Alex Schultz 4e39acd147 Fix privilege escalation
This change enabled become: true to the deploy step and host prep task
execution. external tasks are still become: false as they are delegated
to localhost and run as the same user running the deployment.

Change-Id: I79631ce0ed450febae96db2f32198e02eb427d91
Related-Bug: #1883609
2020-07-05 16:20:00 -04:00

27 lines
1.1 KiB

- name: Deploy step tasks for step 0
delegate_to: localhost
run_once: true
msg: Use --start-at-task 'Deploy step tasks for step 0' to resume from this task
when: "tripleo_minor_update is not defined or tripleo_minor_update != 'true'"
- name: Ensure /var/log/journal exists
become: true
file: path=/var/log/journal state=directory mode=0750 owner=root group=root setype=var_log_t
- name: Create /var/lib/container-puppet
become: true
no_log: True
file: path=/var/lib/container-puppet state=directory setype=container_file_t selevel=s0 recurse=true
- name: Write
become: true
no_log: True
copy: src=container_puppet_script.yaml dest=/var/lib/container-puppet/ force=yes mode=0755 setype=container_file_t
{%- for role in roles %}
- include_tasks: "{% raw %}{{ _task_file_path }}{% endraw %}"
_task_file_path: "{{}}/deploy_steps_tasks_step0.yaml"
- tripleo_role_name == '{{}}'
- "{% raw %}'{{ playbook_dir }}/{{ _task_file_path }}' is exists{% endraw %}"
{%- endfor %}