diff --git a/common/container_startup_configs_tasks.yaml b/common/container_startup_configs_tasks.yaml index 13f4376591..4900ad1f24 100644 --- a/common/container_startup_configs_tasks.yaml +++ b/common/container_startup_configs_tasks.yaml @@ -3,6 +3,7 @@ # TODO(emilien) convert this whole task in a module # https://bugs.launchpad.net/tripleo/+bug/1884577 - name: "Remove old {{ item.0 }} container startup configs" + become: true file: path: "/var/lib/tripleo-config/container-startup-config/{{ item.0 }}" state: absent @@ -15,6 +16,7 @@ setype: svirt_sandbox_file_t - name: "Creating container startup configs for {{ item.0 }}" + become: true copy: content: "{{ startup_data.value | to_nice_json }}" dest: "/var/lib/tripleo-config/container-startup-config/{{ item.0 }}/{{ startup_data.key }}.json" diff --git a/common/deploy-steps-playbooks-common.yaml b/common/deploy-steps-playbooks-common.yaml index eb603e4b5c..163fbc0530 100644 --- a/common/deploy-steps-playbooks-common.yaml +++ b/common/deploy-steps-playbooks-common.yaml @@ -33,6 +33,7 @@ - hosts: "{{ deploy_target_host }}" name: Ensure /var/lib/config-data context + become: true gather_facts: false any_errors_fatal: yes tasks: diff --git a/common/deploy-steps-tasks-step-0.j2.yaml b/common/deploy-steps-tasks-step-0.j2.yaml index 67ef13241c..75d0cc014d 100644 --- a/common/deploy-steps-tasks-step-0.j2.yaml +++ b/common/deploy-steps-tasks-step-0.j2.yaml @@ -5,8 +5,10 @@ msg: Use --start-at-task 'Deploy step tasks for step 0' to resume from this task when: "tripleo_minor_update is not defined or tripleo_minor_update != 'true'" - name: Ensure /var/log/journal exists + become: true file: path=/var/log/journal state=directory mode=0750 owner=root group=root setype=var_log_t - name: Create /var/lib/container-puppet + become: true no_log: True file: path=/var/lib/container-puppet state=directory setype=container_file_t selevel=s0 recurse=true - name: Write container-puppet.py if Paunch is enabled @@ -22,6 +24,7 @@ when: - not (enable_paunch|bool) - name: Write container-puppet.sh + become: true no_log: True copy: src=container_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.sh force=yes mode=0755 setype=container_file_t diff --git a/common/deploy-steps-tasks-step-1.yaml b/common/deploy-steps-tasks-step-1.yaml index af50e7bb6f..b874139d87 100644 --- a/common/deploy-steps-tasks-step-1.yaml +++ b/common/deploy-steps-tasks-step-1.yaml @@ -1,6 +1,7 @@ - name: Write config data at the start of step 1 block: - name: Create and ensure setype for /var/log/containers directory + become: true file: path: /var/log/containers state: directory @@ -10,6 +11,7 @@ tags: - host_config - name: Create ContainerLogStdoutPath directory + become: true file: path: "{{ container_log_stdout_path }}" state: directory @@ -17,6 +19,7 @@ tags: - host_config - name: Create /var/lib/tripleo-config directory + become: true file: path: /var/lib/tripleo-config state: directory @@ -31,6 +34,7 @@ - container_startup_configs - name: Delete existing /var/lib/tripleo-config/check-mode directory for check mode + become: true file: path: /var/lib/tripleo-config/check-mode state: absent @@ -45,6 +49,7 @@ check_mode: no - name: Create /var/lib/tripleo-config/check-mode directory for check mode + become: true file: path: /var/lib/tripleo-config/check-mode state: directory @@ -63,6 +68,7 @@ # Puppet manifest for baremetal host configuration - name: Write the puppet step_config manifest + become: true no_log: True copy: content: "{{ lookup('file', tripleo_role_name + '/step_config.pp', errors='ignore') | default('', True) }}" @@ -99,6 +105,7 @@ # Puppet Containers Config directory used to generate container configs - name: Create /var/lib/container-puppet + become: true file: path: /var/lib/container-puppet state: directory @@ -111,6 +118,7 @@ # For backward compatibility in Stein, so our operators have time # to learn about the new directory. - name: Create /var/lib/docker-puppet for backward compatibility + become: true file: path: /var/lib/docker-puppet state: directory @@ -119,6 +127,7 @@ - container_config_tasks - name: Deprecation file about /var/lib/docker-puppet + become: true copy: dest: /var/lib/docker-puppet/readme.txt content: | @@ -127,6 +136,7 @@ ignore_errors: true - name: Delete existing /var/lib/container-puppet/check-mode for check mode + become: true file: path: /var/lib/container-puppet/check-mode state: absent @@ -137,6 +147,7 @@ - ansible_check_mode|bool - name: Create /var/lib/container-puppet/check-mode for check mode + become: true file: path: /var/lib/container-puppet/check-mode state: directory @@ -149,6 +160,7 @@ - ansible_check_mode|bool - name: Write container-puppet.json file + become: true no_log: True copy: content: "{{ lookup('file', tripleo_role_name + '/puppet_config.yaml', errors='ignore') | default([], True) | from_yaml | to_nice_json }}" @@ -184,6 +196,7 @@ - container_config - name: Create /var/lib/container-config-scripts + become: true file: path: /var/lib/container-config-scripts state: directory @@ -195,6 +208,7 @@ # /var/lib/container-startup-configs.json is removed as we now write # per-step files instead - name: Clean old /var/lib/container-startup-configs.json file + become: true file: path: /var/lib/container-startup-configs.json state: absent @@ -203,6 +217,7 @@ # For legacy, can be removed in Train cycle - name: Clean old /var/lib/docker-container-startup-configs.json file + become: true file: path: /var/lib/docker-container-startup-configs.json state: absent @@ -212,6 +227,7 @@ - name: Write container config scripts no_log: True + become: true copy: content: "{{ item[1].content }}" dest: "/var/lib/container-config-scripts/{{ item[0] }}" @@ -250,6 +266,7 @@ # /var/lib/tripleo-config/container-startup-config/step_X/.json # Can be removed in V cycle - name: Write /var/lib/tripleo-config/container-startup-config-readme.txt + become: true no_log: True copy: content: "Container startup configs moved to /var/lib/tripleo-config/container-startup-config" @@ -263,6 +280,7 @@ # However, container_puppet.py won't create their hashed version if # config changed. - name: Write per-step container startup configs for backward compatibility + become: true no_log: True copy: content: "{{ item[1] | to_nice_json }}" @@ -289,6 +307,7 @@ - container_startup_configs - name: Create /var/lib/kolla/config_files directory + become: true file: path: /var/lib/kolla/config_files state: directory @@ -299,6 +318,7 @@ - container_startup_configs - name: Create /var/lib/config-data directory + become: true file: path: /var/lib/config-data state: directory @@ -306,6 +326,7 @@ selevel: s0 - name: Write kolla config json files + become: true no_log: True copy: content: "{{ item[1] | to_nice_json }}" @@ -353,6 +374,7 @@ - container_config - name: Create /etc/puppet/check-mode/hieradata directory for check mode + become: true file: path: /etc/puppet/check-mode/hieradata state: directory @@ -368,6 +390,7 @@ - container_config - name: Create puppet check-mode files if they don't exist for check mode + become: true shell: | cp -a /etc/puppet/hiera.yaml /etc/puppet/check-mode/hiera.yaml cp -a /etc/puppet/hieradata/* /etc/puppet/check-mode/hieradata/ diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml index cba2202b42..ee24de5572 100644 --- a/common/deploy-steps-tasks.yaml +++ b/common/deploy-steps-tasks.yaml @@ -3,6 +3,7 @@ ##################################################### - name: Write the config_step hieradata + become: true no_log: True copy: content: "{{ dict(step=step|int) | to_json }}" @@ -14,6 +15,7 @@ - host_config - name: Run puppet host configuration for step {{ step }} + become: true async: 3600 poll: 0 when: enable_puppet|bool @@ -197,6 +199,7 @@ - name: Per step starting of the containers using tripleo-ansible when: not (enable_paunch|bool) + become: true environment: TRIPLEO_MINOR_UPDATE: '{{ tripleo_minor_update | default(false) }}' block: @@ -223,6 +226,7 @@ ######################################################## - name: "Clean container_puppet_tasks for {{ansible_hostname | lower}} step {{step}}" + become: true file: path: /var/lib/container-puppet/container-puppet-tasks{{step}}.json state: absent diff --git a/common/deploy-steps.j2 b/common/deploy-steps.j2 index b4f4699e99..86508077ab 100644 --- a/common/deploy-steps.j2 +++ b/common/deploy-steps.j2 @@ -437,6 +437,7 @@ outputs: any_errors_fatal: yes tasks: - name: Set selinux state + become: true selinux: policy: targeted state: SELINUX_MODE @@ -476,6 +477,7 @@ outputs: - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST name: Overcloud deploy step tasks for step 0 + become: true gather_facts: "{% raw %}{{ gather_facts | default(false) }}{% endraw %}" any_errors_fatal: yes vars: @@ -547,6 +549,7 @@ outputs: - "{{ tripleo_role_name ~ '/NetworkConfig' }}" - name: NetworkConfig + become: true block: - name: Create /var/lib/tripleo-config/scripts directory file: @@ -635,6 +638,7 @@ outputs: - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST name: Host prep steps + become: true gather_facts: "{% raw %}{{ gather_facts | default(false) }}{% endraw %}" any_errors_fatal: yes vars: @@ -700,6 +704,7 @@ outputs: - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST name: Overcloud deploy step tasks for {{step}} + become: true gather_facts: "{% raw %}{{ gather_facts | default(false) }}{% endraw %}" any_errors_fatal: yes # FIXME(shardy) - it would be nice to use strategy: free to @@ -781,6 +786,7 @@ outputs: {%- endfor %} - hosts: {{primary_role_name}}:DEPLOY_TARGET_HOST name: Server Post Deployments + become: true gather_facts: "{% raw %}{{ gather_facts | default(false) }}{% endraw %}" any_errors_fatal: yes tasks: @@ -991,6 +997,7 @@ outputs: {%- for step in range(0,upgrade_steps_max) %} - hosts: DEPLOY_TARGET_HOST name: Upgrade tasks for step {{step}} + become: true gather_facts: "{% raw %}{{ gather_facts | default(false) }}{% endraw %}" any_errors_fatal: yes vars: diff --git a/common/generate-config-tasks.yaml b/common/generate-config-tasks.yaml index b6430ebd44..a3dd7c63d1 100644 --- a/common/generate-config-tasks.yaml +++ b/common/generate-config-tasks.yaml @@ -45,6 +45,7 @@ - name: Block for container-puppet tasks (generate config) during step {{ step }} with tripleo-ansible when: - not (enable_paunch|bool) + become: true tags: - container_config block: @@ -83,6 +84,7 @@ tripleo_container_manage_valid_exit_code: [0, 2] - name: Diff puppet-generated changes for check mode + become: true shell: | diff -ruN --no-dereference -q /var/lib/config-data/puppet-generated /var/lib/config-data/check-mode/puppet-generated diff -ruN --no-dereference /var/lib/config-data/puppet-generated /var/lib/config-data/check-mode/puppet-generated diff --git a/common/hiera-steps-tasks.yaml b/common/hiera-steps-tasks.yaml index af9b093bfc..c7f2c40fc1 100644 --- a/common/hiera-steps-tasks.yaml +++ b/common/hiera-steps-tasks.yaml @@ -5,6 +5,7 @@ include_role: name: tripleo-hieradata - name: Hiera symlink + become: true file: src: /etc/puppet/hiera.yaml dest: /etc/hiera.yaml diff --git a/deployment/logrotate/tmpwatch-install.yaml b/deployment/logrotate/tmpwatch-install.yaml index 12716606c8..45a220de3c 100644 --- a/deployment/logrotate/tmpwatch-install.yaml +++ b/deployment/logrotate/tmpwatch-install.yaml @@ -36,9 +36,8 @@ outputs: description: Role data for tmpwatch install value: service_name: logrotate_tmpwatch - deploy_steps_tasks: + host_prep_tasks: - name: install tmpwatch on the host - when: step|int == 1 package: name: tmpwatch state: installed