From 6cc1853da1b34a741d27c728302dcc8242b77bc0 Mon Sep 17 00:00:00 2001
From: Bogdan Dobrelya <bdobreli@redhat.com>
Date: Tue, 14 Aug 2018 16:53:35 +0200
Subject: [PATCH] Do not manage users/groups/services when chrooted

In containers, users/service management does not (and normally should
not) work with ansible user/group/service modules, so omit those.

Related-Bug: #1676373

Change-Id: If2fe57feb6961e367f4b99b810f87a92f8a7ac7c
Signed-off-by: Bogdan Dobrelya <bdobreli@redhat.com>
---
 roles/provision/remote/tasks/main.yml | 56 ++++++++++++++-------------
 roles/provision/user/tasks/main.yml   |  2 +
 2 files changed, 31 insertions(+), 27 deletions(-)

diff --git a/roles/provision/remote/tasks/main.yml b/roles/provision/remote/tasks/main.yml
index f889def5d..99684acb5 100644
--- a/roles/provision/remote/tasks/main.yml
+++ b/roles/provision/remote/tasks/main.yml
@@ -11,37 +11,39 @@
   args:
     creates: "{{ virt_host_key }}"
 
-- name: Ensure tuned is installed
-  package:
-    name: "tuned"
-    state: "present"
-  become: true
+- when: not chrooted|bool
+  block:
+    - name: Ensure tuned is installed
+      package:
+        name: "tuned"
+        state: "present"
+      become: true
 
-- name: Ensure tuned is enabled and started
-  service:
-    name: "tuned"
-    enabled: "yes"
-    state: "started"
-  become: true
+    - name: Ensure tuned is enabled and started
+      service:
+        name: "tuned"
+        enabled: "yes"
+        state: "started"
+      become: true
 
-- name: Retrieve current tuned profile
-  command: tuned-adm active
-  register: tuned
-  changed_when: False
+    - name: Retrieve current tuned profile
+      command: tuned-adm active
+      register: tuned
+      changed_when: False
 
-- name: Set tuned profile if not already set
-  command: tuned-adm profile "{{ tuned_profile }}"
-  become: true
-  when: tuned.stdout.find(tuned_profile) != 1
+    - name: Set tuned profile if not already set
+      command: tuned-adm profile "{{ tuned_profile }}"
+      become: true
+      when: tuned.stdout.find(tuned_profile) != 1
 
-# Create a non-root user on the target host.  This is the user that
-# will own the virtual infrastructure on which we deploy openstack.
-- name: Create non-root user
-  user:
-    name: "{{ non_root_user }}"
-    state: present
-    shell: /bin/bash
-  become: true
+    # Create a non-root user on the target host.  This is the user that
+    # will own the virtual infrastructure on which we deploy openstack.
+    - name: Create non-root user
+      user:
+        name: "{{ non_root_user }}"
+        state: present
+        shell: /bin/bash
+      become: true
 
 - name: Get the non-root user UID
   command: "id {{ non_root_user }} -u"
diff --git a/roles/provision/user/tasks/main.yml b/roles/provision/user/tasks/main.yml
index 2bedb6bbd..39317d92b 100644
--- a/roles/provision/user/tasks/main.yml
+++ b/roles/provision/user/tasks/main.yml
@@ -5,6 +5,7 @@
     name: "{{ non_root_group }}"
     state: present
   become: true
+  when: not chrooted|bool
 
 - name: Create non-root user
   user:
@@ -13,4 +14,5 @@
     state: present
     shell: /bin/bash
   become: true
+  when: not chrooted|bool