ansible-middleware · RanabirChakraborty · Feb 19, 2025
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -11,9 +11,10 @@ on:
 
 jobs:
   ci:
-    uses: ansible-middleware/github-actions/.github/workflows/ci.yml@main
+    uses: ansible-middleware/github-actions/.github/workflows/ci.yml@rootperm
     secrets: inherit
     with:
       fqcn: 'middleware_automation/infinispan'
+      root_permission_varname: 'infinispan_install_requires_become'
       molecule_tests: >-
           [ "default" ]
diff --git a/README.md b/README.md
@@ -1,7 +1,7 @@
 # Ansible Collection - middleware_automation.infinispan
 
 <!--start build_status -->
-[![Build Status](https://github.com/ansible-middleware/infinispan/workflows/CI/badge.svg?branch=main)](https://github.com/ansible-middleware/infinispan/actions/workflows/ci.yml)
+[![Build Status](https://github.com/ansible-middleware/infinispan/workflows/CI/badge.svg)](https://github.com/ansible-middleware/infinispan/actions/workflows/ci.yml)
 
 > **_NOTE:_ If you are Red Hat customer, install `redhat.data_grid` from [Automation Hub](https://console.redhat.com/ansible/automation-hub/repo/published/redhat/data_grid/) as the certified version of this collection.**
 <!--end build_status -->

diff --git a/molecule/default/prepare.yml b/molecule/default/prepare.yml
@@ -21,7 +21,7 @@
           - sudo_pkg_name in ansible_facts.packages
 
     - name: Install requirements for tests
-      become: yes
+      become: "{{ infinispan_install_requires_become | default(true) }}"
       ansible.builtin.yum:
         name:
           - iproute

diff --git a/playbooks/infinispan.yml b/playbooks/infinispan.yml
@@ -1,15 +1,15 @@
 ---
 - name: Playbook for infinispan Hosts
   hosts: all
-  become: yes
+  become: "{{ infinispan_install_requires_become | default(true) }}"
   roles:
     - role: infinispan
       infinispan_supervisor_password: "remembertochangeme"
      infinispan_jgroups_discovery: PING
      infinispan_users: []
    - role: infinispan_cache
      infinispan_deployer_user: "supervisor"
      infinispan_deployer_password: "remembertochangeme"
      infinispan_cache_xml: >
        <local-cache name="testcache" statistics="true">
          <encoding media-type="application/octet-stream"/>

diff --git a/roles/infinispan/tasks/fastpackages.yml b/roles/infinispan/tasks/fastpackages.yml
@@ -11,7 +11,7 @@
                              map('regex_findall', 'package (.+) is not installed$') | default([]) | flatten }}"
 
 - name: "Install packages: {{ packages_to_install }}"
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
   ansible.builtin.package:
     name: "{{ packages_to_install }}"
     state: present

diff --git a/roles/infinispan/tasks/firewalld.yml b/roles/infinispan/tasks/firewalld.yml
@@ -6,14 +6,14 @@
       - firewalld
 
 - name: Enable and start the firewalld service
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
   ansible.builtin.systemd:
     name: firewalld
     enabled: true
     state: started
 
 - name: "Configure firewall for {{ infinispan.name }} ports"
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
   ansible.posix.firewalld:
     port: "{{ item }}"
     permanent: true

diff --git a/roles/infinispan/tasks/install.yml b/roles/infinispan/tasks/install.yml
@@ -4,14 +4,14 @@
     name: "{{ infinispan.group.name }}"
     state: present
     gid: "{{ infinispan.group.id | default(omit) }}"
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: "Create user {{ infinispan.user.name }}"
   ansible.builtin.user:
     name: "{{ infinispan.user.name }}"
     state: present
     uid: "{{ infinispan.user.id | default(omit) }}"
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: "Create download directory"
   ansible.builtin.file:
@@ -20,7 +20,7 @@
     owner: "{{ infinispan.user.name }}"
     group: "{{ infinispan.group.name }}"
     mode: '0750'
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 ## check remote archive
 - name: Set download archive path
@@ -31,7 +31,7 @@
   ansible.builtin.stat:
     path: "{{ archive }}"
   register: archive_path
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: Check local download archive path
   ansible.builtin.stat:
@@ -125,13 +125,13 @@
   when:
     - local_archive_path.stat is defined
     - local_archive_path.stat.exists
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: "Check target directory: {{ infinispan.installation_path }}"
   ansible.builtin.stat:
     path: "{{ infinispan.installation_path }}/bin"
   register: path_to_workdir
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: "Create target directory {{ infinispan.installation_path | dirname }}"
   ansible.builtin.file:
@@ -140,7 +140,7 @@
     owner: "{{ infinispan.user.name }}"
     group: "{{ infinispan.group.name }}"
     mode: '0750'
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: "Extract {{ infinispan.name }} archive on target {{ infinispan.installation_path }}"
   ansible.builtin.unarchive:
@@ -150,7 +150,7 @@
     creates: "{{ infinispan.installation_path }}/bin"
     owner: "{{ infinispan.user.name }}"
     group: "{{ infinispan.group.name }}"
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
   when:
     - new_version_downloaded.changed or not path_to_workdir.stat.exists
   notify:
@@ -168,5 +168,5 @@
     owner: "{{ infinispan.user.name }}"
     group: "{{ infinispan.group.name }}"
     recurse: true
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
   changed_when: false
diff --git a/roles/infinispan/tasks/jdg_user.yml b/roles/infinispan/tasks/jdg_user.yml
@@ -15,7 +15,7 @@
     mode: '0644'
   notify:
     - restart infinispan
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: "Ensure {{ infinispan.config.groups }} exists"
   ansible.builtin.template:
@@ -26,4 +26,4 @@
     mode: '0644'
   notify:
     - restart infinispan
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
diff --git a/roles/infinispan/tasks/main.yml b/roles/infinispan/tasks/main.yml
@@ -95,15 +95,15 @@
     jdg_rpm_java_home: "{{ rpm_java_home }}"
   notify:
     - restart infinispan
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: "Get xsd schema versions"
   ansible.builtin.find:
     paths: "{{ infinispan.home }}/docs/schema/"
     use_regex: true
     patterns: ['^.*-server-[0-9.]*[.]xsd$']
   register: server_schema
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: "Set fetched schema version for template"
   ansible.builtin.set_fact:
@@ -119,7 +119,7 @@
     backup: true
   notify:
     - restart infinispan
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: "Ensure {{ infinispan.service.name }} log4j2 configuration is deployed"
   ansible.builtin.template:
@@ -131,7 +131,7 @@
     backup: true
   notify:
     - restart infinispan
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: Download database driver jar to target
   ansible.builtin.get_url:
@@ -142,7 +142,7 @@
     mode: '0644'
   when:
     - infinispan_jgroups_discovery == 'JDBC_PING'
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
 
 - name: Include users tasks
   ansible.builtin.include_tasks: jdg_user.yml
@@ -166,4 +166,4 @@
     src: "{{ infinispan.home }}server/log"
     dest: "/var/log/infinispan{{ '-' + infinispan_nodename if infinispan_nodename != inventory_hostname else '' }}"
     force: true
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
diff --git a/roles/infinispan/tasks/restart.yml b/roles/infinispan/tasks/restart.yml
@@ -6,11 +6,11 @@
     ansible.builtin.systemd:
       name: "{{ infinispan.service.unit_file }}"
       state: restarted
-    become: true
+    become: "{{ infinispan_install_requires_become | default(true) }}"
   - name: "Wait for used port to be open"
     ansible.builtin.wait_for:
       port: "{{ infinispan.port }}"
       delay: 0
     when:
       - infinispan_healthcheck
-    become: true
+    become: "{{ infinispan_install_requires_become | default(true) }}"
diff --git a/roles/infinispan/tasks/start.yml b/roles/infinispan/tasks/start.yml
@@ -6,11 +6,11 @@
       name: "{{ infinispan.service.unit_file }}"
       state: started
       enabled: true
-    become: true
+    become: "{{ infinispan_install_requires_become | default(true) }}"
   - name: "Wait for used port to be open"
     ansible.builtin.wait_for:
       port: "{{ infinispan.port }}"
       delay: 0
     when:
       - infinispan_healthcheck
-    become: true
+    become: "{{ infinispan_install_requires_become | default(true) }}"
diff --git a/roles/infinispan/tasks/systemd.yml b/roles/infinispan/tasks/systemd.yml
@@ -5,7 +5,7 @@
     owner: root
     group: root
     mode: '0644'
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"
   register: ispn_daemon_reload
   notify:
     - restart infinispan
@@ -16,4 +16,4 @@
   when:
     - ispn_daemon_reload is defined
     - ispn_daemon_reload.changed
-  become: true
+  become: "{{ infinispan_install_requires_become | default(true) }}"