From 6aa240c16ba7a02ff01dd04a16c8a62291a8bc64 Mon Sep 17 00:00:00 2001 From: Haitao Pan Date: Fri, 19 Jun 2026 18:56:47 +0800 Subject: [PATCH] fix(permissions): add missing become:true to all cross-platform /usr/local/bin writes --- roles/cloud_cli_prereqs/tasks/linux.yml | 1 + roles/vhosts/acp_server_gemini/tasks/config.yml | 1 + roles/vhosts/k8s-node/tasks/system_config.yml | 1 + roles/vhosts/modern_it_history/tasks/main.yml | 1 + roles/vhosts/otel-collector/tasks/main.yml | 1 + roles/vhosts/process_exporter/tasks/main.yml | 1 + roles/vhosts/prometheus/tasks/main.yml | 1 + roles/vhosts/vault/tasks/main.yml | 1 + 8 files changed, 8 insertions(+) diff --git a/roles/cloud_cli_prereqs/tasks/linux.yml b/roles/cloud_cli_prereqs/tasks/linux.yml index b821c54..d7badb1 100644 --- a/roles/cloud_cli_prereqs/tasks/linux.yml +++ b/roles/cloud_cli_prereqs/tasks/linux.yml @@ -85,6 +85,7 @@ when: - cloud_cli_prereqs_install_gcloud_cli | bool - not ansible_check_mode + become: true - name: Verify Azure CLI on Linux ansible.builtin.command: az version diff --git a/roles/vhosts/acp_server_gemini/tasks/config.yml b/roles/vhosts/acp_server_gemini/tasks/config.yml index 3a53c78..144b6b2 100644 --- a/roles/vhosts/acp_server_gemini/tasks/config.yml +++ b/roles/vhosts/acp_server_gemini/tasks/config.yml @@ -47,6 +47,7 @@ mode: "0755" notify: Restart acp gemini when: not (acp_gemini_bridge_use_prebuilt | bool) + become: true - name: Restore immutable flag on Gemini bridge binary ansible.builtin.command: diff --git a/roles/vhosts/k8s-node/tasks/system_config.yml b/roles/vhosts/k8s-node/tasks/system_config.yml index ef50fe2..e39c857 100644 --- a/roles/vhosts/k8s-node/tasks/system_config.yml +++ b/roles/vhosts/k8s-node/tasks/system_config.yml @@ -27,6 +27,7 @@ hostnamectl set-hostname "{{ inventory_hostname }}" hostname "{{ inventory_hostname }}" echo -n "{{ inventory_hostname }}" > /etc/hostname + become: true - name: Create systemd service copy: diff --git a/roles/vhosts/modern_it_history/tasks/main.yml b/roles/vhosts/modern_it_history/tasks/main.yml index 43604b3..5e151f2 100644 --- a/roles/vhosts/modern_it_history/tasks/main.yml +++ b/roles/vhosts/modern_it_history/tasks/main.yml @@ -55,6 +55,7 @@ owner: root group: root mode: "0755" + become: true - name: Install Modern IT History update service ansible.builtin.template: diff --git a/roles/vhosts/otel-collector/tasks/main.yml b/roles/vhosts/otel-collector/tasks/main.yml index 81cd497..2d5e81f 100644 --- a/roles/vhosts/otel-collector/tasks/main.yml +++ b/roles/vhosts/otel-collector/tasks/main.yml @@ -45,6 +45,7 @@ mode: '0755' remote_src: true when: inventory_hostname in groups[group] + become: true - name: Remove otelcol-contrib archive ansible.builtin.file: diff --git a/roles/vhosts/process_exporter/tasks/main.yml b/roles/vhosts/process_exporter/tasks/main.yml index 8c4dea9..25d688b 100644 --- a/roles/vhosts/process_exporter/tasks/main.yml +++ b/roles/vhosts/process_exporter/tasks/main.yml @@ -31,6 +31,7 @@ mode: '0755' remote_src: true when: inventory_hostname in groups[group] + become: true - name: Remove process-exporter archive ansible.builtin.file: diff --git a/roles/vhosts/prometheus/tasks/main.yml b/roles/vhosts/prometheus/tasks/main.yml index 49927cc..9fb0cb4 100644 --- a/roles/vhosts/prometheus/tasks/main.yml +++ b/roles/vhosts/prometheus/tasks/main.yml @@ -69,6 +69,7 @@ - prometheus - promtool when: inventory_hostname in groups[group] + become: true - name: Create default file_sd config ansible.builtin.template: diff --git a/roles/vhosts/vault/tasks/main.yml b/roles/vhosts/vault/tasks/main.yml index 083b7f6..2f33db4 100755 --- a/roles/vhosts/vault/tasks/main.yml +++ b/roles/vhosts/vault/tasks/main.yml @@ -44,6 +44,7 @@ - vault_deploy_mode == "standalone" - ansible_os_family != 'Darwin' - vault_binary_check.rc != 0 or (vault_binary_check.stdout | default('')) is not search(vault_version) + become: true - name: Ensure standalone Vault directories exist ansible.builtin.file: