tripleo-heat-templates/common/deploy-steps-tasks-step-0.j2.yaml
Alex Schultz 4e39acd147 Fix privilege escalation
This change enabled become: true to the deploy step and host prep task
execution. external tasks are still become: false as they are delegated
to localhost and run as the same user running the deployment.

Change-Id: I79631ce0ed450febae96db2f32198e02eb427d91
Related-Bug: #1883609
2020-07-05 16:20:00 -04:00

27 lines
1.1 KiB
YAML

- name: Deploy step tasks for step 0
delegate_to: localhost
run_once: true
debug:
msg: Use --start-at-task 'Deploy step tasks for step 0' to resume from this task
when: "tripleo_minor_update is not defined or tripleo_minor_update != 'true'"
- name: Ensure /var/log/journal exists
become: true
file: path=/var/log/journal state=directory mode=0750 owner=root group=root setype=var_log_t
- name: Create /var/lib/container-puppet
become: true
no_log: True
file: path=/var/lib/container-puppet state=directory setype=container_file_t selevel=s0 recurse=true
- name: Write container-puppet.sh
become: true
no_log: True
copy: src=container_puppet_script.yaml dest=/var/lib/container-puppet/container-puppet.sh force=yes mode=0755 setype=container_file_t
{%- for role in roles %}
- include_tasks: "{% raw %}{{ _task_file_path }}{% endraw %}"
vars:
_task_file_path: "{{role.name}}/deploy_steps_tasks_step0.yaml"
when:
- tripleo_role_name == '{{role.name}}'
- "{% raw %}'{{ playbook_dir }}/{{ _task_file_path }}' is exists{% endraw %}"
{%- endfor %}