack due to images.linuxcontainers.org
|
# This is a very dirty hack due to images.linuxcontainers.org
|
||||||
# constantly failing to resolve in openstack-infra.
|
# constantly failing to resolve in openstack-infra.
|
||||||
- name: Implement hard-coded hosts entries for consistently failing name
|
- name: Implement hard-coded hosts entries for consistently failing name
|
||||||
|
@ -44,12 +53,14 @@
|
||||||
with_items:
|
with_items:
|
||||||
- "91.189.91.21 images.linuxcontainers.org us.images.linuxcontainers.org"
|
- "91.189.91.21 images.linuxcontainers.org us.images.linuxcontainers.org"
|
||||||
- "91.189.88.37 images.linuxcontainers.org uk.images.linuxcontainers.org"
|
- "91.189.88.37 images.linuxcontainers.org uk.images.linuxcontainers.org"
|
||||||
|
|
||||||
# NOTE(mhayden): Using package_state=present on CentOS or openSUSE should allow for
|
# NOTE(mhayden): Using package_state=present on CentOS or openSUSE should allow for
|
||||||
# more gate jobs to complete properly and expose more problems that can
|
# more gate jobs to complete properly and expose more problems that can
|
||||||
# be fixed (instead of timeouts).
|
# be fixed (instead of timeouts).
|
||||||
- name: Use present for package_state on CentOS and openSUSE
|
- name: Use present for package_state on CentOS and openSUSE
|
||||||
set_fact:
|
set_fact:
|
||||||
package_state: "{{ (ansible_pkg_mgr in ['dnf', 'yum', 'zypper']) | ternary('present', 'latest') }}"
|
package_state: "{{ (ansible_pkg_mgr in ['dnf', 'yum', 'zypper']) | ternary('present', 'latest') }}"
|
||||||
|
|
||||||
- name: Setup clouds.yaml
|
- name: Setup clouds.yaml
|
||||||
include_role:
|
include_role:
|
||||||
name: openstack_openrc
|
name: openstack_openrc
|
||||||
|
@ -65,7 +76,12 @@
|
||||||
|
|
||||||
- name: Playbook for configuring the LXC host
|
- name: Playbook for configuring the LXC host
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
remote_user: root
|
# This set of tasks runs against localhost
|
||||||
|
# and requires root access, but tests run as
|
||||||
|
# the user running the playbook (zuul). As
|
||||||
|
# such, we use a local connection and become.
|
||||||
|
connection: local
|
||||||
|
become: yes
|
||||||
vars_files:
|
vars_files:
|
||||||
- test-vars.yml
|
- test-vars.yml
|
||||||
roles:
|
roles:
|
||||||
|
|
|
@ -22,7 +22,7 @@
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
any_errors_fatal: true
|
any_errors_fatal: true
|
||||||
connection: local
|
connection: local
|
||||||
become: true
|
become: yes
|
||||||
tasks:
|
tasks:
|
||||||
- name: Ensure root has a .ssh directory
|
- name: Ensure root has a .ssh directory
|
||||||
file:
|
file:
|
||||||
|
@ -68,7 +68,7 @@
|
||||||
- name: Playbook for establishing user ssh keys
|
- name: Playbook for establishing user ssh keys
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
connection: local
|
connection: local
|
||||||
become: false
|
become: no
|
||||||
any_errors_fatal: true
|
any_errors_fatal: true
|
||||||
tasks:
|
tasks:
|
||||||
# Shell used because facts may not be ready yet
|
# Shell used because facts may not be ready yet
|
||||||
|
|
|
@ -16,6 +16,7 @@
|
||||||
- name: Playbook for setting facts for git repository
|
- name: Playbook for setting facts for git repository
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
connection: local
|
connection: local
|
||||||
|
become: no
|
||||||
gather_facts: false
|
gather_facts: false
|
||||||
any_errors_fatal: true
|
any_errors_fatal: true
|
||||||
tasks:
|
tasks:
|
||||||
|
|
|
@ -15,7 +15,12 @@
|
||||||
|
|
||||||
- name: Prepare cinder-volumes volume group
|
- name: Prepare cinder-volumes volume group
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
remote_user: root
|
# This set of tasks runs against localhost
|
||||||
|
# and requires root access, but tests run as
|
||||||
|
# the user running the playbook (zuul). As
|
||||||
|
# such, we use a local connection and become.
|
||||||
|
connection: local
|
||||||
|
become: yes
|
||||||
tasks:
|
tasks:
|
||||||
- name: Install lvm2 package
|
- name: Install lvm2 package
|
||||||
package:
|
package:
|
||||||
|
|
Loading…
Reference in New Issue