diff --git a/.ansible-lint b/.ansible-lint index bd1400abf5..0d62c3cab3 100644 --- a/.ansible-lint +++ b/.ansible-lint @@ -42,7 +42,6 @@ enable_list: skip_list: - jinja[spacing] # We don't really want to get that one. Too picky - no-changed-when # once we get the oc module we can re-enable it - - risky-file-permissions # Seems to fail on 0644 on files ?! - schema[meta] # Apparently "CentOS 9" isn't known... ?! - schema[vars] # weird issue with some "vars" in playbooks - yaml[line-length] # We have long lines, yes. diff --git a/ci/playbooks/build_runner_image.yml b/ci/playbooks/build_runner_image.yml index c5a40a882f..e8b06d9b02 100644 --- a/ci/playbooks/build_runner_image.yml +++ b/ci/playbooks/build_runner_image.yml @@ -37,6 +37,7 @@ ansible.builtin.file: path: "{{ ansible_user_dir }}/ci-framework-data/artifacts" state: directory + mode: "0755" - name: Create EDPM ansible var file ansible.builtin.copy: diff --git a/ci/playbooks/collect-logs.yml b/ci/playbooks/collect-logs.yml index 23d9aa1a5e..d6e5b83a17 100644 --- a/ci/playbooks/collect-logs.yml +++ b/ci/playbooks/collect-logs.yml @@ -37,6 +37,7 @@ ansible.builtin.file: path: "{{ ansible_user_dir }}/zuul-output/logs/ci-framework-data" state: directory + mode: "0755" - name: Copy ci-framework interesting files ansible.builtin.shell: @@ -106,6 +107,7 @@ ansible.builtin.file: path: "{{ ansible_user_dir }}/zuul-output/logs/system-config/libvirt" state: directory + mode: "0755" - name: Get some of the system configurations ignore_errors: true # noqa: ignore-errors diff --git a/ci/playbooks/dump_zuul_data.yml b/ci/playbooks/dump_zuul_data.yml index 7d11164ab2..7f41832c20 100644 --- a/ci/playbooks/dump_zuul_data.yml +++ b/ci/playbooks/dump_zuul_data.yml @@ -7,6 +7,7 @@ ansible.builtin.file: path: "{{ ansible_user_dir }}/ci-framework-data/artifacts/parameters" state: directory + mode: "0775" - name: Slurp Zuul inventory test ansible.builtin.slurp: diff --git a/ci/playbooks/multinode-autohold.yml b/ci/playbooks/multinode-autohold.yml index 58990eeb5e..db5a6ecc4b 100644 --- a/ci/playbooks/multinode-autohold.yml +++ b/ci/playbooks/multinode-autohold.yml @@ -89,3 +89,4 @@ ansible.builtin.file: path: "{{ ansible_user_dir }}/crc-ci-bootstrap-skip-cleanup" state: touch + mode: "0644" diff --git a/deploy-edpm.yml b/deploy-edpm.yml index 0a3f86b94d..27b93b10a0 100644 --- a/deploy-edpm.yml +++ b/deploy-edpm.yml @@ -76,6 +76,7 @@ ansible.builtin.file: path: "{{ ansible_user_dir }}/cifmw-success" state: touch + mode: "0644" - name: Run log related tasks ansible.builtin.import_playbook: playbooks/99-logs.yml diff --git a/hooks/playbooks/ceph-deploy.yml b/hooks/playbooks/ceph-deploy.yml index a1afa68023..11c11917b9 100644 --- a/hooks/playbooks/ceph-deploy.yml +++ b/hooks/playbooks/ceph-deploy.yml @@ -62,6 +62,7 @@ # in further steps. - name: Extract and push ceph_uuid ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_basedir }}/artifacts/{{ step }}_{{ hook_name }}.yml" content: |- cifmw_ceph_conf: {{ cifmw_ceph_conf_encoded }} diff --git a/hooks/playbooks/control_plane_ceph_backends.yml b/hooks/playbooks/control_plane_ceph_backends.yml index 013c1f3222..cf9cb16cb1 100644 --- a/hooks/playbooks/control_plane_ceph_backends.yml +++ b/hooks/playbooks/control_plane_ceph_backends.yml @@ -19,6 +19,7 @@ ansible.builtin.file: path: "{{ cifmw_basedir }}/artifacts/manifests/kustomizations/controlplane" state: directory + mode: "0775" - name: Create kustomization to add Ceph as backend ansible.builtin.template: diff --git a/hooks/playbooks/control_plane_hci_pre_deploy.yml b/hooks/playbooks/control_plane_hci_pre_deploy.yml index f6924d86c3..4b8018d37a 100644 --- a/hooks/playbooks/control_plane_hci_pre_deploy.yml +++ b/hooks/playbooks/control_plane_hci_pre_deploy.yml @@ -7,6 +7,7 @@ ansible.builtin.file: path: "{{ cifmw_basedir }}/artifacts/manifests/kustomizations/controlplane" state: directory + mode: "0775" - name: Create kustomization for HCI pre deploy step ansible.builtin.copy: diff --git a/hooks/playbooks/control_plane_ironic.yml b/hooks/playbooks/control_plane_ironic.yml index 069084a58b..7f278107d2 100644 --- a/hooks/playbooks/control_plane_ironic.yml +++ b/hooks/playbooks/control_plane_ironic.yml @@ -7,6 +7,7 @@ ansible.builtin.file: path: "{{ cifmw_basedir }}/artifacts/manifests/kustomizations/controlplane" state: directory + mode: "0755" - name: Create kustomization to enable ironic ansible.builtin.copy: diff --git a/hooks/playbooks/fetch_compute_facts.yml b/hooks/playbooks/fetch_compute_facts.yml index 9b15f1dfd9..007fc2416e 100644 --- a/hooks/playbooks/fetch_compute_facts.yml +++ b/hooks/playbooks/fetch_compute_facts.yml @@ -71,6 +71,7 @@ ansible.builtin.file: path: "{{ cifmw_basedir }}/artifacts/manifests/kustomizations/{{ item }}" state: directory + mode: "0775" loop: - dataplane - controlplane diff --git a/hooks/playbooks/kustomize_cr.yml b/hooks/playbooks/kustomize_cr.yml index 3ccb111c94..2368c4dcf3 100644 --- a/hooks/playbooks/kustomize_cr.yml +++ b/hooks/playbooks/kustomize_cr.yml @@ -15,6 +15,7 @@ ansible.builtin.file: path: "{{ cifmw_kustomize_cr_artifact_dir }}" state: directory + mode: "0775" - name: Load vars from previous hooks when: cifmw_kustomize_cr_include_vars is defined diff --git a/playbooks/01-bootstrap.yml b/playbooks/01-bootstrap.yml index 3fc2cc4dd5..3e24f171f5 100644 --- a/playbooks/01-bootstrap.yml +++ b/playbooks/01-bootstrap.yml @@ -65,5 +65,6 @@ tags: - always ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_basedir|default(ansible_user_dir ~ '/ci-framework-data') }}/artifacts/parameters/custom-params.yml" content: "{{ ci_framework_params | to_nice_yaml }}" diff --git a/plugins/modules/generate_make_tasks.py b/plugins/modules/generate_make_tasks.py index 1c6ef2075e..8aa8f85605 100644 --- a/plugins/modules/generate_make_tasks.py +++ b/plugins/modules/generate_make_tasks.py @@ -38,6 +38,7 @@ ansible.builtin.file: path: "{{ ansible_user_dir }}/make_installyamls/tasks" state: directory + mode: "0775" - name: Generate make tasks generate_make_tasks: diff --git a/roles/artifacts/tasks/crc.yml b/roles/artifacts/tasks/crc.yml index d3d383ef33..0066bf9337 100644 --- a/roles/artifacts/tasks/crc.yml +++ b/roles/artifacts/tasks/crc.yml @@ -4,6 +4,7 @@ ansible.builtin.file: path: "{{ cifmw_artifacts_basedir }}/logs/crc" state: directory + mode: "0775" - name: Ensure controller knows CRC ssh keys ignore_errors: true # noqa: ignore-errors diff --git a/roles/artifacts/tasks/environment.yml b/roles/artifacts/tasks/environment.yml index 6e184e314a..604833fa98 100644 --- a/roles/artifacts/tasks/environment.yml +++ b/roles/artifacts/tasks/environment.yml @@ -3,6 +3,7 @@ tags: - always ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_artifacts_basedir }}/artifacts/ansible-vars.yml" content: "{{ vars | to_nice_yaml }}" @@ -10,6 +11,7 @@ tags: - always ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_artifacts_basedir }}/artifacts/ansible-facts.yml" content: "{{ ansible_facts | to_nice_yaml }}" diff --git a/roles/artifacts/tasks/packages.yml b/roles/artifacts/tasks/packages.yml index 3f36346718..5d0e89ca3f 100644 --- a/roles/artifacts/tasks/packages.yml +++ b/roles/artifacts/tasks/packages.yml @@ -10,5 +10,6 @@ - bootstrap - packages ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_artifacts_basedir }}/artifacts/installed-packages.yml" content: "{{ ansible_facts.packages | to_nice_yaml }}" diff --git a/roles/build_containers/molecule/hotfix/converge.yml b/roles/build_containers/molecule/hotfix/converge.yml index f5c5890b73..0a315a5f18 100644 --- a/roles/build_containers/molecule/hotfix/converge.yml +++ b/roles/build_containers/molecule/hotfix/converge.yml @@ -35,6 +35,7 @@ ansible.builtin.file: path: /tmp/rpms state: directory + mode: "0775" become: true - name: Download python3-requests RPM diff --git a/roles/build_containers/tasks/main.yml b/roles/build_containers/tasks/main.yml index e45599f14a..8f7f159fa0 100644 --- a/roles/build_containers/tasks/main.yml +++ b/roles/build_containers/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_build_containers_basedir }}/{{ item }}" state: directory + mode: "0775" loop: - tmp - artifacts diff --git a/roles/build_openstack_packages/tasks/install_dlrn.yml b/roles/build_openstack_packages/tasks/install_dlrn.yml index 265ea12325..f7e10799f0 100644 --- a/roles/build_openstack_packages/tasks/install_dlrn.yml +++ b/roles/build_openstack_packages/tasks/install_dlrn.yml @@ -64,6 +64,7 @@ ansible.builtin.file: path: '{{ cifmw_bop_build_repo_dir }}/DLRN/' state: directory + mode: "0775" - name: Remove data files from previous runs ansible.builtin.shell: diff --git a/roles/build_openstack_packages/tasks/run_dlrn.yml b/roles/build_openstack_packages/tasks/run_dlrn.yml index 1ca739e102..748d13c85c 100644 --- a/roles/build_openstack_packages/tasks/run_dlrn.yml +++ b/roles/build_openstack_packages/tasks/run_dlrn.yml @@ -97,6 +97,7 @@ ansible.builtin.file: path: "{{ cifmw_bop_build_repo_dir }}/DLRN/data/" state: directory + mode: "0775" - name: "Check for existing {{ project_name_mapped.stdout }}" # noqa: name[template] ansible.builtin.stat: diff --git a/roles/cert_manager/molecule/default/converge.yml b/roles/cert_manager/molecule/default/converge.yml index 82544004ac..ebe12221d4 100644 --- a/roles/cert_manager/molecule/default/converge.yml +++ b/roles/cert_manager/molecule/default/converge.yml @@ -68,6 +68,7 @@ ca: secretName: root-secret ansible.builtin.copy: + mode: "0644" dest: "/tmp/cmtest.yaml" content: "{{ _ca_content }}" diff --git a/roles/cert_manager/tasks/main.yml b/roles/cert_manager/tasks/main.yml index e27903fb07..ca7d0262b2 100644 --- a/roles/cert_manager/tasks/main.yml +++ b/roles/cert_manager/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_cert_manager_manifests_dir }}" state: directory + mode: "0775" - name: Create the cifmw_cert_manager_operator_namespace namespace" kubernetes.core.k8s: diff --git a/roles/ci_local_storage/tasks/main.yml b/roles/ci_local_storage/tasks/main.yml index b4d39b739c..24a58877bc 100644 --- a/roles/ci_local_storage/tasks/main.yml +++ b/roles/ci_local_storage/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_cls_manifests_dir }}" state: directory + mode: "0775" - name: Create the cifmw_cls_namespace namespace" kubernetes.core.k8s: diff --git a/roles/ci_metallb/tasks/metallb_k8s_install.yml b/roles/ci_metallb/tasks/metallb_k8s_install.yml index f21b513b12..f841c9f98c 100644 --- a/roles/ci_metallb/tasks/metallb_k8s_install.yml +++ b/roles/ci_metallb/tasks/metallb_k8s_install.yml @@ -25,6 +25,7 @@ - name: Save k8s metallb OLM manifests as artifacts ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_ci_metallb_manifests_dir }}/metallb-{{ item.kind | lower }}-olm.yaml" content: "{{ item | to_nice_yaml }}" loop: diff --git a/roles/ci_netconfig/tasks/main.yml b/roles/ci_netconfig/tasks/main.yml index fa789cfcad..f19327b9c0 100644 --- a/roles/ci_netconfig/tasks/main.yml +++ b/roles/ci_netconfig/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_ci_netconfig_manifests_dir }}" state: directory + mode: "0775" - name: Create network config definitions in manifest dir vars: diff --git a/roles/ci_nmstate/tasks/nmstate_k8s_install.yml b/roles/ci_nmstate/tasks/nmstate_k8s_install.yml index ac312d5002..10a15ad3c6 100644 --- a/roles/ci_nmstate/tasks/nmstate_k8s_install.yml +++ b/roles/ci_nmstate/tasks/nmstate_k8s_install.yml @@ -15,6 +15,7 @@ - name: Save k8s nmstate OLM manifests as artifacts ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_ci_nmstate_manifests_dir }}/nmstate-{{ item.kind | lower }}-olm.yaml" content: "{{ item | to_nice_yaml }}" loop: @@ -58,6 +59,7 @@ - name: Save nmstate operator config as an artifact ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_ci_nmstate_manifests_dir }}/nmstate-{{ cifmw_ci_nmstate_operator_config.kind | lower }}-olm.yaml" content: "{{ cifmw_ci_nmstate_operator_config | to_nice_yaml }}" diff --git a/roles/ci_nmstate/tasks/nmstate_k8s_provision_node.yml b/roles/ci_nmstate/tasks/nmstate_k8s_provision_node.yml index 1e5564b1c7..fe1b28d0d0 100644 --- a/roles/ci_nmstate/tasks/nmstate_k8s_provision_node.yml +++ b/roles/ci_nmstate/tasks/nmstate_k8s_provision_node.yml @@ -20,6 +20,7 @@ - name: Save k8s nmstate nncp manifests as artifacts ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_ci_nmstate_manifests_dir }}/{{ item }}-nncp.yaml" content: "{{ _cifmw_ci_nmstate_k8s_node_config | to_nice_yaml }}" diff --git a/roles/ci_nmstate/tasks/nmstate_unmanaged_provision_node.yml b/roles/ci_nmstate/tasks/nmstate_unmanaged_provision_node.yml index 7bc9e8d4ab..470811463b 100644 --- a/roles/ci_nmstate/tasks/nmstate_unmanaged_provision_node.yml +++ b/roles/ci_nmstate/tasks/nmstate_unmanaged_provision_node.yml @@ -28,6 +28,7 @@ - name: "Save nmstate state for {{ cifmw_ci_nmstate_unmanaged_host }}" ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_ci_nmstate_configs_dir }}/{{ cifmw_ci_nmstate_unmanaged_host }}-state.yaml" content: "{{ cifmw_ci_nmstate_unmanaged_node_config | to_nice_yaml }}" @@ -40,5 +41,6 @@ - name: "Save nmstate debugging data for {{ cifmw_ci_nmstate_unmanaged_host }}" ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_ci_nmstate_configs_dir }}/{{ cifmw_ci_nmstate_unmanaged_host }}-final-state.yaml" content: "{{ _cifmw_ci_nmstate_unmanaged_node_state_out.state | to_nice_yaml }}" diff --git a/roles/cifmw_ceph_client/molecule/default/prepare.yml b/roles/cifmw_ceph_client/molecule/default/prepare.yml index c8e937e50f..c600d3adcf 100644 --- a/roles/cifmw_ceph_client/molecule/default/prepare.yml +++ b/roles/cifmw_ceph_client/molecule/default/prepare.yml @@ -25,3 +25,4 @@ ansible.builtin.file: path: "{{ cifmw_ceph_client_config_home | default('/etc/ceph') }}" state: "directory" + mode: "0775" diff --git a/roles/cifmw_ceph_client/tasks/edpm_service_values_post_ceph.yml b/roles/cifmw_ceph_client/tasks/edpm_service_values_post_ceph.yml index 57cbd05a84..33584ea773 100644 --- a/roles/cifmw_ceph_client/tasks/edpm_service_values_post_ceph.yml +++ b/roles/cifmw_ceph_client/tasks/edpm_service_values_post_ceph.yml @@ -21,6 +21,7 @@ - name: Write source service values to destination with modified keys ansible.builtin.copy: + mode: "0644" content: "{{ yaml_content.content | b64decode | from_yaml | combine(modified_keys, recursive=True) | to_nice_yaml }}" dest: "{{ cifmw_ceph_client_service_values_post_ceph_path_dst }}" diff --git a/roles/cifmw_ceph_client/tasks/edpm_values_post_ceph.yml b/roles/cifmw_ceph_client/tasks/edpm_values_post_ceph.yml index d4723fddf4..4e0642c481 100644 --- a/roles/cifmw_ceph_client/tasks/edpm_values_post_ceph.yml +++ b/roles/cifmw_ceph_client/tasks/edpm_values_post_ceph.yml @@ -21,6 +21,7 @@ - name: Write source values to destination with modified keys ansible.builtin.copy: + mode: "0644" content: "{{ yaml_content.content | b64decode | from_yaml | combine(modified_keys, recursive=True) | to_nice_yaml }}" dest: "{{ cifmw_ceph_client_values_post_ceph_path_dst }}" diff --git a/roles/cifmw_cephadm/tasks/export.yml b/roles/cifmw_cephadm/tasks/export.yml index dd8c77da6a..27adec4e21 100644 --- a/roles/cifmw_cephadm/tasks/export.yml +++ b/roles/cifmw_cephadm/tasks/export.yml @@ -70,6 +70,7 @@ ansible.builtin.file: path: "{{ cifmw_ceph_client_vars | dirname }}" state: directory + mode: "0755" recurse: true delegate_to: localhost when: diff --git a/roles/cifmw_cephadm/tasks/pre.yml b/roles/cifmw_cephadm/tasks/pre.yml index 1ff7c873c2..1f483a5b9d 100644 --- a/roles/cifmw_cephadm/tasks/pre.yml +++ b/roles/cifmw_cephadm/tasks/pre.yml @@ -93,6 +93,7 @@ ansible.builtin.file: path: "{{ cifmw_cephadm_config_home }}" state: directory + mode: "0755" become: true - name: Ensure specs directory exists diff --git a/roles/copy_container/tasks/main.yml b/roles/copy_container/tasks/main.yml index 6b82dc7577..8761d03dfa 100644 --- a/roles/copy_container/tasks/main.yml +++ b/roles/copy_container/tasks/main.yml @@ -3,6 +3,7 @@ ansible.builtin.file: path: "{{ cifmw_copy_ct_basedir }}/{{ item }}" state: directory + mode: "0775" loop: - artifacts - logs diff --git a/roles/devscripts/molecule/default/converge.yml b/roles/devscripts/molecule/default/converge.yml index 32acbf4b3b..2f5da825c8 100644 --- a/roles/devscripts/molecule/default/converge.yml +++ b/roles/devscripts/molecule/default/converge.yml @@ -108,11 +108,13 @@ - name: Create a dummy pull secret file ansible.builtin.copy: + mode: "0644" content: "hello world" dest: '/tmp/pull-secret' - name: Create a dummy pull secret file ansible.builtin.copy: + mode: "0644" content: "hello world" dest: '/tmp/ci_token' diff --git a/roles/edpm_build_images/tasks/install.yml b/roles/edpm_build_images/tasks/install.yml index a6e510dced..c6d665c9b5 100644 --- a/roles/edpm_build_images/tasks/install.yml +++ b/roles/edpm_build_images/tasks/install.yml @@ -21,5 +21,6 @@ ansible.builtin.file: path: "{{ cifmw_edpm_build_images_basedir }}/logs/edpm_images" state: directory + mode: "0775" tags: - bootstrap diff --git a/roles/edpm_deploy/tasks/main.yml b/roles/edpm_deploy/tasks/main.yml index c7796c78f6..cd48d9db68 100644 --- a/roles/edpm_deploy/tasks/main.yml +++ b/roles/edpm_deploy/tasks/main.yml @@ -56,6 +56,7 @@ block: - name: Create the config file ansible.builtin.copy: + mode: "0644" content: "{{ cifmw_edpm_deploy_nova_compute_extra_config }}" dest: "{{ _cifmw_edpm_deploy_nova_extra_config_file }}" diff --git a/roles/edpm_kustomize/molecule/default/prepare.yml b/roles/edpm_kustomize/molecule/default/prepare.yml index b093ed76ba..9b8d38e898 100644 --- a/roles/edpm_kustomize/molecule/default/prepare.yml +++ b/roles/edpm_kustomize/molecule/default/prepare.yml @@ -34,6 +34,7 @@ ansible.builtin.file: path: "{{ cifmw_basedir }}/artifacts/manifests/openstack/dataplane/cr" state: directory + mode: "0775" - name: Clone dummy operator # noqa: latest[git] ansible.builtin.git: @@ -43,6 +44,7 @@ - name: Copy dataplane sample ansible.builtin.copy: + mode: "0644" remote_src: true src: "{{ cifmw_basedir }}/src/openstack-operator/config/samples/dataplane_v1beta1_openstackdataplanenodeset.yaml" dest: "{{ cifmw_basedir }}/artifacts/manifests/openstack/dataplane/cr/dataplane_v1beta1_openstackdataplanenodeset.yaml" diff --git a/roles/edpm_kustomize/tasks/main.yml b/roles/edpm_kustomize/tasks/main.yml index ecd5bfa98b..8cc854f8e0 100644 --- a/roles/edpm_kustomize/tasks/main.yml +++ b/roles/edpm_kustomize/tasks/main.yml @@ -26,6 +26,7 @@ ansible.builtin.file: path: "{{ cifmw_edpm_kustomize_cr_path | dirname }}" state: directory + mode: "0775" - name: Check if there is already a kustomization register: cifmw_edpm_kustomize_kustomize_yaml_stat diff --git a/roles/env_op_images/tasks/main.yml b/roles/env_op_images/tasks/main.yml index 1a67449478..7a559f6ac2 100644 --- a/roles/env_op_images/tasks/main.yml +++ b/roles/env_op_images/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_env_op_images_dir }}/{{ item }}" state: directory + mode: "0775" loop: - artifacts - logs diff --git a/roles/hci_prepare/molecule/default/converge.yml b/roles/hci_prepare/molecule/default/converge.yml index 2fcef6ad3c..acf1860801 100644 --- a/roles/hci_prepare/molecule/default/converge.yml +++ b/roles/hci_prepare/molecule/default/converge.yml @@ -50,6 +50,7 @@ mtu: 9000 vlan: 10 ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_basedir }}/artifacts/parameters/network_info.yml" content: "{{ file_content | to_nice_yaml }}" diff --git a/roles/hci_prepare/tasks/phase1.yml b/roles/hci_prepare/tasks/phase1.yml index 9d209a9642..0aae11bb49 100644 --- a/roles/hci_prepare/tasks/phase1.yml +++ b/roles/hci_prepare/tasks/phase1.yml @@ -22,11 +22,13 @@ ansible.builtin.file: path: "{{ cifmw_hci_prepare_dataplane_dir }}" state: directory + mode: "0755" - name: Prepare EDPM network for HCI deployment when: - cifmw_hci_prepare_enable_storage_mgmt ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_hci_prepare_dataplane_dir }}/89-storage-mgmt-kustomization.yaml" content: |- apiVersion: kustomize.config.k8s.io/v1beta1 @@ -47,6 +49,7 @@ - name: Enable services needed to deploy Ceph ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_hci_prepare_dataplane_dir }}/88-hci-pre-kustomization.yaml" content: |- apiVersion: kustomize.config.k8s.io/v1beta1 diff --git a/roles/hci_prepare/tasks/phase2.yml b/roles/hci_prepare/tasks/phase2.yml index 51bea8c3e1..c859b089a9 100644 --- a/roles/hci_prepare/tasks/phase2.yml +++ b/roles/hci_prepare/tasks/phase2.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ item }}" state: directory + mode: "0775" loop: - "{{ cifmw_hci_prepare_basedir }}/artifacts" - "{{ cifmw_hci_prepare_dataplane_dir }}" @@ -68,6 +69,7 @@ - name: Create configuration to finish HCI deployment ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_hci_prepare_dataplane_dir }}/87-hci-post-kustomization.yaml" content: |- apiVersion: kustomize.config.k8s.io/v1beta1 @@ -122,5 +124,6 @@ cifmw_hci_prepare_ceph_fsid: "{{ cifmw_hci_prepare_ceph_fsid }}" when: not cifmw_hci_prepare_dryrun ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_hci_prepare_basedir }}/artifacts/parameters/hci_prepare_phase2_params.yml" content: "{{ file_content | to_nice_yaml }}" diff --git a/roles/install_ca/tasks/main.yml b/roles/install_ca/tasks/main.yml index 41b6289c03..f5ffaad4df 100644 --- a/roles/install_ca/tasks/main.yml +++ b/roles/install_ca/tasks/main.yml @@ -21,6 +21,7 @@ ansible.builtin.file: path: "{{ cifmw_install_ca_trust_dir }}" state: directory + mode: "0775" - name: Install internal CA from url when: cifmw_install_ca_url is defined diff --git a/roles/install_openstack_ca/tasks/main.yml b/roles/install_openstack_ca/tasks/main.yml index d64b0f0f81..057f177202 100644 --- a/roles/install_openstack_ca/tasks/main.yml +++ b/roles/install_openstack_ca/tasks/main.yml @@ -37,6 +37,7 @@ - name: Creating tls-ca-bundle.pem when: (ca_bundle is defined) and (ca_bundle | length > 0) ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_install_openstack_ca_dest_path }}/{{ cifmw_install_openstack_ca_file }}" content: "{{ ca_bundle }}" register: ca_bundle_file diff --git a/roles/install_yamls/tasks/main.yml b/roles/install_yamls/tasks/main.yml index a9458b4bea..a58a0c0bd7 100644 --- a/roles/install_yamls/tasks/main.yml +++ b/roles/install_yamls/tasks/main.yml @@ -20,6 +20,7 @@ ansible.builtin.file: path: "{{ item }}" state: directory + mode: "0775" loop: - "{{ cifmw_install_yamls_out_dir }}" - "{{ cifmw_install_yamls_tasks_out }}" @@ -72,6 +73,7 @@ ansible.builtin.file: path: "{{ cifmw_install_yamls_out_dir }}" state: directory + mode: "0775" - name: Ensure user cifmw_install_yamls_vars contains existing Makefile variables vars: diff --git a/roles/kustomize_deploy/molecule/flexible_loop/prepare.yml b/roles/kustomize_deploy/molecule/flexible_loop/prepare.yml index 1f2b39c082..77004763ab 100644 --- a/roles/kustomize_deploy/molecule/flexible_loop/prepare.yml +++ b/roles/kustomize_deploy/molecule/flexible_loop/prepare.yml @@ -38,6 +38,7 @@ - name: Create fake kubeconfig ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_openshift_kubeconfig }}" content: | {} diff --git a/roles/kustomize_deploy/tasks/execute_step.yml b/roles/kustomize_deploy/tasks/execute_step.yml index 00c8f22049..28f81b95c3 100644 --- a/roles/kustomize_deploy/tasks/execute_step.yml +++ b/roles/kustomize_deploy/tasks/execute_step.yml @@ -157,6 +157,7 @@ when: - _val.src_file is defined ansible.builtin.copy: + mode: "0644" backup: true remote_src: true src: >- diff --git a/roles/libvirt_manager/tasks/deploy_edpm_compute.yml b/roles/libvirt_manager/tasks/deploy_edpm_compute.yml index fbca5e80db..483d59e093 100644 --- a/roles/libvirt_manager/tasks/deploy_edpm_compute.yml +++ b/roles/libvirt_manager/tasks/deploy_edpm_compute.yml @@ -24,6 +24,7 @@ ansible.builtin.file: path: "{{ item }}" state: directory + mode: "0775" loop: - "{{ cifmw_libvirt_manager_basedir }}/workload" - "{{ cifmw_libvirt_manager_basedir }}/artifacts/edpm_compute" diff --git a/roles/manage_secrets/molecule/ci_token/converge.yml b/roles/manage_secrets/molecule/ci_token/converge.yml index da11503d15..083d739ac9 100644 --- a/roles/manage_secrets/molecule/ci_token/converge.yml +++ b/roles/manage_secrets/molecule/ci_token/converge.yml @@ -22,6 +22,7 @@ tasks: - name: Inject fake pull_secret ansible.builtin.copy: + mode: "0644" dest: "/tmp/yodel" content: >- sha256~abcdefg1234-ABEFGRsd3 diff --git a/roles/manage_secrets/molecule/kube/converge.yml b/roles/manage_secrets/molecule/kube/converge.yml index cef46df5a0..ef9d6e69d7 100644 --- a/roles/manage_secrets/molecule/kube/converge.yml +++ b/roles/manage_secrets/molecule/kube/converge.yml @@ -22,6 +22,7 @@ tasks: - name: Inject fake kubeconfig ansible.builtin.copy: + mode: "0644" dest: "/tmp/yodel" content: >- - name: admin diff --git a/roles/manage_secrets/molecule/pull_secret/converge.yml b/roles/manage_secrets/molecule/pull_secret/converge.yml index b85ab06d9e..cdcecfd070 100644 --- a/roles/manage_secrets/molecule/pull_secret/converge.yml +++ b/roles/manage_secrets/molecule/pull_secret/converge.yml @@ -22,6 +22,7 @@ tasks: - name: Inject fake pull_secret ansible.builtin.copy: + mode: "0644" dest: "/tmp/yodel" content: >- {"auths": {"my_cloud": diff --git a/roles/manage_secrets/tasks/dataplane_ssh.yml b/roles/manage_secrets/tasks/dataplane_ssh.yml index d7b13af4f5..98e83e0427 100644 --- a/roles/manage_secrets/tasks/dataplane_ssh.yml +++ b/roles/manage_secrets/tasks/dataplane_ssh.yml @@ -38,6 +38,7 @@ ansible.builtin.file: path: "{{ cifmw_manage_secrets_basedir }}/artifacts" state: directory + mode: "0775" - name: Create keypair vars: diff --git a/roles/manage_secrets/tasks/osp_secrets.yml b/roles/manage_secrets/tasks/osp_secrets.yml index 9356197ae4..b65a978112 100644 --- a/roles/manage_secrets/tasks/osp_secrets.yml +++ b/roles/manage_secrets/tasks/osp_secrets.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_manage_secrets_ospsecrets_manifests_dest }}" state: directory + mode: "0775" - name: Create the namespace kubernetes.core.k8s: diff --git a/roles/nat64_appliance/molecule/default/converge.yml b/roles/nat64_appliance/molecule/default/converge.yml index 9a74499008..014a76bf83 100644 --- a/roles/nat64_appliance/molecule/default/converge.yml +++ b/roles/nat64_appliance/molecule/default/converge.yml @@ -70,6 +70,7 @@ ansible.builtin.file: path: "{{ cifmw_basedir }}/logs" state: directory + mode: "0755" recurse: true owner: "{{ ansible_user_id }}" group: "{{ ansible_user_gid }}" @@ -79,6 +80,7 @@ ansible.builtin.file: path: "{{ cifmw_basedir }}/nat64_appliance" state: directory + mode: "0755" recurse: true owner: "{{ ansible_user_id }}" group: "{{ ansible_user_gid }}" diff --git a/roles/openshift_login/molecule/login_file_pwd_no_kubeconfig/converge.yml b/roles/openshift_login/molecule/login_file_pwd_no_kubeconfig/converge.yml index 90be89b3e2..c8d0ef948d 100644 --- a/roles/openshift_login/molecule/login_file_pwd_no_kubeconfig/converge.yml +++ b/roles/openshift_login/molecule/login_file_pwd_no_kubeconfig/converge.yml @@ -32,6 +32,7 @@ ansible.builtin.file: path: "{{ cifmw_openshift_password_file | dirname }}" state: directory + mode: "0755" - name: Create the kubeadmin password file ansible.builtin.copy: diff --git a/roles/openshift_login/tasks/main.yml b/roles/openshift_login/tasks/main.yml index 77708e6461..1c2cf634ef 100644 --- a/roles/openshift_login/tasks/main.yml +++ b/roles/openshift_login/tasks/main.yml @@ -20,6 +20,7 @@ ansible.builtin.file: path: "{{ cifmw_openshift_login_basedir }}/artifacts" state: directory + mode: "0755" - name: OpenShift login ansible.builtin.include_tasks: diff --git a/roles/openshift_provisioner_node/tasks/main.yml b/roles/openshift_provisioner_node/tasks/main.yml index f017b383d9..c9375e8e1e 100644 --- a/roles/openshift_provisioner_node/tasks/main.yml +++ b/roles/openshift_provisioner_node/tasks/main.yml @@ -20,6 +20,7 @@ ansible.builtin.file: path: "{{ cifmw_opn_artifacts_dir }}" state: directory + mode: "0755" delegate_to: localhost - name: Add users diff --git a/roles/openshift_setup/tasks/main.yml b/roles/openshift_setup/tasks/main.yml index f71f90e8c7..8ee2ff3592 100644 --- a/roles/openshift_setup/tasks/main.yml +++ b/roles/openshift_setup/tasks/main.yml @@ -20,6 +20,7 @@ ansible.builtin.file: path: "{{ cifmw_openshift_setup_basedir }}/artifacts" state: directory + mode: "0755" - name: Fetch namespaces to create ansible.builtin.set_fact: diff --git a/roles/operator_build/tasks/main.yml b/roles/operator_build/tasks/main.yml index 5d95945eb5..a0aec86600 100644 --- a/roles/operator_build/tasks/main.yml +++ b/roles/operator_build/tasks/main.yml @@ -20,6 +20,7 @@ ansible.builtin.file: path: "{{ cifmw_operator_build_basedir }}/{{ item }}" state: directory + mode: "0755" loop: - artifacts - logs diff --git a/roles/os_must_gather/tasks/main.yml b/roles/os_must_gather/tasks/main.yml index ce005c0526..6d96acd9fc 100644 --- a/roles/os_must_gather/tasks/main.yml +++ b/roles/os_must_gather/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_os_must_gather_output_dir }}/{{ item }}" state: directory + mode: "0755" loop: - logs diff --git a/roles/ovirt/tasks/main.yml b/roles/ovirt/tasks/main.yml index 69aeeeb95d..f7090376b7 100644 --- a/roles/ovirt/tasks/main.yml +++ b/roles/ovirt/tasks/main.yml @@ -37,6 +37,7 @@ ansible.builtin.file: path: "{{ cifmw_ovirt_artifacts_basedir }}" state: directory + mode: "0755" - name: Ensure ssh key exists when: cifmw_ovirt_ssh_public_key | length > 0 @@ -91,6 +92,7 @@ cifmw_ovirt_env_prefix: "{{ cifmw_ovirt_env_prefix }}" cifmw_ovirt_vms: "{{ _vm_ip_addresses }}" ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_ovirt_artifacts_basedir }}/ovirt-vms-info.yml" content: | {{ ovirt_info | to_nice_yaml(indent=2) }} diff --git a/roles/pkg_build/templates/pkg_build_play.j2 b/roles/pkg_build/templates/pkg_build_play.j2 index b93543f631..d5f378fafc 100644 --- a/roles/pkg_build/templates/pkg_build_play.j2 +++ b/roles/pkg_build/templates/pkg_build_play.j2 @@ -21,6 +21,7 @@ {{ hostvars[inventory_hostname] | dict2items | selectattr("key", "match", "^cifmw_")|list|items2dict }} - name: Output params into a file ansible.builtin.copy: + mode: "0644" dest: "{{ ansible_user_dir }}/gating_repo/{{ cifmw_project }}_custom_params.yml" content: "{{ custom_params | to_nice_yaml }}" - name: Build package @@ -34,6 +35,7 @@ recurse: true - name: Copy logs to volume ansible.builtin.copy: + mode: "0644" remote_src: true src: "{{ item.path }}" dest: "{{ ansible_user_dir }}/logs/{{ item.path | ansible.builtin.basename }}" diff --git a/roles/registry_deploy/tasks/main.yml b/roles/registry_deploy/tasks/main.yml index be9c6558bd..51dd3d81d9 100644 --- a/roles/registry_deploy/tasks/main.yml +++ b/roles/registry_deploy/tasks/main.yml @@ -62,6 +62,7 @@ ansible.builtin.file: path: /etc/containers/registries.conf.d state: directory + mode: "0755" - name: Add the local registry to unqualified-search-registries become: true @@ -76,3 +77,4 @@ [[registry]] location = "{{ cifmw_rp_registry_ip }}:{{ cifmw_rp_registry_port }}" insecure = true + mode: "0775" diff --git a/roles/repo_setup/tasks/artifacts.yml b/roles/repo_setup/tasks/artifacts.yml index ebca6bf94b..1afb08af67 100644 --- a/roles/repo_setup/tasks/artifacts.yml +++ b/roles/repo_setup/tasks/artifacts.yml @@ -29,12 +29,14 @@ content: | {{ _repo_setup_json['full_hash'] }} dest: "{{ cifmw_repo_setup_basedir }}/artifacts/repositories/delorean.repo.md5" + mode: "0775" - name: Dump current-podified hash when using with component repo when: cifmw_repo_setup_component_name | length > 0 ansible.builtin.get_url: url: "{{ cifmw_repo_setup_dlrn_uri }}/{{ cifmw_repo_setup_os_release }}{{ cifmw_repo_setup_dist_major_version }}-{{ cifmw_repo_setup_branch }}/current-podified/delorean.repo.md5" dest: "{{ cifmw_repo_setup_basedir }}/artifacts/repositories/delorean.repo.md5" + mode: "0775" - name: Export hashes facts for further use ansible.builtin.set_fact: diff --git a/roles/repo_setup/tasks/component_repo.yml b/roles/repo_setup/tasks/component_repo.yml index 151d344654..60661567b3 100644 --- a/roles/repo_setup/tasks/component_repo.yml +++ b/roles/repo_setup/tasks/component_repo.yml @@ -4,6 +4,7 @@ ansible.builtin.get_url: url: "{{ cifmw_repo_setup_dlrn_uri }}/{{ cifmw_repo_setup_os_release }}{{ cifmw_repo_setup_dist_major_version }}-{{ cifmw_repo_setup_branch }}/component/{{ cifmw_repo_setup_component_name }}/{{ cifmw_repo_setup_component_promotion_tag }}/delorean.repo" dest: "{{ cifmw_repo_setup_output }}/{{ cifmw_repo_setup_component_name }}_{{ cifmw_repo_setup_component_promotion_tag }}_delorean.repo" + mode: "0775" - name: Rename component repo become: "{{ not cifmw_repo_setup_output.startswith(ansible_user_dir) }}" @@ -19,3 +20,4 @@ section: 'delorean-component-{{ cifmw_repo_setup_component_name }}' option: enabled value: 0 + mode: "0775" diff --git a/roles/repo_setup/tasks/install.yml b/roles/repo_setup/tasks/install.yml index 54a29d4c4b..e384f2df85 100644 --- a/roles/repo_setup/tasks/install.yml +++ b/roles/repo_setup/tasks/install.yml @@ -3,6 +3,7 @@ ansible.builtin.file: path: "{{ cifmw_repo_setup_basedir }}/{{ item }}" state: directory + mode: "0755" loop: - tmp - artifacts/repositories diff --git a/roles/repo_setup/tasks/populate_gating_repo.yml b/roles/repo_setup/tasks/populate_gating_repo.yml index 0be79bd2e5..8f54f3a05f 100644 --- a/roles/repo_setup/tasks/populate_gating_repo.yml +++ b/roles/repo_setup/tasks/populate_gating_repo.yml @@ -18,6 +18,7 @@ gpgcheck=0 priority=1 dest: "{{ cifmw_repo_setup_output }}/gating.repo" + mode: "0775" - name: Check for DLRN repo at the destination ansible.builtin.stat: diff --git a/roles/repo_setup/tasks/sync_repos.yml b/roles/repo_setup/tasks/sync_repos.yml index e6d01b4bb4..dab33b3562 100644 --- a/roles/repo_setup/tasks/sync_repos.yml +++ b/roles/repo_setup/tasks/sync_repos.yml @@ -23,6 +23,7 @@ - name: Copy generated repos to /etc/yum.repos.d directory become: true ansible.builtin.copy: + mode: "0755" remote_src: true src: "{{ cifmw_repo_setup_output }}/" dest: "/etc/yum.repos.d" diff --git a/roles/reproducer/files/pre-ci-play.yml b/roles/reproducer/files/pre-ci-play.yml index 2b9ddf5849..6bd352f20b 100644 --- a/roles/reproducer/files/pre-ci-play.yml +++ b/roles/reproducer/files/pre-ci-play.yml @@ -11,6 +11,7 @@ - name: Map networking_mapper environment to networking-info become: true ansible.builtin.copy: + mode: "0644" dest: "/etc/ci/env/networking-info.yml" content: |- crc_ci_bootstrap_networks_out: @@ -40,6 +41,7 @@ option: dns section: main value: none + mode: "0775" - name: Restart NetworkManager to ensure we apply new configuration become: true @@ -55,6 +57,7 @@ _crc_resolver: >- {{ _net_env.networks.ctlplane.tools.metallb.ipv4_ranges.0.start }} ansible.builtin.copy: + mode: "0644" dest: "/etc/resolv.conf" content: | nameserver {{ _crc_resolver }} @@ -93,9 +96,11 @@ ansible.builtin.file: path: "{{ ansible_user_dir }}/.crc/machines/crc/" state: directory + mode: "0755" - name: Copy kubeconfig ansible.builtin.copy: + mode: "0644" remote_src: true src: "{{ ansible_user_dir }}/.kube/config" dest: "{{ ansible_user_dir }}/.crc/machines/crc/kubeconfig" @@ -104,9 +109,11 @@ ansible.builtin.file: path: "{{ ansible_user_dir }}/ci-framework-data/artifacts/parameters" state: directory + mode: "0755" - name: Inject CRC hostname ansible.builtin.copy: + mode: "0644" dest: "{{ ansible_user_dir }}/ci-framework-data/artifacts/parameters/crc-hostname.yml" content: |- cifmw_crc_hostname: crc-0 diff --git a/roles/reproducer/tasks/ci_data.yml b/roles/reproducer/tasks/ci_data.yml index 12e9c5717b..5e9e814eb3 100644 --- a/roles/reproducer/tasks/ci_data.yml +++ b/roles/reproducer/tasks/ci_data.yml @@ -12,6 +12,7 @@ ansible.builtin.file: path: "{{ _reproducer_basedir }}/parameters" state: directory + mode: "0775" - name: Check if we're facing molecule job register: _is_molecule @@ -27,6 +28,7 @@ dest: "{{ _reproducer_basedir }}/zuul_inventory.yml" url: "{{ _matched_url }}/zuul-info/inventory.yaml" force: true + mode: "0775" - name: Facing non-molecule job when: diff --git a/roles/reproducer/tasks/ci_deploy_data.yml b/roles/reproducer/tasks/ci_deploy_data.yml index 964e399854..f67379ddf7 100644 --- a/roles/reproducer/tasks/ci_deploy_data.yml +++ b/roles/reproducer/tasks/ci_deploy_data.yml @@ -4,6 +4,7 @@ dest: "{{ _reproducer_basedir }}/{{ item }}" url: "{{ data_baseurl }}/{{ item }}" force: true + mode: "0775" loop: - parameters/custom-params.yml - parameters/install-yamls-params.yml diff --git a/roles/reproducer/tasks/ci_job.yml b/roles/reproducer/tasks/ci_job.yml index e6a89ed0f4..9afc8bcdef 100644 --- a/roles/reproducer/tasks/ci_job.yml +++ b/roles/reproducer/tasks/ci_job.yml @@ -35,6 +35,7 @@ ansible.builtin.copy: src: "{{ _reproducer_basedir }}/parameters/" dest: "/home/zuul/{{ job_id }}-params" + mode: "0775" - name: Inject reproducer dedicated parameter file tags: @@ -42,6 +43,7 @@ ansible.builtin.template: src: "reproducer_params.yml.j2" dest: "/home/zuul/{{ job_id }}-params/reproducer_params.yml" + mode: "0775" - name: Generate CI job playbook tags: @@ -49,6 +51,7 @@ ansible.builtin.template: dest: "{{ _cifmw_reproducer_framework_location }}/{{ job_id }}_play.yml" src: "play.yml.j2" + mode: "0775" - name: Push content-provider playbook if needed tags: @@ -59,6 +62,7 @@ ansible.builtin.template: dest: "{{ _cifmw_reproducer_framework_location }}/{{ job_id }}_content-provider.yml" src: "content-provider.yml.j2" + mode: "0775" - name: Push extracted network data on controller-0 when: @@ -68,6 +72,7 @@ ansible.builtin.copy: dest: /home/zuul/zuul-network-data.yml content: "{{ {'job_network': ci_job_networking} | to_nice_yaml}}" + mode: "0775" - name: Push pre-CI job playbook tags: @@ -75,6 +80,7 @@ ansible.builtin.copy: dest: "{{ _cifmw_reproducer_framework_location }}/pre-ci-play.yml" src: "pre-ci-play.yml" + mode: "0775" - name: Push zuul-params.yml to expected location tags: @@ -92,6 +98,7 @@ ansible.builtin.copy: dest: "/home/zuul/ci-framework-data/artifacts/parameters/zuul-params.yml" content: "{{ {'zuul': zuul_params_filtered} | to_nice_yaml }}" + mode: "0775" - name: Check for ansible logs file and rotate it tags: diff --git a/roles/reproducer/tasks/configure_computes.yml b/roles/reproducer/tasks/configure_computes.yml index 7b47151699..07b2086e0c 100644 --- a/roles/reproducer/tasks/configure_computes.yml +++ b/roles/reproducer/tasks/configure_computes.yml @@ -16,6 +16,7 @@ section: "{{ config.section | default('main') }}" state: "{{ config.state | default(omit) }}" value: "{{ config.value | default(omit) }}" + mode: "0775" loop: "{{ cifmw_reproducer_dnf_tweaks }}" loop_control: label: "{{ config.option }}" diff --git a/roles/reproducer/tasks/configure_controller.yml b/roles/reproducer/tasks/configure_controller.yml index 8f415a4a13..142b8998b5 100644 --- a/roles/reproducer/tasks/configure_controller.yml +++ b/roles/reproducer/tasks/configure_controller.yml @@ -57,6 +57,7 @@ section: "{{ config.section | default('main') }}" state: "{{ config.state | default(omit) }}" value: "{{ config.value | default(omit) }}" + mode: "0775" loop: "{{ cifmw_reproducer_dnf_tweaks }}" loop_control: label: "{{ config.option }}" @@ -133,6 +134,7 @@ when: - cifmw_libvirt_manager_mac_map is defined ansible.builtin.copy: + mode: "0644" dest: "{{ _ctl_reproducer_basedir }}/parameters/interfaces-info.yml" content: "{{ cifmw_libvirt_manager_mac_map | to_nice_yaml }}" @@ -380,6 +382,7 @@ items2dict }} ansible.builtin.copy: + mode: "0644" dest: "/home/zuul/ci-framework-data/parameters/reproducer-variables.yml" content: "{{ _filtered_vars | to_nice_yaml }}" @@ -391,6 +394,7 @@ - name: Inject local environment parameters ansible.builtin.copy: + mode: "0644" dest: "/home/zuul/ci-framework-data/parameters/openshift-environment.yml" content: |- {% raw %} diff --git a/roles/reproducer/tasks/gather_inventories.yml b/roles/reproducer/tasks/gather_inventories.yml index 4a5a4bc245..f43e51d459 100644 --- a/roles/reproducer/tasks/gather_inventories.yml +++ b/roles/reproducer/tasks/gather_inventories.yml @@ -4,6 +4,7 @@ - hostvars[host]['_inventories']['results'] is defined - _data.skipped is undefined or not _data.skipped ansible.builtin.copy: + mode: "0644" dest: >- {{ (cifmw_reproducer_basedir, 'reproducer-inventory', diff --git a/roles/reproducer/tasks/main.yml b/roles/reproducer/tasks/main.yml index c1cdd2f1e7..3814c4419a 100644 --- a/roles/reproducer/tasks/main.yml +++ b/roles/reproducer/tasks/main.yml @@ -125,6 +125,7 @@ ansible.builtin.file: path: "{{ cifmw_reproducer_basedir }}/{{ item }}" state: directory + mode: "0755" loop: - artifacts - logs diff --git a/roles/reproducer/tasks/push_code.yml b/roles/reproducer/tasks/push_code.yml index 4cbd183ce7..4702619246 100644 --- a/roles/reproducer/tasks/push_code.yml +++ b/roles/reproducer/tasks/push_code.yml @@ -114,6 +114,7 @@ ansible.builtin.file: path: "{{ item }}" state: directory + mode: "0755" loop: "{{ _destinations }}" - name: Sync local repositories to ansible controller diff --git a/roles/rhol_crc/tasks/add_crc_creds.yml b/roles/rhol_crc/tasks/add_crc_creds.yml index a0d45a6897..9335838983 100644 --- a/roles/rhol_crc/tasks/add_crc_creds.yml +++ b/roles/rhol_crc/tasks/add_crc_creds.yml @@ -19,6 +19,7 @@ block: |- eval $(crc oc-env) export KUBECONFIG="{{ cifmw_rhol_crc_kubeconfig }}" + mode: "0775" - name: Source bashrc and confirm crc login ansible.builtin.shell: | diff --git a/roles/rhol_crc/tasks/binary.yml b/roles/rhol_crc/tasks/binary.yml index f996160ba4..1df0cb3837 100644 --- a/roles/rhol_crc/tasks/binary.yml +++ b/roles/rhol_crc/tasks/binary.yml @@ -31,6 +31,7 @@ url: "{{ cifmw_rhol_crc_base_url }}/{{ cifmw_rhol_crc_tarball_name }}" dest: "{{ rhol_crc_download_tmp_directory.path }}/{{ cifmw_rhol_crc_tarball_name }}" checksum: sha256:{{ cifmw_rhol_crc_base_url }}/{{ cifmw_rhol_crc_tarball_checksum_name }} + mode: "0775" - name: Unarchive RHOL/CRC binary become: true diff --git a/roles/run_hook/molecule/default/prepare.yml b/roles/run_hook/molecule/default/prepare.yml index 2501edc6c7..b024ab763a 100644 --- a/roles/run_hook/molecule/default/prepare.yml +++ b/roles/run_hook/molecule/default/prepare.yml @@ -21,6 +21,7 @@ tasks: - name: Create dummy env file ansible.builtin.copy: + mode: "0644" dest: /tmp/dummy-env.yml content: | star: wars @@ -33,6 +34,7 @@ ansible.builtin.template: dest: "/tmp/{{ item }}" src: "dummy.yml.j2" + mode: "0775" loop: - dummy-1.yml - dummy-2.yml diff --git a/roles/run_hook/molecule/default/templates/dummy.yml.j2 b/roles/run_hook/molecule/default/templates/dummy.yml.j2 index 0326495130..75d2d485e3 100644 --- a/roles/run_hook/molecule/default/templates/dummy.yml.j2 +++ b/roles/run_hook/molecule/default/templates/dummy.yml.j2 @@ -13,6 +13,7 @@ - name: Generate some output file ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_basedir }}/artifacts/{{ step }}_{{ hook_name }}.yml" content: | {% if test_list is not none %} diff --git a/roles/set_openstack_containers/tasks/main.yml b/roles/set_openstack_containers/tasks/main.yml index 914374211c..c185280c32 100644 --- a/roles/set_openstack_containers/tasks/main.yml +++ b/roles/set_openstack_containers/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_set_openstack_containers_basedir }}/artifacts" state: directory + mode: "0775" - name: Set container tag from dlrn md5 hash file when: diff --git a/roles/shiftstack/tasks/deploy_shiftstackclient_pod.yml b/roles/shiftstack/tasks/deploy_shiftstackclient_pod.yml index 51801d207e..9599a480f0 100644 --- a/roles/shiftstack/tasks/deploy_shiftstackclient_pod.yml +++ b/roles/shiftstack/tasks/deploy_shiftstackclient_pod.yml @@ -18,6 +18,7 @@ ansible.builtin.template: src: templates/shiftstackclient_pvc.yml.j2 dest: "{{ (cifmw_shiftstack_basedir, cifmw_shiftstack_client_pvc_manifest) | path_join }}" + mode: "0775" - name: Apply the manifest for the PVC creation kubernetes.core.k8s: diff --git a/roles/shiftstack/tasks/pre_test_shiftstack.yml b/roles/shiftstack/tasks/pre_test_shiftstack.yml index 4c0a3cd9a4..8453751486 100644 --- a/roles/shiftstack/tasks/pre_test_shiftstack.yml +++ b/roles/shiftstack/tasks/pre_test_shiftstack.yml @@ -30,3 +30,4 @@ ansible.builtin.file: path: "{{ cifmw_shiftstack_basedir }}" state: directory + mode: "0775" diff --git a/roles/sushy_emulator/tasks/main.yml b/roles/sushy_emulator/tasks/main.yml index 6bba4ac7f8..a35a042c52 100644 --- a/roles/sushy_emulator/tasks/main.yml +++ b/roles/sushy_emulator/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_sushy_emulator_resource_directory }}" state: directory + mode: "0775" - name: Install required packages become: true diff --git a/roles/tempest/tasks/create-clouds-file.yml b/roles/tempest/tasks/create-clouds-file.yml index 8c7a6566c0..c094e9b5b0 100644 --- a/roles/tempest/tasks/create-clouds-file.yml +++ b/roles/tempest/tasks/create-clouds-file.yml @@ -36,3 +36,4 @@ ansible.builtin.template: src: clouds.yaml.j2 dest: "{{ cifmw_tempest_artifacts_basedir }}/clouds.yaml" + mode: "0775" diff --git a/roles/tempest/tasks/main.yml b/roles/tempest/tasks/main.yml index b4100b518c..c71d2d1b04 100644 --- a/roles/tempest/tasks/main.yml +++ b/roles/tempest/tasks/main.yml @@ -24,6 +24,7 @@ ansible.builtin.file: path: "{{ cifmw_tempest_artifacts_basedir }}" state: directory + mode: "0775" - name: Setup tempest tests ansible.builtin.include_tasks: tempest-tests.yml @@ -88,6 +89,7 @@ - name: Save logs from podman when: not cifmw_tempest_dry_run | bool ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_tempest_artifacts_basedir }}/podman_tempest.log" content: | "{{ tempest_run_output.stdout }}" diff --git a/roles/tempest/tasks/tempest-tests.yml b/roles/tempest/tasks/tempest-tests.yml index 0d100d2959..b13f3c9f46 100644 --- a/roles/tempest/tasks/tempest-tests.yml +++ b/roles/tempest/tasks/tempest-tests.yml @@ -21,6 +21,7 @@ block: - name: Copy list_allowed to artifacts dir ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_tempest_artifacts_basedir }}/list_allowed.yml" src: "list_allowed.yml" @@ -34,6 +35,7 @@ - name: Creating include.txt ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_tempest_artifacts_basedir }}/include.txt" content: "{% for test in list_allowed.allowed_tests %}{{ test }}\n{% endfor %}" @@ -48,6 +50,7 @@ block: - name: Copy list_skipped to artifacts dir ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_tempest_artifacts_basedir }}/list_skipped.yml" src: "list_skipped.yml" @@ -60,6 +63,7 @@ - name: Creating exclude.txt ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_tempest_artifacts_basedir }}/exclude.txt" content: "{% for test in list_skipped.skipped_tests %}{{ test }}\n{% endfor %}" @@ -75,6 +79,7 @@ block: - name: Creating include.txt ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_tempest_artifacts_basedir }}/include.txt" content: "{% for test in cifmw_tempest_tests_allowed %}{{ test }}\n{% endfor %}" @@ -89,6 +94,7 @@ block: - name: Creating exclude.txt ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_tempest_artifacts_basedir }}/exclude.txt" content: "{% for test in cifmw_tempest_tests_skipped %}{{ test }}\n{% endfor %}" diff --git a/roles/test_operator/tasks/create-tobiko-conf.yml b/roles/test_operator/tasks/create-tobiko-conf.yml index 505feda36a..12fb7d50c8 100644 --- a/roles/test_operator/tasks/create-tobiko-conf.yml +++ b/roles/test_operator/tasks/create-tobiko-conf.yml @@ -20,6 +20,7 @@ section: "{{ tobikoconf_section.key }}" option: "{{ tobikoconf_option.key }}" value: "{{ tobikoconf_option.value }}" + mode: "0775" loop: "{{ tobikoconf_section.value | dict2items }}" loop_control: loop_var: tobikoconf_option diff --git a/roles/test_operator/tasks/main.yml b/roles/test_operator/tasks/main.yml index f9aa5ff5b3..d11da00bab 100644 --- a/roles/test_operator/tasks/main.yml +++ b/roles/test_operator/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_test_operator_artifacts_basedir }}" state: directory + mode: "0755" recurse: true owner: "{{ ansible_user | default(lookup('env', 'USER')) }}" group: "{{ ansible_user | default(lookup('env', 'USER')) }}" diff --git a/roles/test_operator/tasks/tempest-tests.yml b/roles/test_operator/tasks/tempest-tests.yml index a6ea93a42b..5273ca1e35 100644 --- a/roles/test_operator/tasks/tempest-tests.yml +++ b/roles/test_operator/tasks/tempest-tests.yml @@ -21,6 +21,7 @@ block: - name: Copy list_allowed to artifacts dir ansible.builtin.copy: + mode: "0644" dest: "{{ cifmw_test_operator_artifacts_basedir }}/list_allowed.yml" src: "list_allowed.yml" @@ -56,6 +57,7 @@ ansible.builtin.copy: dest: "{{ cifmw_test_operator_artifacts_basedir }}/list_skipped.yml" src: "list_skipped.yml" + mode: "0775" - name: Get list of tests to be excluded tempest_list_skipped: diff --git a/roles/tofu/tasks/remote_prepare.yml b/roles/tofu/tasks/remote_prepare.yml index 31da41d340..00e4e6fa11 100644 --- a/roles/tofu/tasks/remote_prepare.yml +++ b/roles/tofu/tasks/remote_prepare.yml @@ -18,9 +18,11 @@ ansible.builtin.file: path: '{{ cifmw_tofu_dir_path }}' state: directory + mode: "0755" - name: "Copy Local Tufo Project Directory To Remote Host '{{ ansible_host }}'" ansible.builtin.copy: + mode: "0644" src: "{{ cifmw_tofu_project_path }}" dest: "{{ cifmw_tofu_dir_path }}" diff --git a/roles/update/tasks/create_test_files.yml b/roles/update/tasks/create_test_files.yml index 958a8b90ea..b1d466f127 100644 --- a/roles/update/tasks/create_test_files.yml +++ b/roles/update/tasks/create_test_files.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ cifmw_update_artifacts_basedir }}" state: directory + mode: "0755" - name: Create workload launch script ansible.builtin.template: diff --git a/roles/update_containers/tasks/main.yml b/roles/update_containers/tasks/main.yml index 653d1993ab..f866394cdb 100644 --- a/roles/update_containers/tasks/main.yml +++ b/roles/update_containers/tasks/main.yml @@ -17,6 +17,7 @@ - name: Destination directory exists ansible.builtin.file: state: directory + mode: "0755" recurse: true path: "{{ cifmw_update_containers_dest_path | dirname }}" @@ -24,6 +25,7 @@ ansible.builtin.template: src: "update_containers.j2" dest: "{{ cifmw_update_containers_dest_path }}" + mode: "0755" - name: Update the containers when: cifmw_update_containers | bool diff --git a/roles/virtualbmc/tasks/main.yml b/roles/virtualbmc/tasks/main.yml index fd225a04de..bc7aabc4db 100644 --- a/roles/virtualbmc/tasks/main.yml +++ b/roles/virtualbmc/tasks/main.yml @@ -18,7 +18,7 @@ ansible.builtin.file: path: "{{ item.key }}" state: directory - mode: "{{ item.mode | default(omit) }}" + mode: "{{ item.mode | default('0755') }}" loop: - key: "{{ cifmw_virtualbmc_sshkey_path | dirname }}" mode: "0700" diff --git a/tests/integration/targets/kustomize/tasks/main.yml b/tests/integration/targets/kustomize/tasks/main.yml index 46f590ad48..d8ef02ed10 100644 --- a/tests/integration/targets/kustomize/tasks/main.yml +++ b/tests/integration/targets/kustomize/tasks/main.yml @@ -18,6 +18,7 @@ ansible.builtin.file: path: "{{ item }}" state: directory + mode: "0755" loop: - "{{ ci_kustomize_oc_bin_path }}" - "{{ ci_kustomize_kustomize_bin_path }}" diff --git a/tests/integration/targets/kustomize/tasks/run_test_case.yml b/tests/integration/targets/kustomize/tasks/run_test_case.yml index cc8f62a93c..452dfbd907 100644 --- a/tests/integration/targets/kustomize/tasks/run_test_case.yml +++ b/tests/integration/targets/kustomize/tasks/run_test_case.yml @@ -99,6 +99,7 @@ dest: "{{ item.key }}" src: "{{ ci_kustomize_files_dir_path }}/{{ item.value }}" remote_src: true + mode: "0644" loop: "{{ _ci_kustomize_to_copy | dict2items }}" - name: "[{{ kustomize_tc_name }}] Run TC" # noqa: name[template] diff --git a/tests/integration/targets/make/tasks/ci_make.yml b/tests/integration/targets/make/tasks/ci_make.yml index eda78111e9..5174ed2f77 100644 --- a/tests/integration/targets/make/tasks/ci_make.yml +++ b/tests/integration/targets/make/tasks/ci_make.yml @@ -3,6 +3,7 @@ ansible.builtin.file: path: "/tmp/{{ item }}" state: directory + mode: "0755" loop: - artifacts - logs @@ -19,6 +20,7 @@ > @echo "This is the help thing showing ${FOO_BAR}" failing: > @exit 255 + mode: "0644" - name: Run ci_script make without any extra_args register: no_extra_args @@ -32,6 +34,7 @@ dest: /tmp/artifacts/foobar content: | I'm a useless flag in here + mode: "0755" - name: Run ci_script make with extra_args register: with_extra_args diff --git a/tests/integration/targets/script/tasks/main.yml b/tests/integration/targets/script/tasks/main.yml index 52b539dccd..375717f459 100644 --- a/tests/integration/targets/script/tasks/main.yml +++ b/tests/integration/targets/script/tasks/main.yml @@ -3,6 +3,7 @@ ansible.builtin.file: path: "/tmp/{{ item }}" state: directory + mode: "0755" loop: - artifacts - logs @@ -59,6 +60,7 @@ ansible.builtin.file: path: "/tmp/dummy/test" state: directory + mode: "0755" - name: Run using chdir option diff --git a/update-edpm.yml b/update-edpm.yml index d319b367d0..3d237f6d9b 100644 --- a/update-edpm.yml +++ b/update-edpm.yml @@ -37,6 +37,7 @@ ansible.builtin.file: path: "{{ ansible_user_dir }}/cifmw-success" state: touch + mode: "0644" - name: Run log related tasks ansible.builtin.import_playbook: playbooks/99-logs.yml