diff --git a/tripleo_ansible/playbooks/cli-grant-local-access.yaml b/tripleo_ansible/playbooks/cli-grant-local-access.yaml new file mode 100644 index 000000000..49fe8fd84 --- /dev/null +++ b/tripleo_ansible/playbooks/cli-grant-local-access.yaml @@ -0,0 +1,50 @@ +--- +# Copyright 2020 Red Hat, Inc. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: Playbook for granting a given user local access + connection: "{{ (tripleo_target_host is defined) | ternary('ssh', 'local') }}" + hosts: "{{ tripleo_target_host | default('localhost') }}" + remote_user: "{{ tripleo_target_user | default(lookup('env', 'USER')) }}" + gather_facts: "{{ (tripleo_target_host is defined) | ternary(true, false) }}" + any_errors_fatal: true + become: true + pre_tasks: + - name: Check for required inputs + fail: + msg: > + Input missing `{{ item }}` + when: + - hostvars[inventory_hostname][item] is undefined + loop: + - access_path + - execution_user + tasks: + - name: Ensure access path exists + file: + path: "{{ access_path }}" + state: directory + owner: "42430" # Used to ensure mistral has access, remove this when mistral is gone. + group: "42430" # Used to ensure mistral has access, remove this when mistral is gone. + register: access_path + + - name: Grant privileges to the execution user + acl: + path: "{{ access_path }}" + entry: "user:{{ item }}:rwx" + state: present + recursive: true + loop: + - "{{ execution_user }}" + - tripleo-admin