More E208 mode fixes

Change-Id: I8157ec1f31b8c5a064b63002e8311b91ef9ce9ab
See: https://ansible-lint.readthedocs.io/en/latest/default_rules.html#file-permissions-not-mentioned
This commit is contained in:
Sorin Sbarnea 2020-08-27 18:41:21 +01:00
parent 73a2da3b12
commit 856866fdde
6 changed files with 11 additions and 0 deletions

View File

@ -28,6 +28,7 @@
copy: copy:
content: "{{ buildset_registry.cert }}" content: "{{ buildset_registry.cert }}"
dest: "{{ buildkit_cert_tmp.path }}" dest: "{{ buildkit_cert_tmp.path }}"
mode: preserve
when: buildset_registry is defined and buildset_registry.cert when: buildset_registry is defined and buildset_registry.cert
- name: Copy buildset registry TLS cert into worker container - name: Copy buildset registry TLS cert into worker container

View File

@ -2,6 +2,7 @@
file: file:
path: "{{ git_cache_root }}/{{ zj_project.canonical_name | dirname }}" path: "{{ git_cache_root }}/{{ zj_project.canonical_name | dirname }}"
state: directory state: directory
mode: 0775
with_items: "{{ zuul.projects.values() | list }}" with_items: "{{ zuul.projects.values() | list }}"
loop_control: loop_control:
loop_var: zj_project loop_var: zj_project

View File

@ -34,11 +34,13 @@
file: file:
state: directory state: directory
path: /etc/docker path: /etc/docker
mode: 0755
- name: Write buildset registry TLS certificate - name: Write buildset registry TLS certificate
become: true become: true
copy: copy:
content: "{{ buildset_registry.cert }}" content: "{{ buildset_registry.cert }}"
dest: "{{ ca_dir }}/{{ buildset_registry_alias }}.crt" dest: "{{ ca_dir }}/{{ buildset_registry_alias }}.crt"
mode: 0644
register: _tls_ca register: _tls_ca
- name: Update CA certs - name: Update CA certs
command: "{{ ca_command }}" command: "{{ ca_command }}"
@ -74,6 +76,7 @@
copy: copy:
content: "{{ docker_config | to_nice_json }}" content: "{{ docker_config | to_nice_json }}"
dest: /etc/docker/daemon.json dest: /etc/docker/daemon.json
mode: 0644
become: true become: true
- name: Restart docker daemon - name: Restart docker daemon
@ -89,6 +92,7 @@
file: file:
state: directory state: directory
path: /etc/containers path: /etc/containers
mode: 0755
- name: Modify registries.conf - name: Modify registries.conf
become: yes become: yes
modify_registries_conf: modify_registries_conf:
@ -102,6 +106,7 @@
file: file:
state: directory state: directory
path: /etc/buildkit/ path: /etc/buildkit/
mode: 0755
- name: Modify buildkitd.toml - name: Modify buildkitd.toml
become: yes become: yes
modify_buildkitd_toml: modify_buildkitd_toml:

View File

@ -48,6 +48,7 @@
copy: copy:
content: "{{ docker_config | to_nice_json }}" content: "{{ docker_config | to_nice_json }}"
dest: "/run/user/{{ ansible_user_uid }}/auth.json" dest: "/run/user/{{ ansible_user_uid }}/auth.json"
mode: 0600
# The next two tasks are for supporting k8s # The next two tasks are for supporting k8s
- name: Check if /var/lib/kubelet exists - name: Check if /var/lib/kubelet exists
stat: stat:

View File

@ -3,6 +3,7 @@
file: file:
state: directory state: directory
path: /etc/docker path: /etc/docker
mode: 0755
- name: Set docker_mirror fact - name: Set docker_mirror fact
when: when:

View File

@ -19,6 +19,7 @@
file: file:
path: "{{ registry_tempdir.path }}/auth" path: "{{ registry_tempdir.path }}/auth"
state: directory state: directory
mode: 0755
- name: Install passlib for htpasswd - name: Install passlib for htpasswd
become: true become: true
@ -33,6 +34,7 @@
create: true create: true
crypt_scheme: bcrypt crypt_scheme: bcrypt
path: "{{ registry_tempdir.path }}/auth/htpasswd" path: "{{ registry_tempdir.path }}/auth/htpasswd"
mode: 0644
name: "{{ registry.username }}" name: "{{ registry.username }}"
password: "{{ registry.password }}" password: "{{ registry.password }}"