From 526599313469d29b5356cdf64d1b90ff21b5dc69 Mon Sep 17 00:00:00 2001
From: Nick Jones <nick@stackhpc.com>
Date: Mon, 2 Jul 2018 09:52:19 +0100
Subject: [PATCH] Don't assume user's primary group name is the same as
 username

In certain environments, a user's primary group doesn't necessarily
match that of their username.  This change updates various playbooks to
make use of the `ansible_user_gid` fact instead.

This change also makes ownership explicit by using `ansible_user_uid`
instead of `ansible_user` or `ansible_user_id`, where appropriate.

Change-Id: Ifc2ea7d95ec90e91791ccb10772b15d991379479
Story: 2002770
Task: 22636
---
 ansible/container-image-build.yml               |  6 +++---
 ansible/kayobe-target-venv.yml                  | 11 +++++++----
 ansible/overcloud-ipa-images.yml                |  4 ++--
 ansible/roles/inspection-store/tasks/config.yml |  4 ++--
 ansible/roles/ipa-images/tasks/main.yml         |  4 ++--
 ansible/roles/kolla-ansible/tasks/config.yml    |  4 ++--
 ansible/roles/kolla-ansible/tasks/install.yml   |  8 ++++----
 ansible/roles/kolla/tasks/config.yml            |  4 ++--
 ansible/roles/kolla/tasks/install.yml           |  8 ++++----
 ansible/seed-vm-provision.yml                   |  4 ++--
 10 files changed, 30 insertions(+), 27 deletions(-)

diff --git a/ansible/container-image-build.yml b/ansible/container-image-build.yml
index 78f097afe..3eac3d55e 100644
--- a/ansible/container-image-build.yml
+++ b/ansible/container-image-build.yml
@@ -28,10 +28,10 @@
       file:
         path: "{{ kolla_build_log_path }}"
         state: touch
-        owner: "{{ ansible_user }}"
-        group: "{{ ansible_user }}"
+        owner: "{{ ansible_user_uid }}"
+        group: "{{ ansible_user_gid }}"
       become: True
-      
+
     - name: Login to docker registry
       docker_login:
         registry_url: "{{ kolla_docker_registry or omit }}"
diff --git a/ansible/kayobe-target-venv.yml b/ansible/kayobe-target-venv.yml
index fa7f24a6f..08ddb7f7a 100644
--- a/ansible/kayobe-target-venv.yml
+++ b/ansible/kayobe-target-venv.yml
@@ -22,6 +22,9 @@
           include_role:
             name: deactivate-virtualenv
 
+        - name: Gather facts
+          setup:
+
         - name: Ensure the python-virtualenv package is installed
           package:
             name: python-virtualenv
@@ -32,8 +35,8 @@
           file:
             path: "{{ virtualenv_path }}"
             state: directory
-            owner: "{{ ansible_user }}"
-            group: "{{ ansible_user }}"
+            owner: "{{ ansible_user_uid }}"
+            group: "{{ ansible_user_gid }}"
             mode: 0755
           # Check whether the virtualenv directory is a subdirectory of the
           # global virtualenv directory.
@@ -44,8 +47,8 @@
           file:
             path: "{{ virtualenv }}"
             state: directory
-            owner: "{{ ansible_user }}"
-            group: "{{ ansible_user }}"
+            owner: "{{ ansible_user_uid }}"
+            group: "{{ ansible_user_gid }}"
             mode: 0700
           become: True
 
diff --git a/ansible/overcloud-ipa-images.yml b/ansible/overcloud-ipa-images.yml
index 0a2151edf..e80595c97 100644
--- a/ansible/overcloud-ipa-images.yml
+++ b/ansible/overcloud-ipa-images.yml
@@ -73,8 +73,8 @@
       file:
         path: "{{ image_cache_path }}"
         state: directory
-        owner: "{{ ansible_user }}"
-        group: "{{ ansible_user }}"
+        owner: "{{ ansible_user_uid }}"
+        group: "{{ ansible_user_gid }}"
       become: True
       when: >-
         not image_cache_stat.stat.exists or
diff --git a/ansible/roles/inspection-store/tasks/config.yml b/ansible/roles/inspection-store/tasks/config.yml
index b854b3ee2..36b66c093 100644
--- a/ansible/roles/inspection-store/tasks/config.yml
+++ b/ansible/roles/inspection-store/tasks/config.yml
@@ -3,8 +3,8 @@
   file:
     path: "{{ inspection_store_config_path }}"
     state: directory
-    owner: "{{ ansible_env.USER }}"
-    group: "{{ ansible_env.USER }}"
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
     mode: 0750
   become: True
 
diff --git a/ansible/roles/ipa-images/tasks/main.yml b/ansible/roles/ipa-images/tasks/main.yml
index 1d4aae95a..65e40098b 100644
--- a/ansible/roles/ipa-images/tasks/main.yml
+++ b/ansible/roles/ipa-images/tasks/main.yml
@@ -3,8 +3,8 @@
   file:
     path: "{{ ipa_images_cache_path }}"
     state: directory
-    owner: "{{ ansible_user }}"
-    group: "{{ ansible_user }}"
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
   become: True
 
 - name: Ensure Ironic Python Agent (IPA) images are downloaded
diff --git a/ansible/roles/kolla-ansible/tasks/config.yml b/ansible/roles/kolla-ansible/tasks/config.yml
index 1f5b6da2c..d4df78d39 100644
--- a/ansible/roles/kolla-ansible/tasks/config.yml
+++ b/ansible/roles/kolla-ansible/tasks/config.yml
@@ -3,8 +3,8 @@
   file:
     path: "{{ item }}"
     state: directory
-    owner: "{{ ansible_user_id }}"
-    group: "{{ ansible_user_id }}"
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
     mode: 0750
   become: True
   with_items:
diff --git a/ansible/roles/kolla-ansible/tasks/install.yml b/ansible/roles/kolla-ansible/tasks/install.yml
index dbc01bb48..07c2a1c32 100644
--- a/ansible/roles/kolla-ansible/tasks/install.yml
+++ b/ansible/roles/kolla-ansible/tasks/install.yml
@@ -20,8 +20,8 @@
   file:
     path: "{{ kolla_ansible_source_path | dirname }}"
     state: directory
-    owner: "{{ ansible_user_id }}"
-    group: "{{ ansible_user_id }}"
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
   become: True
   when: kolla_ansible_ctl_install_type == 'source'
 
@@ -36,8 +36,8 @@
   file:
     path: "{{ kolla_ansible_venv | dirname }}"
     state: directory
-    owner: "{{ ansible_user_id }}"
-    group: "{{ ansible_user_id }}"
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
   become: True
   when: kolla_ansible_venv is not none
 
diff --git a/ansible/roles/kolla/tasks/config.yml b/ansible/roles/kolla/tasks/config.yml
index 1bb8b2a24..286e7d0d4 100644
--- a/ansible/roles/kolla/tasks/config.yml
+++ b/ansible/roles/kolla/tasks/config.yml
@@ -3,8 +3,8 @@
   file:
     path: "{{ item }}"
     state: directory
-    owner: "{{ ansible_user_id }}"
-    group: "{{ ansible_user_id }}"
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
     mode: 0750
   become: True
   with_items:
diff --git a/ansible/roles/kolla/tasks/install.yml b/ansible/roles/kolla/tasks/install.yml
index 103dce49c..c1af395dc 100644
--- a/ansible/roles/kolla/tasks/install.yml
+++ b/ansible/roles/kolla/tasks/install.yml
@@ -22,8 +22,8 @@
   file:
     path: "{{ kolla_source_path | dirname }}"
     state: directory
-    owner: "{{ ansible_user_id }}"
-    group: "{{ ansible_user_id }}"
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
   become: True
   when: kolla_ctl_install_type == 'source'
 
@@ -38,8 +38,8 @@
   file:
     path: "{{ kolla_venv | dirname }}"
     state: directory
-    owner: "{{ ansible_user_id }}"
-    group: "{{ ansible_user_id }}"
+    owner: "{{ ansible_user_uid }}"
+    group: "{{ ansible_user_gid }}"
   become: True
   when: kolla_venv is not none
 
diff --git a/ansible/seed-vm-provision.yml b/ansible/seed-vm-provision.yml
index a394256f4..6f4e0d541 100644
--- a/ansible/seed-vm-provision.yml
+++ b/ansible/seed-vm-provision.yml
@@ -17,8 +17,8 @@
       file:
         path: "{{ image_cache_path }}"
         state: directory
-        owner: "{{ ansible_env.USER }}"
-        group: "{{ ansible_env.USER }}"
+        owner: "{{ ansible_user_uid }}"
+        group: "{{ ansible_user_gid }}"
       become: True
 
     # The user data script is used to bring up the network interfaces that will