ansible: do not switch user to run task

This is not necessary since all commands in container are executed as the default user which is root alread. This should also fix this issue: containers/ansible-podman-collections#389 Since the code in ansible is hit only when become is used.
pbrezina · Mar 15, 2022 · 87cbfea · 87cbfea
1 parent ed927c8
commit 87cbfea
Show file tree

Hide file tree

Showing 11 changed files with 0 additions and 62 deletions.
diff --git a/src/ansible/roles/cleanup/tasks/main.yml b/src/ansible/roles/cleanup/tasks/main.yml
@@ -1,46 +1,37 @@
 - name: Minimize IPA service container
-  become: True
   block:
   - name: Stop IPA service
-    become: True
     service:
       name: ipa.service
       state: stopped
 
   - name: Remove 389ds database to make image smaller
-    become: True
     shell: rm -f /var/lib/dirsrv/slapd-IPA-TEST/db/__db.*
     args:
       warn: False
   when: inventory_hostname == 'ipa'
 
 - name: Minimize LDAP service container
-  become: True
   block:
   - name: Stop directory service
-    become: True
     service:
       name: [email protected]
       state: stopped
 
   - name: Remove 389ds database to make image smaller
-    become: True
     shell: rm -f /var/lib/dirsrv/slapd-localhost/db/__db.*
     args:
       warn: False
   when: inventory_hostname == 'ldap'
 
 - name: Minimize client service container
-  become: True
   block:
   - name: Stop SSSD service
-    become: True
     service:
       name: sssd.service
       state: stopped
 
   - name: Remove SSSD's database and logs
-    become: True
     shell: rm -f /var/lib/sss/db/* /var/lib/sss/mc/* /var/log/sssd/*
     args:
       warn: False

diff --git a/src/ansible/roles/client/tasks/main.yml b/src/ansible/roles/client/tasks/main.yml
@@ -1,5 +1,4 @@
 - name: Create /enrollment directory
-  become: True
   file:
     path: /enrollment
     state: directory
@@ -8,7 +7,6 @@
     mode: '0700'
 
 - name: Join IPA domain
-  become: True
   shell: |
     /usr/sbin/ipa-client-install --unattended --no-ntp \
       --domain {{ service.ipa.domain | quote }}        \
@@ -18,15 +16,13 @@
     creates: /etc/ipa/ca.crt
 
 - name: Copy IPA keytab to /enrollment/ipa.keytab
-  become: True
   copy:
     src: /etc/krb5.keytab
     dest: '/enrollment/ipa.keytab'
     mode: 0600
     remote_src: yes
 
 - name: Cleanup after joining the IPA domain
-  become: True
   file:
     path: '{{ item }}'
     state: absent
@@ -36,21 +32,18 @@
   - /etc/sssd/sssd.conf
 
 - name: Join Samba domain
-  become: True
   command: realm join {{ service.samba.domain | quote }}
   args:
     stdin: '{{ service.samba.password }}'
 
 - name: Copy Samba keytab to /enrollment/samba.keytab
-  become: True
   copy:
     src: /etc/krb5.keytab
     dest: /enrollment/samba.keytab
     mode: 0600
     remote_src: yes
 
 - name: Cleanup after joining the Samba domain
-  become: True
   file:
     path: '{{ item }}'
     state: absent
@@ -60,14 +53,12 @@
   - /etc/sssd/sssd.conf
 
 - name: Stop SSSD
-  become: True
   service:
     name: sssd.service
     enabled: yes
     state: stopped
 
 - name: Create /etc/sssd/sssd.conf
-  become: True
   template:
     src: sssd.conf
     dest: /etc/sssd/sssd.conf
@@ -76,7 +67,6 @@
     mode: 0600
 
 - name: Create /etc/krb5.conf
-  become: True
   template:
     src: krb5.conf
     dest: /etc/krb5.conf

diff --git a/src/ansible/roles/common/tasks/main.yml b/src/ansible/roles/common/tasks/main.yml
@@ -1,5 +1,4 @@
 - name: Create /etc/sudoers
-  become: True
   template:
     src: sudoers
     dest: /etc/sudoers
@@ -8,7 +7,6 @@
     mode: 0600
 
 - name: Copy common data
-  become: True
   synchronize:
     src: '{{ playbook_dir }}/../../data/'
     dest: /data/
@@ -17,21 +15,18 @@
     - '--chown=root:root'
 
 - name: 'Change root password'
-  become: True
   user:
     name: root
     update_password: always
     password: '{{ user.root.password | password_hash("sha512") }}'
 
 - name: 'Create /root/.ssh directory'
-  become: True
   file:
     path: '/root/.ssh'
     state: directory
     mode: 0700
 
 - name: Copy root user ssh keys
-  become: True
   copy:
     src: '{{ playbook_dir }}/../../data/ssh-keys/{{ item.src }}'
     dest: '/root/.ssh/{{ item.dest }}'
@@ -44,14 +39,12 @@
   - { src: 'root.id_rsa.pub', dest: 'id_rsa.pub' }
 
 - name: 'Create wheel group'
-  become: True
   group:
     name: wheel
     system: yes
     state: present
 
 - name: 'Create {{ user.regular.name }} user'
-  become: True
   user:
     name: '{{ user.regular.name }}'
     uid: 1000
@@ -61,14 +54,12 @@
     password: '{{ user.regular.password | password_hash("sha512") }}'
 
 - name: 'Create /home/{{ user.regular.name }}/.ssh directory'
-  become: True
   file:
     path: '/home/{{ user.regular.name }}/.ssh'
     state: directory
     mode: 0700
 
 - name: Copy ci user ssh keys
-  become: True
   copy:
     src: '{{ playbook_dir }}/../../data/ssh-keys/{{ item.src }}'
     dest: '/home/{{ user.regular.name }}/.ssh/{{ item.dest }}'

diff --git a/src/ansible/roles/ipa/tasks/main.yml b/src/ansible/roles/ipa/tasks/main.yml
@@ -1,5 +1,4 @@
 - name: Install IPA server
-  become: True
   shell: |
     set -e
 
@@ -62,7 +61,6 @@
       {{ service.ipa.password }}
 
 - name: Install IPA-AD trust
-  become: True
   shell: |
     /usr/sbin/ipa-adtrust-install --unattended                 \
       --netbios-name={{ service.ipa.netbios | quote }}         \

diff --git a/src/ansible/roles/ldap/tasks/main.yml b/src/ansible/roles/ldap/tasks/main.yml
@@ -1,5 +1,4 @@
 - name: Create /root/localhost.inf
-  become: True
   template:
     src: instance.inf
     dest: /root/localhost.inf
@@ -8,21 +7,18 @@
     mode: 0600
 
 - name: Create directory server instance
-  become: True
   shell: |
     dscreate from-file /root/localhost.inf
   args:
     creates: '/etc/dirsrv/slapd-localhost'
 
 - name: Install ldap certificate
-  become: True
   shell: |
     dsconf localhost security ca-certificate add --file /data/certs/ca.crt --name "sssd-ca"
     dsconf localhost security ca-certificate set-trust-flags "sssd-ca" --flags "CT,,"
     dsctl localhost tls import-server-key-cert /data/certs/master.ldap.test.crt /data/certs/master.ldap.test.key
 
 - name: Grant read-only anonymous access
-  become: True
   shell: |
     ldapmodify -D "{{ service.ldap.bind.dn }}" -w "{{ service.ldap.bind.password }}" -H ldap://localhost -x
   args:

diff --git a/src/ansible/roles/packages/tasks/Debian.yml b/src/ansible/roles/packages/tasks/Debian.yml
@@ -32,7 +32,6 @@
   when: inventory_hostname == 'base-ground'
 
 - name: Install packages for client base image
-  become: True
   block:
   - name: Install SSSD and its dependencies
     apt:
@@ -48,10 +47,8 @@
   when: inventory_hostname == 'base-client'
 
 - name: Install additional packages for client development image
-  become: True
   block:
   - name: Install SSSD build and integration tests dependencies
-    become: True
     apt:
       state: present
       update_cache: yes

diff --git a/src/ansible/roles/packages/tasks/Fedora.yml b/src/ansible/roles/packages/tasks/Fedora.yml
@@ -49,7 +49,6 @@
   when: inventory_hostname == 'base-ground'
 
 - name: Install packages for client base image
-  become: True
   block:
   - name: Install SSSD and its dependencies
     dnf:
@@ -60,7 +59,6 @@
       - sssd
       - sssd-*
   - name: Install debug information for selected packages
-    become: True
     shell: |
       dnf debuginfo-install -y  \
         dbus                    \
@@ -76,10 +74,8 @@
   when: inventory_hostname == 'base-client'
 
 - name: Install packages for LDAP base image
-  become: True
   block:
   - name: Install 389ds
-    become: True
     dnf:
       state: present
       name:
@@ -88,10 +84,8 @@
   when: inventory_hostname == 'base-ldap'
 
 - name: Install packages for IPA base image
-  become: True
   block:
   - name: Install IPA
-    become: True
     dnf:
       state: present
       name:
@@ -101,10 +95,8 @@
   when: inventory_hostname == 'base-ipa'
 
 - name: Install packages for Samba base image
-  become: True
   block:
   - name: Install Samba DC
-    become: True
     dnf:
       state: present
       name:
@@ -113,15 +105,13 @@
   when: inventory_hostname == 'base-samba'
 
 - name: Install additional packages for client development image
-  become: True
   block:
   - name: Install SSSD build dependencies
     command: dnf build-dep -y sssd
     args:
       warn: False
 
   - name: Install packages required for integration tests
-    become: True
     dnf:
       state: present
       name:

diff --git a/src/ansible/roles/packages/tasks/Ubuntu.yml b/src/ansible/roles/packages/tasks/Ubuntu.yml
@@ -32,7 +32,6 @@
   when: inventory_hostname == 'base-ground'
 
 - name: Install packages for client base image
-  become: True
   block:
   - name: Install SSSD and its dependencies
     apt:
@@ -48,10 +47,8 @@
   when: inventory_hostname == 'base-client'
 
 - name: Install additional packages for client development image
-  become: True
   block:
   - name: Install SSSD build and integration tests dependencies
-    become: True
     apt:
       state: present
       update_cache: yes

diff --git a/src/ansible/roles/packages/tasks/main.yml b/src/ansible/roles/packages/tasks/main.yml
@@ -6,7 +6,6 @@
   - files: '{{ ansible_distribution | distro_includes(ansible_distribution_major_version) }}'
 
 - name: 'Clear package manager cache'
-  become: True
   shell: |
     if [ -f /usr/bin/apt ]; then
       rm -rf /var/lib/apt/lists/*