From a477cd90223be571c39a21a695ab5a3d9b800346 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Wed, 17 Aug 2022 11:29:21 +0100
Subject: [PATCH] Fix use of become_user by installing acl package

Change-Id: I69bf810632d09eddaa3983ae56e833debe9fd03b
---
 ansible/roles/dev-tools/defaults/main.yml                | 3 +++
 ansible/roles/pip/tasks/pip_conf.yml                     | 9 ---------
 .../notes/install-acl-package-0f21c110cd07537c.yaml      | 6 ++++++
 3 files changed, 9 insertions(+), 9 deletions(-)
 create mode 100644 releasenotes/notes/install-acl-package-0f21c110cd07537c.yaml

diff --git a/ansible/roles/dev-tools/defaults/main.yml b/ansible/roles/dev-tools/defaults/main.yml
index bcae9cbf..eb61072c 100644
--- a/ansible/roles/dev-tools/defaults/main.yml
+++ b/ansible/roles/dev-tools/defaults/main.yml
@@ -1,6 +1,9 @@
 ---
 # List of default packages to install.
 dev_tools_packages_default:
+  # NOTE(mgoddard): The acl package is required for the setfacl command, used by
+  # become_user.
+  - acl
   - bash-completion
   - tcpdump
   - vim
diff --git a/ansible/roles/pip/tasks/pip_conf.yml b/ansible/roles/pip/tasks/pip_conf.yml
index ce164f36..6d473da0 100644
--- a/ansible/roles/pip/tasks/pip_conf.yml
+++ b/ansible/roles/pip/tasks/pip_conf.yml
@@ -1,13 +1,4 @@
 ---
-# NOTE(mgoddard): The acl package is required for the setfacl command, used by
-# become_user.
-- name: Ensure acl package is installed
-  package:
-    name: acl
-    cache_valid_time: "{{ apt_cache_valid_time if ansible_facts.os_family == 'Debian' else omit }}"
-    update_cache: "{{ True if ansible_facts.os_family == 'Debian' else omit }}"
-  become: true
-
 - name: Create local .pip directory
   file:
     path: "~{{ item }}/.pip"
diff --git a/releasenotes/notes/install-acl-package-0f21c110cd07537c.yaml b/releasenotes/notes/install-acl-package-0f21c110cd07537c.yaml
new file mode 100644
index 00000000..d67d8f86
--- /dev/null
+++ b/releasenotes/notes/install-acl-package-0f21c110cd07537c.yaml
@@ -0,0 +1,6 @@
+---
+fixes:
+  - |
+    Fixes an issue where a custom playbook using `become_user` could fail when
+    setting permissions on temporary files. The `acl` package is now installed
+    on all systems by default.
-- 
GitLab