diff --git a/ansible/roles/kolla-ansible/tasks/config.yml b/ansible/roles/kolla-ansible/tasks/config.yml
index 1f9e9fd34d4aa67556a8ec5ef393e8d8fe5ae66b..1223061aa9118822b4f139dc486359b166ee1598 100644
--- a/ansible/roles/kolla-ansible/tasks/config.yml
+++ b/ansible/roles/kolla-ansible/tasks/config.yml
@@ -3,7 +3,9 @@
file:
path: "{{ item }}"
state: directory
- mode: 0755
+ owner: "{{ ansible_user }}"
+ group: "{{ ansible_user }}"
+ mode: 0750
become: True
with_items:
- "{{ kolla_config_path }}"
@@ -14,8 +16,7 @@
template:
src: "{{ item.src }}"
dest: "{{ kolla_config_path }}/{{ item.dest }}"
- mode: 0644
- become: True
+ mode: 0640
with_items:
- { src: seed.j2, dest: inventory/seed }
- { src: overcloud.j2, dest: inventory/overcloud }
@@ -29,9 +30,9 @@
- name: Generate Kolla passwords
shell: >
cp {{ kolla_ansible_install_dir }}/etc_examples/kolla/passwords.yml {{ kolla_config_path }}/passwords.yml.generated
+ && chmod 640 {{ kolla_config_path }}/passwords.yml.generated
&& {{ kolla_venv }}/bin/kolla-genpwd -p {{ kolla_config_path }}/passwords.yml.generated
&& mv {{ kolla_config_path }}/passwords.yml.generated {{ kolla_config_path }}/passwords.yml
- become: True
when: not kolla_passwords_stat.stat.exists
- name: Read the Kolla passwords file
@@ -44,5 +45,4 @@
copy:
content: "{{ passwords_result.content | b64decode | from_yaml | combine(kolla_ansible_custom_passwords) | to_nice_yaml }}"
dest: "{{ kolla_config_path }}/passwords.yml"
- become: True
when: "{{ kolla_ansible_custom_passwords }}"
diff --git a/ansible/roles/kolla-ansible/tasks/install.yml b/ansible/roles/kolla-ansible/tasks/install.yml
index 9167f9b1d62ea0490f99a40bff570ea16da8f348..ab190d272eabd77ecfe8804f65471de6833d5950 100644
--- a/ansible/roles/kolla-ansible/tasks/install.yml
+++ b/ansible/roles/kolla-ansible/tasks/install.yml
@@ -13,13 +13,15 @@
- python-pip
- python-virtualenv
-- name: Ensure the latest version of pip is installed
- pip:
- name: "{{ item.name }}"
- state: latest
- virtualenv: "{{ kolla_venv }}"
- with_items:
- - { name: pip }
+- name: Ensure source code checkout path exists
+ file:
+ path: "{{ source_checkout_path }}"
+ state: directory
+ owner: "{{ ansible_user }}"
+ group: "{{ ansible_user }}"
+ recurse: True
+ become: True
+ when: "{{ kolla_ctl_install_type == 'source' }}"
- name: Ensure Kolla Ansible source code checkout exists
git:
@@ -28,6 +30,14 @@
version: "{{ kolla_ansible_source_version }}"
when: "{{ kolla_ctl_install_type == 'source' }}"
+- name: Ensure the latest version of pip is installed
+ pip:
+ name: "{{ item.name }}"
+ state: latest
+ virtualenv: "{{ kolla_venv }}"
+ with_items:
+ - { name: pip }
+
- name: Ensure required Python packages are installed
pip:
name: "{{ item.name }}"
diff --git a/ansible/roles/kolla-bifrost/tasks/config.yml b/ansible/roles/kolla-bifrost/tasks/config.yml
index eae1faf6db7bde662ecf2f54509dba2e653c2caa..9469bff2758b1b8fc1183fe122e215779244e026 100644
--- a/ansible/roles/kolla-bifrost/tasks/config.yml
+++ b/ansible/roles/kolla-bifrost/tasks/config.yml
@@ -3,15 +3,13 @@
file:
path: "{{ kolla_node_custom_config_path }}/bifrost"
state: directory
- mode: 0755
- become: True
+ mode: 0750
- name: Ensure the Kolla Bifrost configuration files exist
template:
src: "{{ item.src }}"
dest: "{{ kolla_node_custom_config_path }}/bifrost/{{ item.dest }}"
- mode: 0644
- become: True
+ mode: 0640
with_items:
- { src: bifrost.yml.j2, dest: bifrost.yml }
- { src: dib.yml.j2, dest: dib.yml }
diff --git a/ansible/roles/kolla-bifrost/tasks/install.yml b/ansible/roles/kolla-bifrost/tasks/install.yml
index 82a2e48a361f459f5cba5244d577df069313be7c..e5cef1999049179646bbf4850a7563970f37b76c 100644
--- a/ansible/roles/kolla-bifrost/tasks/install.yml
+++ b/ansible/roles/kolla-bifrost/tasks/install.yml
@@ -12,19 +12,14 @@
- python-pip
- python-virtualenv
-- name: Ensure the latest version of pip is installed
- pip:
- name: "{{ item.name }}"
- state: latest
- virtualenv: "{{ kolla_bifrost_venv }}"
- with_items:
- - { name: pip }
-
- name: Ensure source code checkout path exists
file:
path: "{{ source_checkout_path }}"
state: directory
+ owner: "{{ ansible_user }}"
+ group: "{{ ansible_user }}"
recurse: True
+ become: True
- name: Ensure Bifrost source code checkout exists
git:
@@ -32,6 +27,14 @@
dest: "{{ source_checkout_path }}/bifrost"
version: "{{ kolla_bifrost_source_version }}"
+- name: Ensure the latest version of pip is installed
+ pip:
+ name: "{{ item.name }}"
+ state: latest
+ virtualenv: "{{ kolla_bifrost_venv }}"
+ with_items:
+ - { name: pip }
+
- name: Ensure required Python packages are installed
pip:
name: "{{ item.name }}"
diff --git a/ansible/roles/kolla-build/tasks/main.yml b/ansible/roles/kolla-build/tasks/main.yml
index e4eac152f0e5da094749b809108bbcf4d6f52b77..875acdf1690a544bafac0bbe06c358ada9f57588 100644
--- a/ansible/roles/kolla-build/tasks/main.yml
+++ b/ansible/roles/kolla-build/tasks/main.yml
@@ -4,7 +4,6 @@
src: "{{ item.src }}"
dest: "{{ kolla_config_path }}/{{ item.dest }}"
mode: 0644
- become: True
with_items:
- { src: kolla-build.conf.j2, dest: kolla-build.conf }
- { src: template-override.j2.j2, dest: template-override.j2 }
diff --git a/ansible/roles/kolla-openstack/tasks/config.yml b/ansible/roles/kolla-openstack/tasks/config.yml
index 0f2c7e46e5c73afadca017dde4defa8acbb324ab..0bc69f50ab5994ff71c1df536ef93a8a749bef65 100644
--- a/ansible/roles/kolla-openstack/tasks/config.yml
+++ b/ansible/roles/kolla-openstack/tasks/config.yml
@@ -3,8 +3,7 @@
file:
path: "{{ kolla_node_custom_config_path }}/{{ item.name }}"
state: directory
- mode: 0755
- become: True
+ mode: 0750
with_items:
- { name: ironic, enabled: "{{ kolla_enable_ironic }}" }
- { name: swift, enabled: "{{ kolla_enable_swift }}" }
@@ -14,8 +13,7 @@
template:
src: "{{ item.src }}"
dest: "{{ kolla_node_custom_config_path }}/{{ item.dest }}"
- mode: 0644
- become: True
+ mode: 0640
with_items:
- { src: glance.conf.j2, dest: glance.conf, enabled: "{{ kolla_enable_glance }}" }
- { src: ironic.conf.j2, dest: ironic.conf, enabled: "{{ kolla_enable_ironic }}" }
@@ -28,7 +26,7 @@
get_url:
url: "{{ item.url }}"
dest: "{{ kolla_node_custom_config_path }}/ironic/{{ item.dest }}"
- become: True
+ mode: 0640
with_items:
- { url: "{{ kolla_inspector_ipa_kernel_upstream_url }}", dest: "ironic-agent.kernel" }
- { url: "{{ kolla_inspector_ipa_ramdisk_upstream_url }}", dest: "ironic-agent.initramfs" }
diff --git a/ansible/roles/kolla/tasks/config.yml b/ansible/roles/kolla/tasks/config.yml
index f139a9531a0798b09609caa9ddbadbdde01b6670..1aac76b04bb4694b532d14318d11ad3a3b323ae4 100644
--- a/ansible/roles/kolla/tasks/config.yml
+++ b/ansible/roles/kolla/tasks/config.yml
@@ -3,7 +3,9 @@
file:
path: "{{ item }}"
state: directory
- mode: 0755
+ owner: "{{ ansible_user }}"
+ group: "{{ ansible_user }}"
+ mode: 0750
become: True
with_items:
- "{{ kolla_config_path }}"
diff --git a/ansible/roles/kolla/tasks/install.yml b/ansible/roles/kolla/tasks/install.yml
index 8e4cde0f9cb9354e47fde01a1d2f7448e35e352b..c7ec465e6a67e702bf10989520f711640a3655a4 100644
--- a/ansible/roles/kolla/tasks/install.yml
+++ b/ansible/roles/kolla/tasks/install.yml
@@ -12,19 +12,15 @@
- python-pip
- python-virtualenv
-- name: Ensure the latest version of pip is installed
- pip:
- name: "{{ item.name }}"
- state: latest
- virtualenv: "{{ kolla_venv }}"
- with_items:
- - { name: pip }
-
- name: Ensure source code checkout path exists
file:
path: "{{ source_checkout_path }}"
state: directory
+ owner: "{{ ansible_user }}"
+ group: "{{ ansible_user }}"
recurse: True
+ become: True
+ when: "{{ kolla_ctl_install_type == 'source' }}"
- name: Ensure Kolla source code checkout exists
git:
@@ -33,6 +29,14 @@
version: "{{ kolla_source_version }}"
when: "{{ kolla_ctl_install_type == 'source' }}"
+- name: Ensure the latest version of pip is installed
+ pip:
+ name: "{{ item.name }}"
+ state: latest
+ virtualenv: "{{ kolla_venv }}"
+ with_items:
+ - { name: pip }
+
- name: Ensure required Python packages are installed
pip:
name: "{{ item.name }}"