Create Azimuth user outside of image build #251
Conversation
assumptionsandg
force-pushed
the
azimuth-user-create
branch
from
5534038 to
651f0b3
Compare
assumptionsandg
force-pushed
the
azimuth-user-create
branch
from
651f0b3 to
0884213
Compare
ansible/roles/linux-data-volumes/files/data-volumes-configure-volume.yml
Outdated
Show resolved
Hide resolved
The reason we did it like this was to ensure the user was created before the /data mountpoint permissions are setup and after the volume is mounted. Though maybe we can change the mount-point permissions in the user role instead. |
|
I would be equally happy with splitting this logic into two roles - one that runs before data volumes and is responsible for creating the user and one that runs after and is responsible for configuring the home. Chowning in a role that runs after data volumes also sounds reasonable though. The responsibility of the data volumes role is to identify volumes, format and mount them at the correct place. It shouldn't have any knowledge of what those volumes are used for I think. I have a preference for many small roles that have one responsibility, so a new role that is responsible for setting up the |
|
Possibly the data-volumes role shouldn't even chown the directories itself - it should just identity, format and mount them for |
I've pushed some initial changes for this up at 0f006d2, though maybe this should be in another change. |
| - name: Ensure the Azimuth user is created | ||
| ansible.builtin.user: | ||
| name: "azimuth" | ||
| uid: "{{ azimuth_uid }}" | ||
| shell: "/bin/bash" | ||
| become: true | ||
|
|
||
| - name: Ensure the Azimuth group has the correct GID | ||
| ansible.builtin.group: | ||
| name: "azimuth" | ||
| gid: "{{ azimuth_gid }}" | ||
| become: true |
There was a problem hiding this comment.
Should we create/update the group first, then specify the GID in the ansible.builtin.user call, rather than relying on the group auto-creation?
There was a problem hiding this comment.
I don't think there is a GID option in the user module. Though i suppose we could create the group first, and then specify the group name in the user call.
There was a problem hiding this comment.
Lets create the group first, then reference it in the user creation.
There was a problem hiding this comment.
My mistake r.e. GID, but as you say you can do it using the group name. Better to be explicit I think.
| create: true | ||
| marker: "" | ||
| block: | | ||
| Note that this user storage (/home/azimuth) is EPHEMERAL and is removed on platform deletion, |
There was a problem hiding this comment.
This line doesn't make much sense without the context from the rest of the description in the UI metadata.
Maybe just say "The azimuth user's home directory is ephemeral ..."
There was a problem hiding this comment.
If you mean the data volume, I don't know if we're implying the home directory is there in the UI metadata description.
| - name: Ensure the Azimuth user is created | ||
| ansible.builtin.user: | ||
| name: "azimuth" | ||
| uid: "{{ azimuth_uid }}" | ||
| shell: "/bin/bash" | ||
| become: true | ||
|
|
||
| - name: Ensure the Azimuth group has the correct GID | ||
| ansible.builtin.group: | ||
| name: "azimuth" | ||
| gid: "{{ azimuth_gid }}" | ||
| become: true |
There was a problem hiding this comment.
My mistake r.e. GID, but as you say you can do it using the group name. Better to be explicit I think.
Metadata azimuth-cloud/caas-workstation#26