Ensure the verify-permissions playbook executes

freephile · freephile · commit eee92a08d63b · 2025-09-11T16:53:39.000Z
Add pre_tasks section to the playbook to load variables via the set-vars role. All playbooks should do this. Eliminate specification of owner/group in the test for cache writing by meza-ansible: - owner: "{{ ansible_user | default(ansible_env.USER) }}" - group: "{{ group_apache }}" because those cause a chmod which is not allowed even though meza-ansible can write to the cache directory. Note: although we could get a full shell with become_flags: '-i' this is not necessary for testing write permissions in the cache directory Ensure message display by filtering items to integer with the 'int' jinja filter Final work following on b3badfc Fixes Issue #186
diff --git a/src/playbooks/verify-permissions.yml b/src/playbooks/verify-permissions.yml
@@ -7,6 +7,12 @@
   gather_facts: true
   become: true
 
+# All playbooks should load critical Meza variables first
+  pre_tasks:
+    - name: Load critical Meza variables
+      ansible.builtin.include_role:
+        name: set-vars
+
   tasks:
     - name: Include permission verification role
       ansible.builtin.include_role:
diff --git a/src/roles/verify-permissions/tasks/main.yml b/src/roles/verify-permissions/tasks/main.yml
@@ -22,7 +22,7 @@
 
 - name: Display directory permissions
   ansible.builtin.debug:
-    msg: "{{ item.item }}: owner={{ item.stat.pw_name }}, group={{ item.stat.gr_name }}, mode={{ '%04o' | format(item.stat.mode) }}"
+    msg: "{{ item.item }}: owner={{ item.stat.pw_name }}, group={{ item.stat.gr_name }}, mode={{ '%04o' | format(item.stat.mode | int) }}"
   loop: "{{ dir_perms.results }}"
   when: item.stat.exists
 
@@ -42,13 +42,15 @@
   ansible.builtin.file:
     path: "{{ m_cache_directory }}/test-write"
     state: touch
-    owner: "{{ ansible_user | default(ansible_env.USER) }}"
-    group: "{{ group_apache }}"
     mode: '0664'
   become: true
   become_user: meza-ansible
   register: cache_write_test
 
+- name: Debug cache write test
+  ansible.builtin.debug:
+    msg: "cache write test: {{ cache_write_test }}"
+
 - name: Remove test file
   ansible.builtin.file:
     path: "{{ m_cache_directory }}/test-write"
