The Ansible commands are executed as user heat-admin on the nodes, and some tasks need to read and/or write to directories that are owned by the containers (ie with a numeric id on the host itself).
Example failures:
TASK [Get recon data] **************************************************************************************************
fatal: [192.168.24.6]: FAILED! => {"changed": true, "cmd": ["cat", "/var/cache/swift/object.recon"], "delta": "0:00:00.008567", "end": "2018-03-26 09:23:03.873263", "msg": "non-zero return code", "rc": 1, "start": "2018-03-26 09:23:03.864696", "stderr": "cat: /var/cache/swift/object.recon: Permission denied", "stderr_lines": ["cat: /var/cache/swift/object.recon: Permission denied"], "stdout": "", "stdout_lines": []}
TASK [Extract Swift rings] **************************************************************************************************************************************************
fatal: [192.168.24.14]: FAILED! => {"changed": false, "dest": "//var/lib/config-data/puppet-generated/swift/", "extract_results": {"cmd": ["/usr/bin/gtar", "--extract", "-C", "//var/lib/config-data/puppet-generated/swift/", "-z", "-f", "/tmp/swift-rings.tar.gz"], "err": "/usr/bin/gtar: etc/swift/backups: Cannot utime: Operation not permitted\n/usr/bin/gtar: etc/swift/account.builder: Cannot open: File exists\n/usr/bin/gtar: etc/swift/container.builder: Cannot open: File exists\n/usr/bin/gtar: etc/swift/object.builder: Cannot open: File exists\n/usr/bin/gtar: etc/swift/account.ring.gz: Cannot open: File exists\n/usr/bin/gtar: etc/swift/container.ring.gz: Cannot open: File exists\n/usr/bin/gtar: etc/swift/object.ring.gz: Cannot open: File exists\n/usr/bin/gtar: etc/swift/backups/1522047496.object.builder: Cannot open: File exists\n/usr/bin/gtar: etc/swift/backups/1522047496.account.builder: Cannot open: File exists\n/usr/bin/gtar: etc/swift/backups/1522047497.container.builder: Cannot open: File exists\n/usr/bin/gtar: etc/swift/backups/1522047508.object.ring.gz: Cannot open: File exists\n/usr/bin/gtar: etc/swift/backups/1522047508.object.builder: Cannot open: File exists\n/usr/bin/gtar: etc/swift/backups/1522047509.account.ring.gz: Cannot open: File exists\n/usr/bin/gtar: etc/swift/backups/1522047509.account.builder: Cannot open: File exists\n/usr/bin/gtar: etc/swift/backups/1522047509.container.ring.gz: Cannot open: File exists\n/usr/bin/gtar: etc/swift/backups/1522047509.container.builder: Cannot open: File exists\n/usr/bin/gtar: etc/swift: Cannot utime: Operation not permitted\n/usr/bin/gtar: etc/swift: Cannot change mode to rwxrwxr-x: Operation not permitted\n/usr/bin/gtar: Exiting with failure status due to previous errors\n", "out": "", "rc": 2}, "gid": 0, "group": "root", "handler": "TgzArchive", "mode": "0755", "msg": "failed to unpack /tmp/swift-rings.tar.gz to //var/lib/config-data/puppet-generated/swift/", "owner": "root", "secontext": "system_u:object_r:container_var_lib_t:s0", "size": 17, "src": "/tmp/swift-rings.tar.gz", "state": "directory", "uid": 0}
Fix proposed to branch: master /review. openstack. org/556928
Review: https:/