set become: true when cleaning up ipa hosts

The cli-cleanup-ipa.yaml script is supposed to invoke a module that cleans up IPA. This module is run on the ansible_host as the ansible_user, which in most cases is stack. The stack user doesn't have permissions to view the keytab needed to access FreeIPA, so we'll get failures like this without become: true: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639107): No credentials cache found We should include become: true so that priviledge escalation allows the user to read the keytab. If they can't, then we should fail anyway and they can invoke the command as the tripleo-admin user. Change-Id: Ibb73c659aa1c7a9a7e5284c4f53bd23b13df25e2
2020-04-02 14:36:12 +00:00 · 2020-04-02 14:36:12 +00:00 · b8687d4db6
commit b8687d4db6
parent f8cf6b6fc2
1 changed files with 1 additions and 0 deletions
--- a/tripleo_ipa/roles/tripleo_ipa_cleanup/tasks/main.yml
+++ b/tripleo_ipa/roles/tripleo_ipa_cleanup/tasks/main.yml
@ -27,3 +27,4 @@
    principal: "{{ tripleo_ipa_principal }}"
    keytab: "{{ tripleo_ipa_keytab }}"
    hosts: "{{ tripleo_ipa_hosts_to_delete }}"
+  become: true