Ensure that deployment host cache is owned appropriately

When pulling the packaged venv to the deployment host, the creation
of the local file on the deploy host is done using the user that is
running ansible. If ansible is being run by a non-root user, then
the folder that's created to store the files will not have the right
permissions and the fetch will fail.

As such, when acting on the deploy host we should always ensure that
we provide the correct rights to the user running ansible. We do this
by using a lookup to figure out which user is executing the playbook,
then setting the ownership of the folder to that user. We also use a
lookup to determine that user's home directory and default to using
a subdirectory of that folder for the cache. Both lookups have options
to fall back to in case the environment variables used are not available.
This commit is contained in:
Jesse Pretorius 2018-03-12 14:34:07 +00:00
parent c9139b0b3a
commit afafacfba5
2 changed files with 5 additions and 1 deletions

View File

@ -45,7 +45,10 @@ pip_install_options: ""
# The path where venvs are stored on the
# deployment host
venv_download_path: "/opt/cache/files"
venv_download_path: "{{ lookup('env', 'HOME') | default('/opt', true) }}/cache/files"
# The owner of the venv_download_path
venv_download_path_owner: "{{ lookup('env', 'USER') | default('root', true) }}"
# The path where venvs are extracted to
# on the target host, for example:

View File

@ -48,6 +48,7 @@
file:
path: "{{ venv_download_path }}/{{ venv_destination_path | dirname }}"
state: directory
owner: "{{ venv_download_path_owner }}"
delegate_to: localhost
run_once: yes