From a590bf72d8468ee2bb3ed2cb904c924d7fced39d Mon Sep 17 00:00:00 2001
From: James Slagle <jslagle@redhat.com>
Date: Wed, 22 Jan 2025 10:32:26 -0500
Subject: [PATCH] Drop owner/group from /var/lib/openstack

These tasks run with "become: true", so the /var/lib/openstack dir
should be root owned, just like the scripts created in the dir.

Also correct the path to the tmpwatch script when it is set in the
crontab, and in the molecule verify.yml.

Signed-off-by: James Slagle <jslagle@redhat.com>
---
 roles/edpm_logrotate_crond/molecule/default/converge.yml | 1 +
 roles/edpm_logrotate_crond/molecule/default/verify.yml   | 4 ++--
 roles/edpm_logrotate_crond/tasks/configure.yml           | 4 +---
 roles/edpm_logrotate_crond/tasks/install.yml             | 2 ++
 4 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/roles/edpm_logrotate_crond/molecule/default/converge.yml b/roles/edpm_logrotate_crond/molecule/default/converge.yml
index 312986570..3b2315dba 100644
--- a/roles/edpm_logrotate_crond/molecule/default/converge.yml
+++ b/roles/edpm_logrotate_crond/molecule/default/converge.yml
@@ -19,6 +19,7 @@
   hosts: all
   gather_facts: false
   tasks:
+
     - name: install edpm_logrotate_crond
       include_role:
         name: "osp.edpm.edpm_logrotate_crond"
diff --git a/roles/edpm_logrotate_crond/molecule/default/verify.yml b/roles/edpm_logrotate_crond/molecule/default/verify.yml
index b041dfdb9..d806f6dbc 100644
--- a/roles/edpm_logrotate_crond/molecule/default/verify.yml
+++ b/roles/edpm_logrotate_crond/molecule/default/verify.yml
@@ -23,7 +23,7 @@
 
     - name: Push script
       ansible.builtin.stat:
-        path: /usr/local/sbin/containers-tmpwatch
+        path: /var/lib/openstack/cron/containers-tmpwatch
       register: stat_result
       failed_when: not stat_result.stat.exists
 
@@ -31,7 +31,7 @@
       ansible.builtin.shell:
         crontab -l
       register: crontab
-      failed_when: "'@daily /usr/local/sbin/containers-tmpwatch' not in crontab.stdout"
+      failed_when: "'@daily /var/lib/openstack/cron/containers-tmpwatch' not in crontab.stdout"
 
     - name: Ensure config directories exist
       ansible.builtin.stat:
diff --git a/roles/edpm_logrotate_crond/tasks/configure.yml b/roles/edpm_logrotate_crond/tasks/configure.yml
index 120346112..f381b5ab3 100644
--- a/roles/edpm_logrotate_crond/tasks/configure.yml
+++ b/roles/edpm_logrotate_crond/tasks/configure.yml
@@ -22,8 +22,6 @@
         path: "/var/lib/openstack"
         mode: 0755
         state: directory
-        owner: "{{ ansible_user }}"
-        group: "{{ ansible_user }}"
         setype: "container_file_t"
 
     - name: Create /var/lib/openstack/cron
@@ -52,7 +50,7 @@
         name: "Remove old logs"
         special_time: "daily"
         user: "root"
-        job: "/usr/local/sbin/containers-tmpwatch"
+        job: "/var/lib/openstack/cron/containers-tmpwatch"
 
 - name: Configure logrotate_crond
   become: true
diff --git a/roles/edpm_logrotate_crond/tasks/install.yml b/roles/edpm_logrotate_crond/tasks/install.yml
index 9bdf291ba..1c73c7d08 100644
--- a/roles/edpm_logrotate_crond/tasks/install.yml
+++ b/roles/edpm_logrotate_crond/tasks/install.yml
@@ -18,6 +18,8 @@
 - name: Gather local facts
   ansible.builtin.setup:
     gather_subset:
+      - "!all"
+      - "!min"
       - "local"
 
 - name: Install cronie