From 85b51389cc2c94f7e76caf637e7f46e156794af0 Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Thu, 12 Jul 2018 21:01:13 +0100
Subject: [PATCH] Use local connection and become for localhost plays

When targeting localhost with 'remote_user: root' and
using 'become: yes' we lose the environment variables
for the user running the playbook (eg: USER, HOME).

However, if we use 'connection: local' and 'become: yes'
together, it works properly.

To ensure these plays have the correct access to change
things on the host, we apply this change to them all.

We also ensure that 'become: no' is explicitly set on
any local connection plays to make the intent more
obvious. Finally, we also use 'yes' and 'no' uniformly.

Change-Id: I6e4607dd4aaffa0bfcda254103697bf9b28eca1a
---
 get-ansible-role-requirements.yml |  1 +
 test-install-haproxy.yml          |  2 +-
 test-install-horizon.yml          |  1 +
 test-install-openstack-hosts.yml  |  9 +++++++--
 test-prepare-containers.yml       |  7 ++++++-
 test-prepare-host.yml             | 20 ++++++++++++++++++--
 test-prepare-keys.yml             |  4 ++--
 test-repo-setup.yml               |  1 +
 test-setup-cinder-localhost.yml   |  7 ++++++-
 9 files changed, 43 insertions(+), 9 deletions(-)

diff --git a/get-ansible-role-requirements.yml b/get-ansible-role-requirements.yml
index da309c1c..b66a1668 100644
--- a/get-ansible-role-requirements.yml
+++ b/get-ansible-role-requirements.yml
@@ -21,6 +21,7 @@
 - name: Clone the role ansible-role-requirements
   hosts: localhost
   connection: local
+  become: no
   gather_facts: false
   tasks:
 
diff --git a/test-install-haproxy.yml b/test-install-haproxy.yml
index 67ebf123..93d17c6e 100644
--- a/test-install-haproxy.yml
+++ b/test-install-haproxy.yml
@@ -22,7 +22,7 @@
   # TODO(odyssey4me):
   # Figure out whether this issue happens for normal (non localhost)
   # delegation, and how to resolve the issue.
-  become: True
+  become: yes
   any_errors_fatal: true
   roles:
     - role: "haproxy_server"
diff --git a/test-install-horizon.yml b/test-install-horizon.yml
index 839d8fb9..32ab8d34 100644
--- a/test-install-horizon.yml
+++ b/test-install-horizon.yml
@@ -26,6 +26,7 @@
 - name: Playbook to add nova service and endpoint (required by Horizon)
   hosts: localhost
   connection: local
+  become: no
   gather_facts: false
   any_errors_fatal: true
   vars:
diff --git a/test-install-openstack-hosts.yml b/test-install-openstack-hosts.yml
index a5fb846e..092840c2 100644
--- a/test-install-openstack-hosts.yml
+++ b/test-install-openstack-hosts.yml
@@ -15,12 +15,17 @@
 
 - name: Execute the openstack-host role
   hosts: localhost
-  remote_user: root
+  # This set of tasks runs against localhost
+  # and requires root access, but tests run as
+  # the user running the playbook (zuul). As
+  # such, we use a local connection and become.
+  connection: local
+  become: yes
   gather_facts: true
   any_errors_fatal: true
   pre_tasks:
     - include: "common-tasks/test-force-package-cache-update.yml"
   roles:
-    - role: "{{ openstack_hosts_rolename | default('openstack_hosts') }}"
+    - role: "openstack_hosts"
   vars_files:
     - test-vars.yml
diff --git a/test-prepare-containers.yml b/test-prepare-containers.yml
index 7e3e47b3..04e7c279 100644
--- a/test-prepare-containers.yml
+++ b/test-prepare-containers.yml
@@ -15,7 +15,12 @@
 
 - name: Gather facts for the LXC hosts
   hosts: localhost
-  remote_user: root
+  # This set of tasks runs against localhost
+  # and requires root access, but tests run as
+  # the user running the playbook (zuul). As
+  # such, we use a local connection and become.
+  connection: local
+  become: yes
   gather_facts: true
   tasks:
     - include: "common-tasks/test-set-nodepool-vars.yml"
diff --git a/test-prepare-host.yml b/test-prepare-host.yml
index f4fc1169..e56d9490 100644
--- a/test-prepare-host.yml
+++ b/test-prepare-host.yml
@@ -17,23 +17,32 @@
 
 - name: Playbook for configuring hosts
   hosts: localhost
-  remote_user: root
+  # This set of tasks runs against localhost
+  # and requires root access, but tests run as
+  # the user running the playbook (zuul). As
+  # such, we use a local connection and become.
+  connection: local
+  become: yes
   vars_files:
     - test-vars.yml
   tasks:
     - include: "common-tasks/test-set-nodepool-vars.yml"
+
     - name: Clear iptables rules
       shell: "{{ playbook_dir }}/iptables-clear.sh"
       tags:
         - skip_ansible_lint
+
     - name: Set ssh key fact
       set_fact:
         lxc_container_ssh_key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
+
     - name: Ensure roots new public ssh key is in authorized_keys
       authorized_key:
         user: root
         key: "{{ hostvars['localhost']['lxc_container_ssh_key'] }}"
         manage_dir: no
+
     # This is a very dirty hack due to images.linuxcontainers.org
     # constantly failing to resolve in openstack-infra.
     - name: Implement hard-coded hosts entries for consistently failing name
@@ -44,12 +53,14 @@
       with_items:
         - "91.189.91.21 images.linuxcontainers.org us.images.linuxcontainers.org"
         - "91.189.88.37 images.linuxcontainers.org uk.images.linuxcontainers.org"
+
     # NOTE(mhayden): Using package_state=present on CentOS or openSUSE should allow for
     # more gate jobs to complete properly and expose more problems that can
     # be fixed (instead of timeouts).
     - name: Use present for package_state on CentOS and openSUSE
       set_fact:
         package_state: "{{ (ansible_pkg_mgr in ['dnf', 'yum', 'zypper']) | ternary('present', 'latest') }}"
+
     - name: Setup clouds.yaml
       include_role:
         name: openstack_openrc
@@ -65,7 +76,12 @@
 
 - name: Playbook for configuring the LXC host
   hosts: localhost
-  remote_user: root
+  # This set of tasks runs against localhost
+  # and requires root access, but tests run as
+  # the user running the playbook (zuul). As
+  # such, we use a local connection and become.
+  connection: local
+  become: yes
   vars_files:
     - test-vars.yml
   roles:
diff --git a/test-prepare-keys.yml b/test-prepare-keys.yml
index 75dfb506..30b18107 100644
--- a/test-prepare-keys.yml
+++ b/test-prepare-keys.yml
@@ -22,7 +22,7 @@
   gather_facts: false
   any_errors_fatal: true
   connection: local
-  become: true
+  become: yes
   tasks:
     - name: Ensure root has a .ssh directory
       file:
@@ -68,7 +68,7 @@
 - name: Playbook for establishing user ssh keys
   hosts: localhost
   connection: local
-  become: false
+  become: no
   any_errors_fatal: true
   tasks:
     # Shell used because facts may not be ready yet
diff --git a/test-repo-setup.yml b/test-repo-setup.yml
index bb77d60f..72589650 100644
--- a/test-repo-setup.yml
+++ b/test-repo-setup.yml
@@ -16,6 +16,7 @@
 - name: Playbook for setting facts for git repository
   hosts: localhost
   connection: local
+  become: no
   gather_facts: false
   any_errors_fatal: true
   tasks:
diff --git a/test-setup-cinder-localhost.yml b/test-setup-cinder-localhost.yml
index b4078958..8b4bde20 100644
--- a/test-setup-cinder-localhost.yml
+++ b/test-setup-cinder-localhost.yml
@@ -15,7 +15,12 @@
 
 - name: Prepare cinder-volumes volume group
   hosts: localhost
-  remote_user: root
+  # This set of tasks runs against localhost
+  # and requires root access, but tests run as
+  # the user running the playbook (zuul). As
+  # such, we use a local connection and become.
+  connection: local
+  become: yes
   tasks:
     - name: Install lvm2 package
       package: