From 4be032390035d6e96c6c258b4e8e6033e626b957 Mon Sep 17 00:00:00 2001
From: Eduardo Olivares <eolivare@redhat.com>
Date: Mon, 5 Aug 2024 10:07:07 +0200
Subject: [PATCH 1/2] ovn-bgp-agent sub-dirs created with non-root user

The following PR changed the permissions and ownership for directories
created from many roles:
https://github.com/openstack-k8s-operators/edpm-ansible/pull/683

This commit removes `become: true` from the task that creates
ovn-bgp-agent configuration directories.

https://issues.redhat.com/browse/OSPRH-9191
---
 roles/edpm_ovn_bgp_agent/tasks/install.yml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/roles/edpm_ovn_bgp_agent/tasks/install.yml b/roles/edpm_ovn_bgp_agent/tasks/install.yml
index 5dd208da7..c0d7c02f2 100644
--- a/roles/edpm_ovn_bgp_agent/tasks/install.yml
+++ b/roles/edpm_ovn_bgp_agent/tasks/install.yml
@@ -28,10 +28,11 @@
     - {'path': "{{ edpm_ovn_bgp_agent_config_basedir }}", 'setype': container_file_t, 'mode': '0750'}
 
 - name: Create directory {{ edpm_ovn_bgp_agent_config_basedir }}
-  become: true
   ansible.builtin.file:
     path: "{{ edpm_ovn_bgp_agent_config_basedir }}/etc/ovn-bgp-agent"
     recurse: true
     state: directory
     selevel: s0
     setype: container_file_t
+    owner: "{{ ansible_user | default(ansible_user_id) }}"
+    group: "{{ ansible_user | default(ansible_user_id) }}"

From 12a0e5519dbac3f2dfb56d44b1829e6902e0f851 Mon Sep 17 00:00:00 2001
From: Eduardo Olivares <eolivare@redhat.com>
Date: Mon, 5 Aug 2024 10:55:17 +0200
Subject: [PATCH 2/2] ovn_bgp_agent: Use root with "Add OVS Manager" tasks

ovs-vsctl commands have to be executed as root.
---
 roles/edpm_ovn_bgp_agent/tasks/configure.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/roles/edpm_ovn_bgp_agent/tasks/configure.yml b/roles/edpm_ovn_bgp_agent/tasks/configure.yml
index 66556e104..f5f7c404e 100644
--- a/roles/edpm_ovn_bgp_agent/tasks/configure.yml
+++ b/roles/edpm_ovn_bgp_agent/tasks/configure.yml
@@ -50,6 +50,7 @@
       loop: "{{ edpm_neutron_ovn_secrets.files }}"
 
 - name: Add OVS Manager
+  become: true
   block:
     - name: Check if OVS Manager already exists
       ansible.builtin.shell: |