[ansible/mordred] Use the user with ID 1000

This commit updates tasks to apply permissions using UID 1000
directly. This ensures consistency across different cloud providers
where the default user (e.g.,'admin' in AWS) might already occupy
UID 1000.

Signed-off-by: Quan Zhou <quan@bitergia.com>

Author: zhquan

ansible/roles/mordred/defaults/main.yml

@@ -37,5 +37,8 @@ mordred_aliases_url: https://raw.githubusercontent.com/chaoss/grimoirelab-sirmor
 mariadb_hosts: "{{ ansible_default_ipv4.address if 'all_in_one' in groups else  hostvars[(groups['mariadb'][0])].ansible_default_ipv4.address }}"
 opensearch_host: "{{ ansible_default_ipv4.address if 'all_in_one' in groups else  hostvars[(groups['opensearch_manager'][0])].ansible_default_ipv4.address }}"
 
+grimoire_user: grimoire
+grimoire_group: grimoire
+
 docker_network_name: bap_network
 docker_log_max_size: 500m

ansible/roles/mordred/tasks/configure.yml

@@ -21,8 +21,8 @@
   file:
     path: "{{ item }}"
     state: directory
-    owner: grimoire
-    group: grimoire
+    owner: "{{ grimoire_user }}"
+    group: "{{ grimoire_group }}"
     mode: 0750
     recurse: true
   with_items:
@@ -36,12 +36,26 @@
     path: "{{ mordred_ssh_dir }}/id_rsa"
   register: sshkey
 
+- name: Create SSH key pair
+  openssh_keypair:
+    path: "/home/{{ grimoire_user }}/.ssh/id_rsa"
+    type: rsa
+    size: 4096
+    owner: "{{ grimoire_user }}"
+    group: "{{ grimoire_group }}"
+    mode: '0600'
+    state: present
+  when:
+    - not sshkey.stat.exists
+    - mordred_ssh_key is not defined
+    - grimoire_user_ssh_key is defined and not grimoire_user_ssh_key
+
 - name: Copy a custom SSH key pair
   copy:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
-    owner: grimoire
-    group: grimoire
+    owner: "{{ grimoire_user }}"
+    group: "{{ grimoire_group }}"
     mode: "{{ item.mode }}"
   loop:
     - src: "{{ mordred_ssh_key.private }}"
@@ -58,13 +72,13 @@
   copy:
     src: "{{ item.src }}"
     dest: "{{ item.dest }}"
-    owner: grimoire
-    group: grimoire
+    owner: "{{ grimoire_user }}"
+    group: "{{ grimoire_group }}"
     remote_src: true
   loop:
-    - src: "/home/grimoire/.ssh/id_rsa"
+    - src: "/home/{{ grimoire_user }}/.ssh/id_rsa"
       dest: "{{ mordred_ssh_dir }}/id_rsa"
-    - src: "/home/grimoire/.ssh/id_rsa.pub"
+    - src: "/home/{{ grimoire_user }}/.ssh/id_rsa.pub"
       dest: "{{ mordred_ssh_dir }}/id_rsa.pub"
   when:
     - not sshkey.stat.exists
@@ -109,7 +123,7 @@
 
 - name: Checkout mordred setups repo
   become: true
-  become_user: grimoire
+  become_user: "{{ grimoire_user }}"
   git:
     repo: "{{ mordred_setups_repo_url }}"
     dest: "{{ mordred_setups_dir }}"

ansible/roles/mordred/tasks/configure_instance.yml

@@ -10,8 +10,8 @@
   file:
     state: directory
     path: "{{ item }}"
-    owner: grimoire
-    group: grimoire
+    owner: "{{ grimoire_user }}"
+    group: "{{ grimoire_group }}"
     mode: '0774'
   with_items:
     - "{{ instance_dir }}/conf"
@@ -34,15 +34,15 @@
   copy:
     src: "/tmp/{{ instance.tenant }}_aliases.json"
     dest: "{{ instance_dir }}/conf/aliases.json"
-    owner: grimoire
-    group: grimoire
+    owner: "{{ grimoire_user }}"
+    group: "{{ grimoire_group }}"
     mode: '0640'
   delegate_to: "{{ groups['all_in_one'][0] | default(groups['mordred'][instance.mordred.host]) }}"
   run_once: true
 
 - name: "Checkout {{ instance.project }} sources repo"
   become: true
-  become_user: grimoire
+  become_user: "{{ grimoire_user }}"
   git:
     repo: "{{ instance.mordred.sources_repository }}"
     dest: "{{ instance_dir }}/sources"
@@ -55,8 +55,8 @@
   file:
     state: directory
     path: "{{ instance_dir }}/sources"
-    owner: grimoire
-    group: grimoire
+    owner: "{{ grimoire_user }}"
+    group: "{{ grimoire_group }}"
     mode: '0774'
   delegate_to: "{{ groups['all_in_one'][0] | default(groups['mordred'][instance.mordred.host]) }}"
   run_once: true

ansible/roles/mordred/tasks/main.yml

@@ -1,17 +1,38 @@
 ---
 
+- name: Get the user with UID 1000
+  command: "id -nu 1000"
+  register: current_uid_1000_user
+  failed_when: false
+  changed_when: false
+
+- name: Show the user with UID 1000
+  debug:
+    msg: "The UID 1000 is owned by user: {{ current_uid_1000_user.stdout }}"
+  when: current_uid_1000_user.rc == 0
+
+- name: Set grimoire_user and grimoire_group facts based on UID 1000 ownership
+  set_fact:
+    grimoire_user: "{{ current_uid_1000_user.stdout }}"
+    grimoire_group: 1000
+    grimoire_user_ssh_key: false
+  when: current_uid_1000_user.rc == 0
+
 - name: Create group grimoire
   group:
-    name: grimoire
+    name: "{{ grimoire_group }}"
     state: present
+  when: current_uid_1000_user.rc != 0
 
 - name: Create user grimoire
   user:
-    name: grimoire
-    groups: grimoire
+    name: "{{ grimoire_user }}"
+    groups: "{{ grimoire_group }}"
+    uid: 1000
     generate_ssh_key: yes
     ssh_key_bits: 4096
     ssh_key_file: .ssh/id_rsa
+  when: current_uid_1000_user.rc != 0
 
 - name: Configure Mordred
   import_tasks: configure.yml

ansible/roles/mordred/templates/gitconfig.j2

@@ -1,4 +1,5 @@
 [safe]
+    directory = {{ mordred_setups_dir }}
 {% for instance in instances %}
     directory = {{ mordred_instances_dir }}/{{ instance.project }}/sources
 {% endfor %}

ansible/roles/mordred/templates/mordred_logrotate.j2

@@ -7,6 +7,6 @@
     notifempty
     delaycompress
     compress
-    create 0640 grimoire grimoire
+    create 0640 {{ grimoire_user }} {{ grimoire_group }}
     copytruncate
 }