Become: false for operation /tmp/opensearch-nodecerts

[patsevanton]

Signed-off-by: Anton Patsev patsev.anton@gmail.com

Description

Become: false for operation /tmp/opensearch-nodecerts

Issues Resolved

Fix https://github.com/opensearch-project/ansible-playbook/issues/45

Check List

• [x] Commits are signed per the DCO using --signoff

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license. For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[peterzhuamazon]

https://github.com/opensearch-project/ansible-playbook/pull/46#issuecomment-1089190063

@saravanan30erd

[saravanan30erd]

I am more thinking about whether this is a change that is suitable for the playbook tho. If this is only a change for non-root user, a comment in README on what to change probably enough. Will this change cause any issues with root user?

@peterzhuamazon this change will be useful for few scenarios. Example, when we create ec2 machines and it comes with default user ec2-user with sudo privileges. To run the playbook as root user, we need to prepare the root user in these machines like adding ssh keys. But if we use default user ec2-user, then we don't need to do these ssh key changes and this effort can be avoided.

But this change shouldn't cause any issues when we run with root user as well.

[saravanan30erd]

@patsevanton There are six tasks (which using local_action) runs in local machine which mean all those tasks required become: false but you put become: false only for 3 tasks, which mean other 3 tasks might fail when we use --become. Could you please check it or provide the reason?

[patsevanton]

Add become: false for 6 local_action in security.yml I forgot Signed-off

[peterzhuamazon]

Hi @patsevanton if you can sign off and @saravanan30erd can review that would be great.

[patsevanton]

New PR https://github.com/opensearch-project/ansible-playbook/pull/51