diff --git a/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/create_ceph_ansible_remote_tmp.yml b/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/create_ceph_ansible_remote_tmp.yml new file mode 100644 index 000000000..4449ac98d --- /dev/null +++ b/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/create_ceph_ansible_remote_tmp.yml @@ -0,0 +1,64 @@ +--- +# Copyright 2020 Red Hat, Inc. +# All Rights Reserved. +# +# Licensed under the Apache License, Version 2.0 (the "License"); you may +# not use this file except in compliance with the License. You may obtain +# a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT +# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the +# License for the specific language governing permissions and limitations +# under the License. + +- name: genereate create_ceph_ansible_remote_tmp playbook + copy: + dest: "{{ playbook_dir }}/ceph-ansible/create_ceph_ansible_remote_tmp.yml" + content: | + - hosts: all + gather_facts: no + tasks: + # Avoiding the following by creating directory owned by user who will + # SSH into nodes (not root). When root needs to write to this directory + # it will not have permission problems by definition. As per ansible: + # """ + # Module remote_tmp /tmp/ceph_ansible_tmp did not exist and was created + # with a mode of 0700, this may cause issues when running as another user. + # To avoid this, create the remote_tmp dir with the correct permissions + # manually. + # """ + - name: create ceph_ansible_remote_tmp on all nodes with necessary ownership + become: true + file: + path: "{{ ceph_ansible_remote_tmp }}" + owner: "{{ lookup('env','ANSIBLE_REMOTE_USER') | default('tripleo-admin', true) }}" + group: "{{ lookup('env','ANSIBLE_REMOTE_USER') | default('tripleo-admin', true) }}" + mode: "700" + state: directory + +- name: build create_ceph_ansible_remote_tmp command as list + set_fact: + create_ceph_ansible_remote_tmp_list: + - ANSIBLE_LOG_PATH="{{ playbook_dir }}/ceph-ansible/create_ceph_ansible_remote_tmp.log" + - ANSIBLE_SSH_CONTROL_PATH_DIR="{{ playbook_dir }}/ceph-ansible/" + - ANSIBLE_CONFIG=/usr/share/ceph-ansible/ansible.cfg + - ANSIBLE_REMOTE_TEMP=/tmp/create_ceph_ansible_remote_tmp + - "{{ calling_ansible_environment_variables|join(' ') }}" + - "{{ ceph_ansible_environment_variables|join(' ') }}" + - ansible-playbook + - '{% if ceph_ansible_private_key_file is defined %}--private-key {{ ceph_ansible_private_key_file }}{% endif %}' + - '-i' + - '{{ playbook_dir }}/ceph-ansible/inventory.yml' + - '{% if ansible_python_interpreter is defined %}-e ansible_python_interpreter={{ ansible_python_interpreter }}{% endif %}' + - "{{ playbook_dir }}/ceph-ansible/create_ceph_ansible_remote_tmp.yml" + ceph_ansible_remote_tmp: '/tmp/ceph_ansible_tmp' + +- name: run create_ceph_ansible_remote_tmp command + # needs become to be able to read the ssh private key + become: true + shell: "{{ create_ceph_ansible_remote_tmp_list|join(' ') }}" + tags: + - run_ceph_ansible diff --git a/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml b/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml index 85dffc587..79138802e 100644 --- a/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml +++ b/tripleo_ansible/roles/tripleo_ceph_run_ansible/tasks/main.yml @@ -23,6 +23,10 @@ {{ ceph_ansible_playbooks_default|default(['/usr/share/ceph-ansible/site-container.yml.sample']) }} {%- endif -%} +- import_tasks: create_ceph_ansible_remote_tmp.yml + vars: + ceph_ansible_remote_tmp: '/tmp/ceph_ansible_tmp' + - name: set ceph-ansible command list set_fact: ceph_ansible_command_list: @@ -33,7 +37,7 @@ - ANSIBLE_LOG_PATH="{{ playbook_dir }}/ceph-ansible/ceph_ansible_command.log" - ANSIBLE_LIBRARY=/usr/share/ceph-ansible/library/ - ANSIBLE_CONFIG=/usr/share/ceph-ansible/ansible.cfg - - ANSIBLE_REMOTE_TEMP=/tmp/ceph_ansible_tmp + - ANSIBLE_REMOTE_TEMP="{{ ceph_ansible_remote_tmp }}" - ANSIBLE_FORKS=25 - ANSIBLE_GATHER_TIMEOUT=60 - ANSIBLE_CALLBACK_WHITELIST=profile_tasks