Drop owner/group from /var/lib/openstack

slagle · slagle · commit a590bf72d846 · 2025-01-22T11:19:52.000-05:00
These tasks run with "become: true", so the /var/lib/openstack dir
should be root owned, just like the scripts created in the dir.

Also correct the path to the tmpwatch script when it is set in the
crontab, and in the molecule verify.yml.

Signed-off-by: James Slagle &lt;jslagle@redhat.com&gt;
diff --git a/roles/edpm_logrotate_crond/molecule/default/converge.yml b/roles/edpm_logrotate_crond/molecule/default/converge.yml
@@ -19,6 +19,7 @@
   hosts: all
   gather_facts: false
   tasks:
+
     - name: install edpm_logrotate_crond
       include_role:
         name: "osp.edpm.edpm_logrotate_crond"
diff --git a/roles/edpm_logrotate_crond/molecule/default/verify.yml b/roles/edpm_logrotate_crond/molecule/default/verify.yml
@@ -23,15 +23,15 @@
 
     - name: Push script
       ansible.builtin.stat:
-        path: /usr/local/sbin/containers-tmpwatch
+        path: /var/lib/openstack/cron/containers-tmpwatch
       register: stat_result
       failed_when: not stat_result.stat.exists
 
     - name: Insert cronjob in root crontab
       ansible.builtin.shell:
         crontab -l
       register: crontab
-      failed_when: "'@daily /usr/local/sbin/containers-tmpwatch' not in crontab.stdout"
+      failed_when: "'@daily /var/lib/openstack/cron/containers-tmpwatch' not in crontab.stdout"
 
     - name: Ensure config directories exist
       ansible.builtin.stat:
diff --git a/roles/edpm_logrotate_crond/tasks/configure.yml b/roles/edpm_logrotate_crond/tasks/configure.yml
@@ -22,8 +22,6 @@
         path: "/var/lib/openstack"
         mode: 0755
         state: directory
-        owner: "{{ ansible_user }}"
-        group: "{{ ansible_user }}"
         setype: "container_file_t"
 
     - name: Create /var/lib/openstack/cron
@@ -52,7 +50,7 @@
         name: "Remove old logs"
         special_time: "daily"
         user: "root"
-        job: "/usr/local/sbin/containers-tmpwatch"
+        job: "/var/lib/openstack/cron/containers-tmpwatch"
 
 - name: Configure logrotate_crond
   become: true
diff --git a/roles/edpm_logrotate_crond/tasks/install.yml b/roles/edpm_logrotate_crond/tasks/install.yml
@@ -18,6 +18,8 @@
 - name: Gather local facts
   ansible.builtin.setup:
     gather_subset:
+      - "!all"
+      - "!min"
       - "local"
 
 - name: Install cronie
