Chmod temp dirs created on localhost

After remove become:no statements on local_action tasks,
we need to ensure that the proper file permssions are
applied to local temp directories.

This reason for this is that the 'fetch' module
does not use 'become' for the localhost, just the remote
host.

Additionally, users may not wish for the localhost to
become during a fetch.  local_action will execute with
whatever permissions are specified in inventory or via
cli.

playbooks/common/openshift-cluster/upgrades/create_service_signer_cert.yml

@@ -10,6 +10,11 @@
     changed_when: false
     when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
 
+  - name: Chmod local temp directory
+    local_action: command chmod 777 "{{ local_cert_sync_tmpdir.stdout }}"
+    changed_when: false
+    when: not (hostvars[groups.oo_first_master.0].service_signer_cert_stat.stat.exists | bool)
+
 - name: Create service signer certificate
   hosts: oo_first_master
   tasks:

playbooks/openshift-etcd/private/embedded2external.yml

@@ -90,6 +90,10 @@
     register: g_etcd_client_mktemp
     changed_when: False
 
+  - name: Chmod local temp directory for syncing etcd backup
+    local_action: command chmod 777 "{{ g_etcd_client_mktemp.stdout }}"
+    changed_when: False
+
   - import_role:
       name: etcd
       tasks_from: backup.fetch.yml

playbooks/openshift-etcd/private/redeploy-ca.yml

@@ -33,6 +33,10 @@
     register: g_etcd_mktemp
     changed_when: false
 
+  - name: Chmod local temp directory for syncing certs
+    local_action: command chmod 777 "{{ g_etcd_mktemp.stdout }}"
+    changed_when: false
+
 - name: Distribute etcd CA to etcd hosts
   hosts: oo_etcd_to_config
   tasks:

playbooks/openshift-master/private/redeploy-openshift-ca.yml

@@ -132,6 +132,10 @@
     register: g_master_mktemp
     changed_when: false
 
+  - name: Chmod local temp directory for syncing certs
+    local_action: command chmod 777 "{{ g_master_mktemp.stdout }}"
+    changed_when: false
+
 - name: Retrieve OpenShift CA
   hosts: oo_first_master
   vars:

roles/openshift_examples/tasks/main.yml

@@ -16,8 +16,8 @@
   register: copy_examples_mktemp
   run_once: True
 
-- name: Create local temp dir for OpenShift examples copy
-  local_action: command chmod 755 "{{ copy_examples_mktemp.stdout }}"
+- name: Chmod local temp dir for OpenShift examples copy
+  local_action: command chmod 777 "{{ copy_examples_mktemp.stdout }}"
   run_once: True
 
 - name: Create tar of OpenShift examples
@@ -27,7 +27,7 @@
     # Consider using unarchive module rather than running tar
     warn: no
 
-- name: Create local temp dir for OpenShift examples copy
+- name: Chmod local temp dir for OpenShift examples copy
   local_action: command chmod 744 "{{ copy_examples_mktemp.stdout }}/openshift-examples.tar"
   run_once: True
 

roles/openshift_hosted_templates/tasks/main.yml

@@ -6,8 +6,8 @@
   # AUDIT:changed_when: not set here because this task actually
   # creates something
 
-- name: Create local temp dir for OpenShift examples copy
-  local_action: command chmod 755 "{{ copy_hosted_templates_mktemp.stdout }}"
+- name: Chmod local temp dir for OpenShift examples copy
+  local_action: command chmod 777 "{{ copy_hosted_templates_mktemp.stdout }}"
   run_once: True
 
 - name: Create tar of OpenShift examples
@@ -17,7 +17,7 @@
     # Consider using unarchive module rather than running tar
     warn: no
 
-- name: Create local temp dir for OpenShift examples copy
+- name: Chmod local tar of OpenShift examples
   local_action: command chmod 744 "{{ copy_hosted_templates_mktemp.stdout }}/openshift-hosted-templates.tar"
   run_once: True
 

roles/openshift_logging/tasks/main.yaml

@@ -18,6 +18,11 @@
   changed_when: False
   check_mode: no
 
+- name: Chmod local temp directory for doing work in
+  local_action: command chmod 777 "{{ local_tmp.stdout }}"
+  changed_when: False
+  check_mode: no
+
 - include_tasks: install_logging.yaml
   when:
     - openshift_logging_install_logging | default(false) | bool

roles/openshift_master_certificates/tasks/main.yml

@@ -121,6 +121,11 @@
   changed_when: False
   when: master_certs_missing | bool
 
+- name: Chmod local temp directory for syncing certs
+  local_action: command chmod 777 "{{ g_master_certs_mktemp.stdout }}"
+  changed_when: False
+  when: master_certs_missing | bool
+
 - name: Create a tarball of the master certs
   command: >
     tar -czvf {{ openshift_master_generated_config_dir }}.tgz