summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMichael Gugino <mgugino@redhat.com>2018-01-09 16:01:58 -0500
committerMichael Gugino <mgugino@redhat.com>2018-01-09 16:52:01 -0500
commit4b06eaf83e137ddeba2ce498e141ad87413761c0 (patch)
treef84e023eb5043bd10ff90c5e75888530c2ba120f
parent3b07acdcd41e215dedc4d4c7c7303b807e59333d (diff)
downloadopenshift-4b06eaf83e137ddeba2ce498e141ad87413761c0.tar.gz
openshift-4b06eaf83e137ddeba2ce498e141ad87413761c0.tar.bz2
openshift-4b06eaf83e137ddeba2ce498e141ad87413761c0.tar.xz
openshift-4b06eaf83e137ddeba2ce498e141ad87413761c0.zip
Chmod temp dirs created on localhost
After remove become:no statements on local_action tasks, we need to ensure that the proper file permssions are applied to local temp directories. This reason for this is that the 'fetch' module does not use 'become' for the localhost, just the remote host. Additionally, users may not wish for the localhost to become during a fetch. local_action will execute with whatever permissions are specified in inventory or via cli.
-rw-r--r--playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml5
-rw-r--r--playbooks/openshift-etcd/private/embedded2external.yml4
-rw-r--r--playbooks/openshift-etcd/private/redeploy-ca.yml4
-rw-r--r--playbooks/openshift-master/private/redeploy-openshift-ca.yml4
-rw-r--r--roles/openshift_examples/tasks/main.yml6
-rw-r--r--roles/openshift_hosted_templates/tasks/main.yml6
-rw-r--r--roles/openshift_logging/tasks/main.yaml5
-rw-r--r--roles/openshift_master_certificates/tasks/main.yml5
8 files changed, 33 insertions, 6 deletions
diff --git a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
index 00a731cb0..ef8233b67 100644
--- a/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
+++ b/playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml
@@ -10,6 +10,11 @@
changed_when: false
when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
+ - name: Chmod local temp directory
+ local_action: command chmod 777 "{{ local_cert_sync_tmpdir.stdout }}"
+ changed_when: false
+ when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
+
- name: Create service signer certificate
hosts: oo_first_master
tasks:
diff --git a/playbooks/openshift-etcd/private/embedded2external.yml b/playbooks/openshift-etcd/private/embedded2external.yml
index 917cfc800..674bd5088 100644
--- a/playbooks/openshift-etcd/private/embedded2external.yml
+++ b/playbooks/openshift-etcd/private/embedded2external.yml
@@ -90,6 +90,10 @@
register: g_etcd_client_mktemp
changed_when: False
+ - name: Chmod local temp directory for syncing etcd backup
+ local_action: command chmod 777 "{{ g_etcd_client_mktemp.stdout }}"
+ changed_when: False
+
- import_role:
name: etcd
tasks_from: backup.fetch.yml
diff --git a/playbooks/openshift-etcd/private/redeploy-ca.yml b/playbooks/openshift-etcd/private/redeploy-ca.yml
index e6dd87de1..a3acf6945 100644
--- a/playbooks/openshift-etcd/private/redeploy-ca.yml
+++ b/playbooks/openshift-etcd/private/redeploy-ca.yml
@@ -33,6 +33,10 @@
register: g_etcd_mktemp
changed_when: false
+ - name: Chmod local temp directory for syncing certs
+ local_action: command chmod 777 "{{ g_etcd_mktemp.stdout }}"
+ changed_when: false
+
- name: Distribute etcd CA to etcd hosts
hosts: oo_etcd_to_config
tasks:
diff --git a/playbooks/openshift-master/private/redeploy-openshift-ca.yml b/playbooks/openshift-master/private/redeploy-openshift-ca.yml
index f649af976..663c39868 100644
--- a/playbooks/openshift-master/private/redeploy-openshift-ca.yml
+++ b/playbooks/openshift-master/private/redeploy-openshift-ca.yml
@@ -132,6 +132,10 @@
register: g_master_mktemp
changed_when: false
+ - name: Chmod local temp directory for syncing certs
+ local_action: command chmod 777 "{{ g_master_mktemp.stdout }}"
+ changed_when: false
+
- name: Retrieve OpenShift CA
hosts: oo_first_master
vars:
diff --git a/roles/openshift_examples/tasks/main.yml b/roles/openshift_examples/tasks/main.yml
index ff04cdf9c..7787da4f0 100644
--- a/roles/openshift_examples/tasks/main.yml
+++ b/roles/openshift_examples/tasks/main.yml
@@ -16,8 +16,8 @@
register: copy_examples_mktemp
run_once: True
-- name: Create local temp dir for OpenShift examples copy
- local_action: command chmod 755 "{{ copy_examples_mktemp.stdout }}"
+- name: Chmod local temp dir for OpenShift examples copy
+ local_action: command chmod 777 "{{ copy_examples_mktemp.stdout }}"
run_once: True
- name: Create tar of OpenShift examples
@@ -27,7 +27,7 @@
# Consider using unarchive module rather than running tar
warn: no
-- name: Create local temp dir for OpenShift examples copy
+- name: Chmod local temp dir for OpenShift examples copy
local_action: command chmod 744 "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar"
run_once: True
diff --git a/roles/openshift_hosted_templates/tasks/main.yml b/roles/openshift_hosted_templates/tasks/main.yml
index 672d25b4d..34d39f3a5 100644
--- a/roles/openshift_hosted_templates/tasks/main.yml
+++ b/roles/openshift_hosted_templates/tasks/main.yml
@@ -6,8 +6,8 @@
# AUDIT:changed_when: not set here because this task actually
# creates something
-- name: Create local temp dir for OpenShift examples copy
- local_action: command chmod 755 "{{ copy_hosted_templates_mktemp.stdout }}"
+- name: Chmod local temp dir for OpenShift examples copy
+ local_action: command chmod 777 "{{ copy_hosted_templates_mktemp.stdout }}"
run_once: True
- name: Create tar of OpenShift examples
@@ -17,7 +17,7 @@
# Consider using unarchive module rather than running tar
warn: no
-- name: Create local temp dir for OpenShift examples copy
+- name: Chmod local tar of OpenShift examples
local_action: command chmod 744 "{{ copy_hosted_templates_mktemp.stdout }}/openshift-hosted-templates.tar"
run_once: True
diff --git a/roles/openshift_logging/tasks/main.yaml b/roles/openshift_logging/tasks/main.yaml
index 1d8f2c53a..60cc399fa 100644
--- a/roles/openshift_logging/tasks/main.yaml
+++ b/roles/openshift_logging/tasks/main.yaml
@@ -18,6 +18,11 @@
changed_when: False
check_mode: no
+- name: Chmod local temp directory for doing work in
+ local_action: command chmod 777 "{{ local_tmp.stdout }}"
+ changed_when: False
+ check_mode: no
+
- include_tasks: install_logging.yaml
when:
- openshift_logging_install_logging | default(false) | bool
diff --git a/roles/openshift_master_certificates/tasks/main.yml b/roles/openshift_master_certificates/tasks/main.yml
index a80950cde..649a4bc5d 100644
--- a/roles/openshift_master_certificates/tasks/main.yml
+++ b/roles/openshift_master_certificates/tasks/main.yml
@@ -121,6 +121,11 @@
changed_when: False
when: master_certs_missing | bool
+- name: Chmod local temp directory for syncing certs
+ local_action: command chmod 777 "{{ g_master_certs_mktemp.stdout }}"
+ changed_when: False
+ when: master_certs_missing | bool
+
- name: Create a tarball of the master certs
command: >
tar -czvf {{ openshift_master_generated_config_dir }}.tgz