Make ceph-ansible working dir owned by tripleo-admin

The ceph-ansible tasks are now invoked with the tripleo-admin user, which doesn't by default have write access to /var/lib/mistral, but it does have sudo access. This change makes /var/lib/mistral/overcloud/ceph-ansible be owned by the tripleo-admin user so that subsequent tasks can write to that directory. Related-Bug: #1813832 Change-Id: I98bb38078be84cbda3e9a9e338af0d054dc53420
2019-02-11 17:30:51 +13:00 · 2019-02-11 17:30:51 +13:00 · 5ceb3c5ec7
parent 23302ca1ce
commit 5ceb3c5ec7
3 changed files with 11 additions and 1 deletions
--- a/docker/services/ceph-ansible/ceph-base.yaml
+++ b/docker/services/ceph-ansible/ceph-base.yaml
@ -378,10 +378,13 @@ outputs:
              set_fact:
                blacklisted_hostnames: {get_param: DeploymentServerBlacklist}
            - name: create ceph-ansible temp dirs
+              become: true
              file:
-                path: "{{item}}"
+                path: "{{ item }}"
                state: directory
+                owner: "{{ ansible_user }}"
              with_items:
+                - "{{playbook_dir}}/ceph-ansible"
                - "{{playbook_dir}}/ceph-ansible/group_vars"
                - "{{playbook_dir}}/ceph-ansible/host_vars"
                - "{{playbook_dir}}/ceph-ansible/fetch_dir"
@ -441,6 +444,7 @@ outputs:
                content: |
                  - hosts: all
                    gather_facts: no
+                    become: true
                    tasks:
                      - name: set nodes data
                        set_fact:
@ -460,6 +464,7 @@ outputs:
                          dest: "{{playbook_dir}}/ceph-ansible/host_vars/{% raw %}{{inventory_hostname}}{% endraw %}.yml"
        - name: ceph_base_external_deploy_task
          when: step == '2'
+          become: true
          tags: ceph
          block:
            - name: run nodes-uuid
@ -467,6 +472,7 @@ outputs:
                list_join:
                - ' '
                - - ANSIBLE_LOG_PATH="{{playbook_dir}}/ceph-ansible/nodes_uuid_command.log"
+                - - ANSIBLE_CONTROL_PATH_DIR="{{playbook_dir}}/ceph-ansible/"
                  - ANSIBLE_CONFIG="{{playbook_dir}}/ansible.cfg"
                  - ANSIBLE_REMOTE_TEMP=/tmp/nodes_uuid_tmp
                  - ansible-playbook
@ -500,6 +506,7 @@ outputs:
                file:
                  path: "{{local_ceph_ansible_fetch_directory_backup}}"
                  state: directory
+                  owner: "{{ ansible_user }}"
                  mode: 0700
                when: local_backup_directory.stat.exists == False
              - name: look for tarball of ceph-ansible fetch directory in local backup
--- a/extraconfig/services/kubernetes-master.yaml
+++ b/extraconfig/services/kubernetes-master.yaml
@ -96,9 +96,11 @@ outputs:
          when: step|int == 2
          block:
            - name: create kubespray temp dirs
+              become: true
              file:
                path: "{{item}}"
                state: directory
+                owner: "{{ ansible_user }}"
              with_items:
                - "{{playbook_dir}}/kubespray"
                - "{{playbook_dir}}/kubespray/artifacts"
--- a/zuul.d/layout.yaml
+++ b/zuul.d/layout.yaml
@ -80,6 +80,7 @@
        - tripleo-ci-centos-7-scenario010-multinode-oooq-container:
            files:
              - ^(docker|puppet)/services/.*octavia.*$
+              - ^docker/services/ceph-ansible.*$
              - ci/environments/scenario010-multinode-containers.yaml
              - ^environments\/.*.yaml
              - ^deployed-server/.*$