tripleo_create_admin creates a user with wrong permissions in the $HOME dir
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
tripleo |
In Progress
|
High
|
Francesco Pantano |
Bug Description
When the standalone job is run, during the ceph provisioning the playbook [1] is run with the purpose of creating the ceph-admin user, used later in the process by cephadm.
However, during the execution of [2], the resulting user has wrong permissions in the generated $HOME dir.
As per my tests on the useradd module, using the TripleO provided inventory I find the following:
- hosts: overcloud
become: true
tasks:
- name: create user
user:
name: test
[root@standalone ~]# ls -ldZ /home/*
drwx------. 2 qemu qemu unconfined_
drwx------. 2 1001 1002 unconfined_
[root@standalone ~]# getent group | grep test
test:x:1003:
[root@standalone ~]# getent passwd | grep test
test:x:
[root@standalone ~]#
"""
But .... running the same playbook with: hosts: localhost OR hosts: overcloud the home directory is created w/o issues.
"""
- hosts: overcloud
become: true
tasks:
- name: create user
user:
name: test1
[root@standalone ~]# ls -ldZ /home/*
drwx------. 2 qemu qemu unconfined_
drwx------. 2 1001 1002 unconfined_
drwx------. 2 test1 test1 unconfined_
There are no other places in the code where permissions are changed/modified, so it's safe having a task to make sure the HOME dir is created with the right permissions and the user can use it.
Changed in tripleo: | |
assignee: | nobody → Francesco Pantano (fmount) |
https:/ /review. opendev. org/c/openstack /tripleo- ansible/ +/778624