Drop become in stackhpc.libvirt-vm for seed vm provision
Prior to this change, the seed VM was provisioned using the stackhpc.livirt-vm role with become=true. This resulted in the cached image being owned by root. The infra VM provisioning uses stackhpc.libvirt-vm without become=true. If an infra VM uses the same image as the seed, this can lead to permission denied errors when downloading a new image of the same name. This change adds a workaround to fix up the ownership of the cached image during infra VM provisioning to avoid this issue. This change also drops become=true from stackhpc.libvirt-vm during seed VM provisioning, and adds the same workaround there. Story: 2009277 Task: 43534 Change-Id: Iade0d74cdb398365a567dbdc4b23de2416f3726d
This commit is contained in:
parent
f11c73ff03
commit
50e04bb06f
@ -49,6 +49,26 @@
|
||||
mime: False
|
||||
register: stat_result
|
||||
|
||||
# NOTE(mgoddard): Prior to the Xena release, the seed VM was provisioned using
|
||||
# the stackhpc.livirt-vm role with become=true. This resulted in the cached
|
||||
# image being owned by root. Since Xena, we execute the role without
|
||||
# become=true. Correct the image ownership to avoid a permission denied error
|
||||
# when downloading a new image of the same name.
|
||||
- name: "[{{ vm_name }}] Stat image files"
|
||||
stat:
|
||||
path: "{{ image_cache_path }}/{{ item.image | basename }}"
|
||||
with_items: "{{ vm_hostvars.infra_vm_volumes | selectattr('image', 'defined') }}"
|
||||
register: image_stat_result
|
||||
|
||||
- name: "[{{ vm_name }}] Fix image ownership"
|
||||
file:
|
||||
path: "{{ image_cache_path }}/{{ item.item.image | basename }}"
|
||||
owner: "{{ ansible_facts.user_uid }}"
|
||||
group: "{{ ansible_facts.user_gid }}"
|
||||
with_items: "{{ image_stat_result.results }}"
|
||||
when: item.stat.exists
|
||||
become: true
|
||||
|
||||
- name: "[{{ vm_name }}] Ensure that the VM is provisioned"
|
||||
include_role:
|
||||
name: stackhpc.libvirt-vm
|
||||
|
@ -29,6 +29,26 @@
|
||||
group: "{{ ansible_facts.user_gid }}"
|
||||
become: True
|
||||
|
||||
# NOTE(mgoddard): Prior to the Xena release, the seed VM was provisioned
|
||||
# using the stackhpc.livirt-vm role with become=true. This resulted in the
|
||||
# cached image being owned by root. Since Xena, we execute the role without
|
||||
# become=true. Correct the image ownership to avoid a permission denied
|
||||
# error when downloading a new image of the same name.
|
||||
- name: Stat image files
|
||||
stat:
|
||||
path: "{{ image_cache_path }}/{{ item.image | basename }}"
|
||||
with_items: "{{ hostvars[seed_host].seed_vm_volumes | selectattr('image', 'defined') }}"
|
||||
register: image_stat_result
|
||||
|
||||
- name: Fix image ownership
|
||||
file:
|
||||
path: "{{ image_cache_path }}/{{ item.item.image | basename }}"
|
||||
owner: "{{ ansible_facts.user_uid }}"
|
||||
group: "{{ ansible_facts.user_gid }}"
|
||||
with_items: "{{ image_stat_result.results }}"
|
||||
when: item.stat.exists
|
||||
become: true
|
||||
|
||||
roles:
|
||||
- role: jriguera.configdrive
|
||||
# For now assume the VM OS family is the same as the hypervisor's.
|
||||
@ -99,7 +119,6 @@
|
||||
volumes: "{{ hostvars[seed_host].seed_vm_volumes + [seed_vm_configdrive_volume] }}"
|
||||
interfaces: "{{ hostvars[seed_host].seed_vm_interfaces }}"
|
||||
console_log_enabled: true
|
||||
become: True
|
||||
|
||||
tasks:
|
||||
- name: Wait for SSH access to the seed VM
|
||||
|
6
releasenotes/notes/story-2009277-84c381a562244fab.yaml
Normal file
6
releasenotes/notes/story-2009277-84c381a562244fab.yaml
Normal file
@ -0,0 +1,6 @@
|
||||
---
|
||||
fixes:
|
||||
- |
|
||||
Fixes an issue where cached seed VM images are unnecessarily owned by root.
|
||||
See `story 2009277 <https://storyboard.openstack.org/#!/story/2009277>`__
|
||||
for details.
|
Loading…
Reference in New Issue
Block a user