From 542e1f87d129d43be961ab0c3e7db99bacacf3e1 Mon Sep 17 00:00:00 2001 From: Duong Ha-Quang Date: Tue, 13 Mar 2018 15:55:31 +0700 Subject: [PATCH] Specify 'become' for only necessary tasks (Queens roles) Add become to only neccesary tasks in roles: - blazar - opendaylight - redis - tempest - vitrage Change-Id: Ib3a48c1c21a19a23e87d2e465fd7012e3eee7565 Partial-Implements: blueprint ansible-specific-task-become --- ansible/roles/blazar/tasks/config.yml | 11 ++++++- ansible/roles/opendaylight/tasks/config.yml | 34 ++++++++++++++++++++- ansible/roles/redis/tasks/config.yml | 9 +++++- ansible/roles/tempest/tasks/config.yml | 3 ++ ansible/roles/vitrage/tasks/config.yml | 13 +++++++- 5 files changed, 66 insertions(+), 4 deletions(-) diff --git a/ansible/roles/blazar/tasks/config.yml b/ansible/roles/blazar/tasks/config.yml index 26a23ebd9a..8f93b5bf52 100644 --- a/ansible/roles/blazar/tasks/config.yml +++ b/ansible/roles/blazar/tasks/config.yml @@ -3,7 +3,10 @@ file: path: "{{ node_config_directory }}/{{ item.key }}" state: "directory" - recurse: yes + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true when: - inventory_hostname in groups[item.value.group] - item.value.enabled | bool @@ -30,6 +33,8 @@ template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + mode: "0660" + become: true register: blazar_config_jsons when: - item.value.enabled | bool @@ -50,6 +55,8 @@ - "{{ node_custom_config }}/blazar/{{ item.key }}.conf" - "{{ node_custom_config }}/blazar/{{ inventory_hostname }}/blazar.conf" dest: "{{ node_config_directory }}/{{ item.key }}/blazar.conf" + mode: "0660" + become: true register: blazar_confs when: - item.value.enabled | bool @@ -63,6 +70,8 @@ template: src: "{{ blazar_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ blazar_policy_file }}" + mode: "0660" + become: true register: blazar_policy_overwriting when: - blazar_policy_file is defined diff --git a/ansible/roles/opendaylight/tasks/config.yml b/ansible/roles/opendaylight/tasks/config.yml index 903c3b5ff5..6ccdc3073f 100644 --- a/ansible/roles/opendaylight/tasks/config.yml +++ b/ansible/roles/opendaylight/tasks/config.yml @@ -1,5 +1,6 @@ --- - name: Setting sysctl values + become: true sysctl: name={{ item.name }} value={{ item.value }} sysctl_set=yes with_items: - { name: "net.bridge.bridge-nf-call-iptables", value: 1} @@ -14,7 +15,10 @@ file: path: "{{ node_config_directory }}/{{ item }}" state: "directory" - recurse: yes + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true with_items: - "opendaylight" @@ -23,6 +27,8 @@ template: src: "{{ item }}.json.j2" dest: "{{ node_config_directory }}/{{ item }}/config.json" + mode: "0660" + become: true with_items: - "opendaylight" notify: @@ -33,6 +39,8 @@ template: src: "{{ role_path }}/templates/custom.properties.j2" dest: "{{ node_config_directory }}/opendaylight/custom.properties" + mode: "0660" + become: true notify: - Restart opendaylight container @@ -41,6 +49,8 @@ template: src: "{{ role_path }}/templates/start-odl.j2" dest: "{{ node_config_directory }}/opendaylight/start-odl" + mode: "0660" + become: true notify: - Restart opendaylight container @@ -49,6 +59,8 @@ template: src: "{{ role_path }}/templates/jetty.xml.j2" dest: "{{ node_config_directory }}/{{ item }}/jetty.xml" + mode: "0660" + become: true with_items: - "opendaylight" notify: @@ -59,6 +71,8 @@ template: src: "{{ role_path }}/templates/org.apache.karaf.features.cfg.j2" dest: "{{ node_config_directory }}/{{ item }}/org.apache.karaf.features.cfg" + mode: "0660" + become: true with_items: - "opendaylight" notify: @@ -69,6 +83,8 @@ template: src: "{{ role_path }}/templates/org.opendaylight.ovsdb.library.cfg.j2" dest: "{{ node_config_directory }}/{{ item }}/org.opendaylight.ovsdb.library.cfg" + mode: "0660" + become: true with_items: - "opendaylight" notify: @@ -78,6 +94,8 @@ template: src: "{{ role_path }}/templates/tomcat-server.xml.j2" dest: "{{ node_config_directory }}/{{ item }}/tomcat-server.xml" + mode: "0660" + become: true register: opendaylight_config_tomcat with_items: - "opendaylight" @@ -88,6 +106,8 @@ template: src: "{{ role_path }}/templates/org.ops4j.pax.logging.cfg.j2" dest: "{{ node_config_directory }}/{{ item }}/org.ops4j.pax.logging.cfg" + mode: "0660" + become: true register: opendaylight_config_logging with_items: - "opendaylight" @@ -98,6 +118,8 @@ template: src: "{{ role_path }}/templates/netvirt-impl-config_netvirt-impl-config.xml.j2" dest: "{{ node_config_directory }}/{{ item }}/netvirt-impl-config_netvirt-impl-config.xml" + mode: "0660" + become: true register: opendaylight_config_netvirt with_items: - "opendaylight" @@ -108,6 +130,8 @@ template: src: "{{ role_path }}/templates/netvirt-aclservice-config.xml.j2" dest: "{{ node_config_directory }}/{{ item }}/netvirt-aclservice-config.xml" + mode: "0660" + become: true register: opendaylight_config_netvirt_acl with_items: - "opendaylight" @@ -118,6 +142,8 @@ template: src: "{{ role_path }}/templates/setenv.j2" dest: "{{ node_config_directory }}/{{ item }}/setenv" + mode: "0660" + become: true register: opendaylight_config_env with_items: - "opendaylight" @@ -128,6 +154,8 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/opendaylight/akka.conf" + mode: "0660" + become: true with_first_found: - "{{ node_custom_config }}/opendaylight/{{ inventory_hostname }}/akka.conf" - "{{ node_custom_config }}/opendaylight/akka.conf" @@ -140,6 +168,8 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/opendaylight/modules.conf" + mode: "0660" + become: true with_first_found: - "{{ node_custom_config }}/opendaylight/{{ inventory_hostname }}/modules.conf" - "{{ node_custom_config }}/opendaylight/modules.conf" @@ -152,6 +182,8 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/opendaylight/module-shards.conf" + mode: "0660" + become: true with_first_found: - "{{ node_custom_config }}/opendaylight/{{ inventory_hostname }}/module-shards.conf" - "{{ node_custom_config }}/opendaylight/module-shards.conf" diff --git a/ansible/roles/redis/tasks/config.yml b/ansible/roles/redis/tasks/config.yml index 7ae888ba31..fbd55fbc74 100644 --- a/ansible/roles/redis/tasks/config.yml +++ b/ansible/roles/redis/tasks/config.yml @@ -3,7 +3,10 @@ file: path: "{{ node_config_directory }}/{{ item.key }}" state: "directory" - recurse: yes + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true when: - inventory_hostname in groups[item.value.group] - item.value.enabled | bool @@ -13,6 +16,8 @@ template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + mode: "0660" + become: true register: redis_config_jsons when: - inventory_hostname in groups[item.value.group] @@ -25,6 +30,8 @@ template: src: "{{ item.key }}.conf.j2" dest: "{{ node_config_directory }}/{{ item.key }}/redis.conf" + mode: "0660" + become: true register: redis_confs when: - inventory_hostname in groups[item.value.group] diff --git a/ansible/roles/tempest/tasks/config.yml b/ansible/roles/tempest/tasks/config.yml index ea5931c728..c58367d792 100644 --- a/ansible/roles/tempest/tasks/config.yml +++ b/ansible/roles/tempest/tasks/config.yml @@ -6,6 +6,7 @@ owner: "{{ config_owner_user }}" group: "{{ config_owner_group }}" mode: "0770" + become: true when: - inventory_hostname in groups[item.value.group] - item.value.enabled | bool @@ -16,6 +17,7 @@ src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" mode: "0660" + become: true register: tempest_config_jsons when: - inventory_hostname in groups[item.value.group] @@ -33,6 +35,7 @@ - "{{ node_custom_config }}/tempest.conf" dest: "{{ node_config_directory }}/{{ item.key }}/tempest.conf" mode: "0660" + become: true register: tempest_confs when: - inventory_hostname in groups[item.value.group] diff --git a/ansible/roles/vitrage/tasks/config.yml b/ansible/roles/vitrage/tasks/config.yml index 1038c4bfdb..eae33abb91 100644 --- a/ansible/roles/vitrage/tasks/config.yml +++ b/ansible/roles/vitrage/tasks/config.yml @@ -3,7 +3,10 @@ file: path: "{{ node_config_directory }}/{{ item.key }}" state: "directory" - recurse: yes + owner: "{{ config_owner_user }}" + group: "{{ config_owner_group }}" + mode: "0770" + become: true when: - inventory_hostname in groups[item.value.group] - item.value.enabled | bool @@ -30,6 +33,8 @@ template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + mode: "0770" + become: true register: vitrage_config_jsons when: - inventory_hostname in groups[item.value.group] @@ -54,6 +59,8 @@ - "{{ node_config_directory }}/config/vitrage/{{ item.key }}.conf" - "{{ node_config_directory }}/config/vitrage/{{ inventory_hostname }}/vitrage.conf" dest: "{{ node_config_directory }}/{{ item.key }}/vitrage.conf" + mode: "0770" + become: true register: vitrage_confs when: - inventory_hostname in groups[item.value.group] @@ -70,6 +77,8 @@ template: src: "wsgi-vitrage.conf.j2" dest: "{{ node_config_directory }}/{{ item }}/wsgi-vitrage.conf" + mode: "0770" + become: true with_items: - "vitrage-api" notify: @@ -79,6 +88,8 @@ template: src: "{{ vitrage_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ vitrage_policy_file }}" + mode: "0770" + become: true register: vitrage_policy_overwriting when: - vitrage_policy_file is defined