From 0cc2daa57d58f376cdbf7b6d87e83d2e23dc9366 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Tue, 10 Jul 2018 12:45:19 +0100
Subject: [PATCH] Fix sudoers in bootstrap-servers when user != group

In some cases we may want a configuration in which the kolla user's
primary group name is not the same as their username. Doing this
currently breaks the sudoers configuration, since user entries should
reference a user, or a group prefixed with a '%'.

There does not seem to be a good reason to give root privileges to the
entire group (which sometimes may be a shared group), so let's revert to
giving only the user root privileges.

See kayobe CI test [1] in which a different user and group were
configured, leading to permission denied when using kolla ansible.

[1] http://logs.openstack.org/53/581053/2/check/kayobe-overcloud-centos/a70168e

TrivialFix

Change-Id: I677778ebd0de58df0adfa2a8705f161ec5552283
---
 ansible/roles/baremetal/tasks/post-install.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml
index 498453a368..5c0f082e42 100644
--- a/ansible/roles/baremetal/tasks/post-install.yml
+++ b/ansible/roles/baremetal/tasks/post-install.yml
@@ -27,8 +27,8 @@
   lineinfile:
     dest: /etc/sudoers.d/kolla-ansible-users
     state: present
-    regexp: '^{{ kolla_group }}'
-    line: '{{ kolla_group }} ALL=(ALL) NOPASSWD: ALL'
+    regexp: '^{{ kolla_user }}'
+    line: '{{ kolla_user }} ALL=(ALL) NOPASSWD: ALL'
   become: True
   when: create_kolla_user_sudoers | bool