Merge pull request #7250 from ewolinetz/local_action_patch

Making patching a local_action and ensuring we become:false for local…

README.md

@@ -79,6 +79,7 @@ Additional requirements:
 Logging:
 
 - java-1.8.0-openjdk-headless
+- patch
 
 Metrics:
 

openshift-ansible.spec

@@ -29,6 +29,7 @@ Requires:      httpd-tools
 Requires:      libselinux-python
 Requires:      python-passlib
 Requires:      python2-crypto
+Requires:      patch
 
 %description
 Openshift and Atomic Enterprise Ansible
@@ -278,10 +279,10 @@ Atomic OpenShift Utilities includes
   (fabian@fabianism.us)
 
 * Thu Feb 15 2018 Justin Pierce <jupierce@redhat.com> 3.9.0-0.45.0
-- 
+-
 
 * Thu Feb 15 2018 Justin Pierce <jupierce@redhat.com> 3.9.0-0.44.0
-- 
+-
 
 * Thu Feb 15 2018 Justin Pierce <jupierce@redhat.com> 3.9.0-0.43.0
 - Changing conditional_set_fact from module to action_plugin since it does not
@@ -506,7 +507,7 @@ Atomic OpenShift Utilities includes
   (rteague@redhat.com)
 
 * Tue Jan 30 2018 Justin Pierce <jupierce@redhat.com> 3.9.0-0.33.0
-- 
+-
 
 * Tue Jan 30 2018 Justin Pierce <jupierce@redhat.com> 3.9.0-0.32.0
 - Revert "Revert "use non-deprecated REGISTRY_OPENSHIFT_SERVER_ADDR variable to
@@ -721,10 +722,10 @@ Atomic OpenShift Utilities includes
 - Clean up host-local IPAM data while nodes are drained (danw@redhat.com)
 
 * Fri Jan 12 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.19.0
-- 
+-
 
 * Fri Jan 12 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.18.0
-- 
+-
 
 * Fri Jan 12 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.17.0
 - Update latest image streams and templates (sdodson@redhat.com)
@@ -824,7 +825,7 @@ Atomic OpenShift Utilities includes
 - Add in-tree CI scripts (mgugino@redhat.com)
 
 * Wed Jan 03 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.15.0
-- 
+-
 
 * Wed Jan 03 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.14.0
 - Cast openshift_docker_use_system_container to bool (mgugino@redhat.com)
@@ -843,7 +844,7 @@ Atomic OpenShift Utilities includes
   (mgugino@redhat.com)
 
 * Tue Jan 02 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.12.0
-- 
+-
 
 * Mon Jan 01 2018 Jenkins CD Merge Bot <smunilla@redhat.com> 3.9.0-0.11.0
 - aws: Fix misnamed variable in provisioning_vars.yml.example

roles/openshift_logging/tasks/generate_jks.yaml

@@ -24,21 +24,25 @@
   local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r"
   when: elasticsearch_jks.stat.exists
   changed_when: False
+  become: false
 
 - name: Create placeholder for previously created JKS certs to prevent recreating...
   local_action: file path="{{local_tmp.stdout}}/logging-es.jks" state=touch mode="u=rw,g=r,o=r"
   when: logging_es_jks.stat.exists
   changed_when: False
+  become: false
 
 - name: Create placeholder for previously created JKS certs to prevent recreating...
   local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r"
   when: system_admin_jks.stat.exists
   changed_when: False
+  become: false
 
 - name: Create placeholder for previously created JKS certs to prevent recreating...
   local_action: file path="{{local_tmp.stdout}}/truststore.jks" state=touch mode="u=rw,g=r,o=r"
   when: truststore_jks.stat.exists
   changed_when: False
+  become: false
 
 - name: pulling down signing items from host
   fetch:
@@ -56,11 +60,13 @@
 - local_action: template src=signing.conf.j2 dest={{local_tmp.stdout}}/signing.conf
   vars:
     - top_dir: "{{local_tmp.stdout}}"
+  become: false
   when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
 
 - name: Run JKS generation script
   local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}}
   check_mode: no
+  become: false
   when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
 
 - name: Pushing locally generated JKS certs to remote host...

roles/openshift_logging/tasks/main.yaml

@@ -22,11 +22,7 @@
   register: local_tmp
   changed_when: False
   check_mode: no
-
-- name: Chmod local temp directory for doing work in
-  local_action: command chmod 777 "{{ local_tmp.stdout }}"
-  changed_when: False
-  check_mode: no
+  become: false
 
 - include_tasks: install_logging.yaml
   when:
@@ -40,3 +36,4 @@
   local_action: file path="{{local_tmp.stdout}}" state=absent
   tags: logging_cleanup
   changed_when: False
+  become: false

roles/openshift_logging/tasks/patch_configmap_file.yaml

@@ -15,27 +15,36 @@
 #                                we apply our generated patch to this file.
 # configmap_protected_lines  -- The list of variables to exclude from the diff
 
-- copy:
-    content: "{{ __configmap_output.results.results[0]['data'][configmap_current_file] }}"
-    dest: "{{ tempdir }}/current.yml"
-  when: configmap_current_file in __configmap_output.results.results[0]['data']
-
-- logging_patch:
-    original_file: "{{ tempdir }}/current.yml"
-    new_file: "{{ configmap_new_file }}"
-    whitelist: "{{ configmap_protected_lines | default([]) }}"
-  register: patch_output
-  when: configmap_current_file in __configmap_output.results.results[0]['data']
-
-- copy:
-    content: "{{ patch_output.raw_patch }}\n"
-    dest: "{{ tempdir }}/patch.patch"
-  when:
-  - patch_output.raw_patch is defined
-  - patch_output.raw_patch | length > 0
+- when:
+  - configmap_current_file in __configmap_output.results.results[0]['data']
+  block:
+  - copy:
+      content: "{{ __configmap_output.results.results[0]['data'][configmap_current_file] }}"
+      dest: "{{ tempdir }}/current.yml"
 
-- command: >
-    patch --force --quiet -u "{{ configmap_new_file }}" "{{ tempdir }}/patch.patch"
-  when:
+  - logging_patch:
+      original_file: "{{ tempdir }}/current.yml"
+      new_file: "{{ configmap_new_file }}"
+      whitelist: "{{ configmap_protected_lines | default([]) }}"
+    register: patch_output
+
+- when:
   - patch_output.raw_patch is defined
   - patch_output.raw_patch | length > 0
+  block:
+  - slurp:
+      src: "{{ configmap_new_file }}"
+    register: new_file_slurp
+
+  - local_action: copy content="{{ patch_output.raw_patch }}\n" dest={{ local_tmp.stdout }}/patch.patch
+    become: false
+
+  - local_action: copy content={{ new_file_slurp['content'] | b64decode }} dest={{ local_tmp.stdout }}/configmap_new_file
+    become: false
+
+  - local_action: command patch --force --quiet -u {{ local_tmp.stdout }}/configmap_new_file {{ local_tmp.stdout }}/patch.patch
+    become: false
+
+  - copy:
+      src: "{{ local_tmp.stdout }}/configmap_new_file"
+      dest: "{{ configmap_new_file }}"