Use local connection and become for localhost plays
When targeting localhost with 'remote_user: root' and using 'become: yes' we lose the environment variables for the user running the playbook (eg: USER, HOME). However, if we use 'connection: local' and 'become: yes' together, it works properly. To ensure these plays have the correct access to change things on the host, we apply this change to them all. We also ensure that 'become: no' is explicitly set on any local connection plays to make the intent more obvious. Finally, we also use 'yes' and 'no' uniformly. Change-Id: I6e4607dd4aaffa0bfcda254103697bf9b28eca1a
This commit is contained in:
parent
61edac5df7
commit
85b51389cc
@ -21,6 +21,7 @@
|
||||
- name: Clone the role ansible-role-requirements
|
||||
hosts: localhost
|
||||
connection: local
|
||||
become: no
|
||||
gather_facts: false
|
||||
tasks:
|
||||
|
||||
|
@ -22,7 +22,7 @@
|
||||
# TODO(odyssey4me):
|
||||
# Figure out whether this issue happens for normal (non localhost)
|
||||
# delegation, and how to resolve the issue.
|
||||
become: True
|
||||
become: yes
|
||||
any_errors_fatal: true
|
||||
roles:
|
||||
- role: "haproxy_server"
|
||||
|
@ -26,6 +26,7 @@
|
||||
- name: Playbook to add nova service and endpoint (required by Horizon)
|
||||
hosts: localhost
|
||||
connection: local
|
||||
become: no
|
||||
gather_facts: false
|
||||
any_errors_fatal: true
|
||||
vars:
|
||||
|
@ -15,12 +15,17 @@
|
||||
|
||||
- name: Execute the openstack-host role
|
||||
hosts: localhost
|
||||
remote_user: root
|
||||
# This set of tasks runs against localhost
|
||||
# and requires root access, but tests run as
|
||||
# the user running the playbook (zuul). As
|
||||
# such, we use a local connection and become.
|
||||
connection: local
|
||||
become: yes
|
||||
gather_facts: true
|
||||
any_errors_fatal: true
|
||||
pre_tasks:
|
||||
- include: "common-tasks/test-force-package-cache-update.yml"
|
||||
roles:
|
||||
- role: "{{ openstack_hosts_rolename | default('openstack_hosts') }}"
|
||||
- role: "openstack_hosts"
|
||||
vars_files:
|
||||
- test-vars.yml
|
||||
|
@ -15,7 +15,12 @@
|
||||
|
||||
- name: Gather facts for the LXC hosts
|
||||
hosts: localhost
|
||||
remote_user: root
|
||||
# This set of tasks runs against localhost
|
||||
# and requires root access, but tests run as
|
||||
# the user running the playbook (zuul). As
|
||||
# such, we use a local connection and become.
|
||||
connection: local
|
||||
become: yes
|
||||
gather_facts: true
|
||||
tasks:
|
||||
- include: "common-tasks/test-set-nodepool-vars.yml"
|
||||
|
@ -17,23 +17,32 @@
|
||||
|
||||
- name: Playbook for configuring hosts
|
||||
hosts: localhost
|
||||
remote_user: root
|
||||
# This set of tasks runs against localhost
|
||||
# and requires root access, but tests run as
|
||||
# the user running the playbook (zuul). As
|
||||
# such, we use a local connection and become.
|
||||
connection: local
|
||||
become: yes
|
||||
vars_files:
|
||||
- test-vars.yml
|
||||
tasks:
|
||||
- include: "common-tasks/test-set-nodepool-vars.yml"
|
||||
|
||||
- name: Clear iptables rules
|
||||
shell: "{{ playbook_dir }}/iptables-clear.sh"
|
||||
tags:
|
||||
- skip_ansible_lint
|
||||
|
||||
- name: Set ssh key fact
|
||||
set_fact:
|
||||
lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
||||
|
||||
- name: Ensure roots new public ssh key is in authorized_keys
|
||||
authorized_key:
|
||||
user: root
|
||||
key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
|
||||
manage_dir: no
|
||||
|
||||
# This is a very dirty hack due to images.linuxcontainers.org
|
||||
# constantly failing to resolve in openstack-infra.
|
||||
- name: Implement hard-coded hosts entries for consistently failing name
|
||||
@ -44,12 +53,14 @@
|
||||
with_items:
|
||||
- "91.189.91.21 images.linuxcontainers.org us.images.linuxcontainers.org"
|
||||
- "91.189.88.37 images.linuxcontainers.org uk.images.linuxcontainers.org"
|
||||
|
||||
# NOTE(mhayden): Using package_state=present on CentOS or openSUSE should allow for
|
||||
# more gate jobs to complete properly and expose more problems that can
|
||||
# be fixed (instead of timeouts).
|
||||
- name: Use present for package_state on CentOS and openSUSE
|
||||
set_fact:
|
||||
package_state: "{{ (ansible_pkg_mgr in ['dnf', 'yum', 'zypper']) | ternary('present', 'latest') }}"
|
||||
|
||||
- name: Setup clouds.yaml
|
||||
include_role:
|
||||
name: openstack_openrc
|
||||
@ -65,7 +76,12 @@
|
||||
|
||||
- name: Playbook for configuring the LXC host
|
||||
hosts: localhost
|
||||
remote_user: root
|
||||
# This set of tasks runs against localhost
|
||||
# and requires root access, but tests run as
|
||||
# the user running the playbook (zuul). As
|
||||
# such, we use a local connection and become.
|
||||
connection: local
|
||||
become: yes
|
||||
vars_files:
|
||||
- test-vars.yml
|
||||
roles:
|
||||
|
@ -22,7 +22,7 @@
|
||||
gather_facts: false
|
||||
any_errors_fatal: true
|
||||
connection: local
|
||||
become: true
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Ensure root has a .ssh directory
|
||||
file:
|
||||
@ -68,7 +68,7 @@
|
||||
- name: Playbook for establishing user ssh keys
|
||||
hosts: localhost
|
||||
connection: local
|
||||
become: false
|
||||
become: no
|
||||
any_errors_fatal: true
|
||||
tasks:
|
||||
# Shell used because facts may not be ready yet
|
||||
|
@ -16,6 +16,7 @@
|
||||
- name: Playbook for setting facts for git repository
|
||||
hosts: localhost
|
||||
connection: local
|
||||
become: no
|
||||
gather_facts: false
|
||||
any_errors_fatal: true
|
||||
tasks:
|
||||
|
@ -15,7 +15,12 @@
|
||||
|
||||
- name: Prepare cinder-volumes volume group
|
||||
hosts: localhost
|
||||
remote_user: root
|
||||
# This set of tasks runs against localhost
|
||||
# and requires root access, but tests run as
|
||||
# the user running the playbook (zuul). As
|
||||
# such, we use a local connection and become.
|
||||
connection: local
|
||||
become: yes
|
||||
tasks:
|
||||
- name: Install lvm2 package
|
||||
package:
|
||||
|
Loading…
Reference in New Issue
Block a user