diff options
author | Michael Gugino <mgugino@redhat.com> | 2018-01-09 16:01:58 -0500 |
---|---|---|
committer | Michael Gugino <mgugino@redhat.com> | 2018-01-09 16:52:01 -0500 |
commit | 4b06eaf83e137ddeba2ce498e141ad87413761c0 (patch) | |
tree | f84e023eb5043bd10ff90c5e75888530c2ba120f | |
parent | 3b07acdcd41e215dedc4d4c7c7303b807e59333d (diff) | |
download | openshift-4b06eaf83e137ddeba2ce498e141ad87413761c0.tar.gz openshift-4b06eaf83e137ddeba2ce498e141ad87413761c0.tar.bz2 openshift-4b06eaf83e137ddeba2ce498e141ad87413761c0.tar.xz openshift-4b06eaf83e137ddeba2ce498e141ad87413761c0.zip |
Chmod temp dirs created on localhost
After remove become:no statements on local_action tasks,
we need to ensure that the proper file permssions are
applied to local temp directories.
This reason for this is that the 'fetch' module
does not use 'become' for the localhost, just the remote
host.
Additionally, users may not wish for the localhost to
become during a fetch. local_action will execute with
whatever permissions are specified in inventory or via
cli.
8 files changed, 33 insertions, 6 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml index 00a731cb0..ef8233b67 100644 --- a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml +++ b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml @@ -10,6 +10,11 @@ changed_when: false when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool) + - name: Chmod local temp directory + local_action: command chmod 777 "{{ local_cert_sync_tmpdir.stdout }}" + changed_when: false + when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool) + - name: Create service signer certificate hosts: oo_first_master tasks: diff --git a/playbooks/openshift-etcd/private/embedded2external.yml b/playbooks/openshift-etcd/private/embedded2external.yml index 917cfc800..674bd5088 100644 --- a/playbooks/openshift-etcd/private/embedded2external.yml +++ b/playbooks/openshift-etcd/private/embedded2external.yml @@ -90,6 +90,10 @@ register: g_etcd_client_mktemp changed_when: False + - name: Chmod local temp directory for syncing etcd backup + local_action: command chmod 777 "{{ g_etcd_client_mktemp.stdout }}" + changed_when: False + - import_role: name: etcd tasks_from: backup.fetch.yml diff --git a/playbooks/openshift-etcd/private/redeploy-ca.yml b/playbooks/openshift-etcd/private/redeploy-ca.yml index e6dd87de1..a3acf6945 100644 --- a/playbooks/openshift-etcd/private/redeploy-ca.yml +++ b/playbooks/openshift-etcd/private/redeploy-ca.yml @@ -33,6 +33,10 @@ register: g_etcd_mktemp changed_when: false + - name: Chmod local temp directory for syncing certs + local_action: command chmod 777 "{{ g_etcd_mktemp.stdout }}" + changed_when: false + - name: Distribute etcd CA to etcd hosts hosts: oo_etcd_to_config tasks: diff --git a/playbooks/openshift-master/private/redeploy-openshift-ca.yml b/playbooks/openshift-master/private/redeploy-openshift-ca.yml index f649af976..663c39868 100644 --- a/playbooks/openshift-master/private/redeploy-openshift-ca.yml +++ b/playbooks/openshift-master/private/redeploy-openshift-ca.yml @@ -132,6 +132,10 @@ register: g_master_mktemp changed_when: false + - name: Chmod local temp directory for syncing certs + local_action: command chmod 777 "{{ g_master_mktemp.stdout }}" + changed_when: false + - name: Retrieve OpenShift CA hosts: oo_first_master vars: diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml index ff04cdf9c..7787da4f0 100644 --- a/roles/openshift_examples/tasks/main.yml +++ b/roles/openshift_examples/tasks/main.yml @@ -16,8 +16,8 @@ register: copy_examples_mktemp run_once: True -- name: Create local temp dir for OpenShift examples copy - local_action: command chmod 755 "{{ copy_examples_mktemp.stdout }}" +- name: Chmod local temp dir for OpenShift examples copy + local_action: command chmod 777 "{{ copy_examples_mktemp.stdout }}" run_once: True - name: Create tar of OpenShift examples @@ -27,7 +27,7 @@ # Consider using unarchive module rather than running tar warn: no -- name: Create local temp dir for OpenShift examples copy +- name: Chmod local temp dir for OpenShift examples copy local_action: command chmod 744 "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar" run_once: True diff --git a/roles/openshift_hosted_templates/tasks/main.yml b/roles/openshift_hosted_templates/tasks/main.yml index 672d25b4d..34d39f3a5 100644 --- a/roles/openshift_hosted_templates/tasks/main.yml +++ b/roles/openshift_hosted_templates/tasks/main.yml @@ -6,8 +6,8 @@ # AUDIT:changed_when: not set here because this task actually # creates something -- name: Create local temp dir for OpenShift examples copy - local_action: command chmod 755 "{{ copy_hosted_templates_mktemp.stdout }}" +- name: Chmod local temp dir for OpenShift examples copy + local_action: command chmod 777 "{{ copy_hosted_templates_mktemp.stdout }}" run_once: True - name: Create tar of OpenShift examples @@ -17,7 +17,7 @@ # Consider using unarchive module rather than running tar warn: no -- name: Create local temp dir for OpenShift examples copy +- name: Chmod local tar of OpenShift examples local_action: command chmod 744 "{{ copy_hosted_templates_mktemp.stdout }}/openshift-hosted-templates.tar" run_once: True diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml index 1d8f2c53a..60cc399fa 100644 --- a/roles/openshift_logging/tasks/main.yaml +++ b/roles/openshift_logging/tasks/main.yaml @@ -18,6 +18,11 @@ changed_when: False check_mode: no +- name: Chmod local temp directory for doing work in + local_action: command chmod 777 "{{ local_tmp.stdout }}" + changed_when: False + check_mode: no + - include_tasks: install_logging.yaml when: - openshift_logging_install_logging | default(false) | bool diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml index a80950cde..649a4bc5d 100644 --- a/roles/openshift_master_certificates/tasks/main.yml +++ b/roles/openshift_master_certificates/tasks/main.yml @@ -121,6 +121,11 @@ changed_when: False when: master_certs_missing | bool +- name: Chmod local temp directory for syncing certs + local_action: command chmod 777 "{{ g_master_certs_mktemp.stdout }}" + changed_when: False + when: master_certs_missing | bool + - name: Create a tarball of the master certs command: > tar -czvf {{ openshift_master_generated_config_dir }}.tgz |