Drop owner/group from /var/lib/openstack

These tasks run with "become: true", so the /var/lib/openstack dir should be root owned, just like the scripts created in the dir. Also correct the path to the tmpwatch script when it is set in the crontab, and in the molecule verify.yml. Signed-off-by: James Slagle <[email protected]>
openstack-k8s-operators · Jan 22, 2025 · a590bf7 · a590bf7
1 parent 3aa0b70
commit a590bf7
Show file tree

Hide file tree

Showing 4 changed files with 6 additions and 5 deletions.
diff --git a/roles/edpm_logrotate_crond/molecule/default/converge.yml b/roles/edpm_logrotate_crond/molecule/default/converge.yml
@@ -19,6 +19,7 @@
   hosts: all
   gather_facts: false
   tasks:
+
     - name: install edpm_logrotate_crond
       include_role:
         name: "osp.edpm.edpm_logrotate_crond"

diff --git a/roles/edpm_logrotate_crond/molecule/default/verify.yml b/roles/edpm_logrotate_crond/molecule/default/verify.yml
@@ -23,15 +23,15 @@
 
     - name: Push script
       ansible.builtin.stat:
-        path: /usr/local/sbin/containers-tmpwatch
+        path: /var/lib/openstack/cron/containers-tmpwatch
       register: stat_result
       failed_when: not stat_result.stat.exists
 
     - name: Insert cronjob in root crontab
       ansible.builtin.shell:
         crontab -l
       register: crontab
-      failed_when: "'@daily /usr/local/sbin/containers-tmpwatch' not in crontab.stdout"
+      failed_when: "'@daily /var/lib/openstack/cron/containers-tmpwatch' not in crontab.stdout"
 
     - name: Ensure config directories exist
       ansible.builtin.stat:

diff --git a/roles/edpm_logrotate_crond/tasks/configure.yml b/roles/edpm_logrotate_crond/tasks/configure.yml
@@ -22,8 +22,6 @@
         path: "/var/lib/openstack"
         mode: 0755
         state: directory
-        owner: "{{ ansible_user }}"
-        group: "{{ ansible_user }}"
         setype: "container_file_t"
 
     - name: Create /var/lib/openstack/cron
@@ -52,7 +50,7 @@
         name: "Remove old logs"
         special_time: "daily"
         user: "root"
-        job: "/usr/local/sbin/containers-tmpwatch"
+        job: "/var/lib/openstack/cron/containers-tmpwatch"
 
 - name: Configure logrotate_crond
   become: true

diff --git a/roles/edpm_logrotate_crond/tasks/install.yml b/roles/edpm_logrotate_crond/tasks/install.yml
@@ -18,6 +18,8 @@
 - name: Gather local facts
   ansible.builtin.setup:
     gather_subset:
+      - "!all"
+      - "!min"
       - "local"
 
 - name: Install cronie