Cyborg fails to deploy with api-paste permission error

I did try to create an empty file for that in the deploying host's config tree, no dice, same issue.

Missing privesc, fix is:
```
diff --git i/ansible/roles/cyborg/tasks/config.yml w/ansible/roles/cyborg/tasks/config.yml
index 0c4fa0df6..61dcb68ec 100644
--- i/ansible/roles/cyborg/tasks/config.yml
+++ w/ansible/roles/cyborg/tasks/config.yml
@@ -91,6 +91,7 @@
       - "{{ node_custom_config }}/cyborg/cyborg-api-paste.ini"
     dest: "{{ node_config_directory }}/cyborg-api/api-paste.ini"
     mode: "0660"
+ become: true
   when:
     - inventory_hostname in groups['cyborg-api']
     - service.enabled | bool

```
I'm not going to go through the process of signing up for yet another github to commit that (trying to PR on GH repos for openstack has not worked well in the past), but anyone with commit rights, please feel free to take it upstream.

Are you planning to propose this fix?

Please consider the above my proposed fix - they dont take GH pull requests.

We use gerrit [1] for proposing and reviewing code. Documentation for getting set up is at https://docs.openstack.org/contributors/code-and-documentation/quick-start.html.

[1] https://review.openstack.org/

Fix proposed to branch: master
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/802430

In this instance I proposed the fix since it is trivial: https://review.opendev.org/c/openstack/kolla-ansible/+/802430

In future please do consider setting up gerrit - we rely on an active community to submit and fix issues like this. Thank you for raising it.

Thank you for pushing this - i made the mistake of signing up to a bunch of projects' redmines and phabricators over my career, and at this point avoid creating accounts on them because they inevitably get breached, sell my data, or clutter my inbox with incessant notifications and marketing fluff. OpenStack is nowhere near as healthy a community as it once was, and the hurdle of having to "sign up for yet another service" probably has at least something to do with that :-\.

Of course you're right, Gerrit is a barrier to entry. Still, it's not rocket science, and I'm sure with your experience you'd figure it out quickly. These small contributions make the difference between a healthy community and an unhealthy one.

Once i have something of actual value to add, will go through all that - for now i'm just hacking up little fixes. My bigger concern isn't the process, its that i have no idea how well the org protects PII and other data elements about those who create accounts. We have no data protection laws for us citizens, so the best we can do is minimize the number of places that have our data (to sell, use for marketing, identity theft, etc).

For sure, but remember you are using free software that many others have sacrificed PII to help build.

Just to clarify, OpenDev Gerrit uses the same authentication provider as Launchpad. And we are now talking on Launchpad. Conclusions? ;-)

Thats convenient, thank you - i was pretty reticent to sign up for this too, but if this lets me post things up there, then grand and i'll try to figure out process for the next "code-wise" fix i concoct.

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/802430
Committed: https://opendev.org/openstack/kolla-ansible/commit/5cb080247b7cbc2fdf7053e75c5173e5b9f0a6b7
Submitter: "Zuul (22348)"
Branch: master

commit 5cb080247b7cbc2fdf7053e75c5173e5b9f0a6b7
Author: Mark Goddard <email address hidden>
Date: Tue Jul 27 08:52:27 2021 +0100

    cyborg: add missing become for api-paste.ini

    Co-Authored-By: Boris Lukashev

    Change-Id: I52eaf823ae84e01a09a6dcfcbffd7221ff8abfac
    Closes-Bug: #1937911

Fix proposed to branch: stable/wallaby
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/802931

Fix proposed to branch: stable/victoria
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/802932

Fix proposed to branch: stable/ussuri
Review: https://review.opendev.org/c/openstack/kolla-ansible/+/802933

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/802931
Committed: https://opendev.org/openstack/kolla-ansible/commit/53271045dbdd40ae9436ab45b01b837471679e9f
Submitter: "Zuul (22348)"
Branch: stable/wallaby

commit 53271045dbdd40ae9436ab45b01b837471679e9f
Author: Mark Goddard <email address hidden>
Date: Tue Jul 27 08:52:27 2021 +0100

    cyborg: add missing become for api-paste.ini

    Co-Authored-By: Boris Lukashev

    Change-Id: I52eaf823ae84e01a09a6dcfcbffd7221ff8abfac
    Closes-Bug: #1937911
    (cherry picked from commit 5cb080247b7cbc2fdf7053e75c5173e5b9f0a6b7)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/802932
Committed: https://opendev.org/openstack/kolla-ansible/commit/3fdb97b94db7aa529163f0a5233b2d4bfcbb2ffa
Submitter: "Zuul (22348)"
Branch: stable/victoria

commit 3fdb97b94db7aa529163f0a5233b2d4bfcbb2ffa
Author: Mark Goddard <email address hidden>
Date: Tue Jul 27 08:52:27 2021 +0100

    cyborg: add missing become for api-paste.ini

    Co-Authored-By: Boris Lukashev

    Change-Id: I52eaf823ae84e01a09a6dcfcbffd7221ff8abfac
    Closes-Bug: #1937911
    (cherry picked from commit 5cb080247b7cbc2fdf7053e75c5173e5b9f0a6b7)

Reviewed: https://review.opendev.org/c/openstack/kolla-ansible/+/802933
Committed: https://opendev.org/openstack/kolla-ansible/commit/80c0cee82116d1e7841e8ba2c3bd4d18706ba05d
Submitter: "Zuul (22348)"
Branch: stable/ussuri

commit 80c0cee82116d1e7841e8ba2c3bd4d18706ba05d
Author: Mark Goddard <email address hidden>
Date: Tue Jul 27 08:52:27 2021 +0100

    cyborg: add missing become for api-paste.ini

    Co-Authored-By: Boris Lukashev

    Change-Id: I52eaf823ae84e01a09a6dcfcbffd7221ff8abfac
    Closes-Bug: #1937911
    (cherry picked from commit 5cb080247b7cbc2fdf7053e75c5173e5b9f0a6b7)

This issue was fixed in the openstack/kolla-ansible 12.2.0 release.

This issue was fixed in the openstack/kolla-ansible 13.0.0.0rc1 release candidate.

This issue was fixed in the openstack/kolla-ansible 10.4.0 release.

This issue was fixed in the openstack/kolla-ansible 11.2.0 release.

Confirm working on upgrade from Wallaby to Xena using KA13