tripleo

undercloud ansible_connection should be localhost

Bug #1884123 reported by John Fulton
12
This bug affects 3 people
Affects Status Importance Assigned to Milestone
tripleo
Fix Released
High
John Fulton
tripleo victoria-1 "tripleo victoria"

Bug Description

The inventory generated by config-download sets ansible_host=localhost and ansible_connection=ssh.

This can result in permissions problems because when ssh is used in TripleO the ansible_ssh_user will default to tripleo-admin. However, as per the removal of Mistal by the following patch config-download executes the playbooks in /home/stack.

https://github.com/openstack/python-tripleoclient/commit/191438f7435aa19e9656a2052bbb6fa5ce7b6b32#diff-f65025c157b1193fd86c95a092eb1000R54

An easy way to avoid these permissions issues is to use ansible_connection=local.

Given ansible_host is localhost it should be safe to set ansible_connection to local instead.

Revision history for this message
John Fulton (jfulton-org) wrote :

An example of the permissions problems which can happen can be seen in https://bugs.launchpad.net/tripleo/+bug/1880579

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (master)

Fix proposed to branch: master
Review: https://review.opendev.org/736804

Changed in tripleo:
status: Triaged → In Progress
Bogdan Dobrelya (bogdando)
tags: added: train-backport-potential
Revision history for this message
John Fulton (jfulton-org) wrote :

We can backport this to U because Mistral was removed then, but we shouldn't backport it to T because the Ansible execution runs in a Mistral container.

tags: removed: train-backport-potential
OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: John Fulton (jfulton-org) → Sergii Golovatiuk (sgolovatiuk)
OpenStack Infra (hudson-openstack)
Changed in tripleo:
assignee: Sergii Golovatiuk (sgolovatiuk) → John Fulton (jfulton-org)
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (master)

Reviewed: https://review.opendev.org/736804
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=97c7d26721894cfe12a5397c789b9da1ae2d1ab0
Submitter: Zuul
Branch: master

commit 97c7d26721894cfe12a5397c789b9da1ae2d1ab0
Author: John Fulton <email address hidden>
Date: Thu Jun 18 19:05:59 2020 +0000

    Set undercloud ansible_connection to local

    The Ansible undercloud connection defaults to local but
    the inventory object constructor overrode it to SSH for
    Mistral. Now that Mistral has been removed we can remove
    the override and use local. This also avoids permission
    conflicts between the default ansible_ssh_user and the
    user running the playbook as per the bug this patch
    closes.

    Change-Id: Iac7c15572f83e77241bbc1469d3e3debc8ac011b
    Closes-Bug: #1884123

Changed in tripleo:
status: In Progress → Fix Released
Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix proposed to tripleo-common (stable/ussuri)

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/737748

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to tripleo-common (stable/ussuri)

Reviewed: https://review.opendev.org/737748
Committed: https://git.openstack.org/cgit/openstack/tripleo-common/commit/?id=93cba1fc6e7701f5b02b19218dff5f4cd2bbd727
Submitter: Zuul
Branch: stable/ussuri

commit 93cba1fc6e7701f5b02b19218dff5f4cd2bbd727
Author: John Fulton <email address hidden>
Date: Thu Jun 18 19:05:59 2020 +0000

    Set undercloud ansible_connection to local

    The Ansible undercloud connection defaults to local but
    the inventory object constructor overrode it to SSH for
    Mistral. Now that Mistral has been removed we can remove
    the override and use local. This also avoids permission
    conflicts between the default ansible_ssh_user and the
    user running the playbook as per the bug this patch
    closes.

    Change-Id: Iac7c15572f83e77241bbc1469d3e3debc8ac011b
    Closes-Bug: #1884123
    (cherry picked from commit 97c7d26721894cfe12a5397c789b9da1ae2d1ab0)

tags: added: in-stable-ussuri
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.