From e36d53b0378898233aefef594f7de55a0583230f Mon Sep 17 00:00:00 2001
From: Emma Foley <efoley@redhat.com>
Date: Mon, 17 Feb 2025 16:47:45 +0000
Subject: [PATCH] [ci][common] Use separate play for tests requiring elevated
 priviledges

The container tests need elevated permissions to run on the compute nodes.
This is not always going to be the case, so become is added to a separate play to only elevate priviliges for some tests.
---
 ci/logging_tests_computes.yml         | 23 ++++++++++++++++++-----
 roles/common/tasks/container_test.yml |  7 ++++---
 2 files changed, 22 insertions(+), 8 deletions(-)

diff --git a/ci/logging_tests_computes.yml b/ci/logging_tests_computes.yml
index 695ede03..9d229e7c 100644
--- a/ci/logging_tests_computes.yml
+++ b/ci/logging_tests_computes.yml
@@ -11,11 +11,6 @@
     journal_list:
       - ceilometer_agent_compute
       - nova_compute
-    common_container_test_id: "RHOSO-12753"
-    common_container_list:
-      - ceilometer_agent_compute
-      - ceilometer_agent_ipmi
-      - node_exporter
     common_file_test_id: "RHOSO-12754"
     common_file_list:
       - /etc/rsyslog.d/10-telemetry.conf
@@ -27,3 +22,21 @@
     - name: "Run the tests from the common role"
       ansible.builtin.import_role:
         name: common
+
+- name: "Run container tests which require root on compute nodes"
+  hosts: computes
+  gather_facts: true
+  become: true
+  ignore_errors: true
+  environment:
+    KUBECONFIG: "{{ cifmw_openshift_kubeconfig }}"
+    PATH: "{{ cifmw_path }}"
+  vars:
+    common_container_test_id: "RHOSO-12753"
+    common_container_list:
+      - ceilometer_agent_compute
+      - node_exporter
+  tasks:
+    - name: "Run the tests from the common role"
+      ansible.builtin.import_role:
+        name: common
diff --git a/roles/common/tasks/container_test.yml b/roles/common/tasks/container_test.yml
index cf4dfaa6..755e3287 100644
--- a/roles/common/tasks/container_test.yml
+++ b/roles/common/tasks/container_test.yml
@@ -1,13 +1,15 @@
 ---
-# The containers are run by root, so need to become true
 - name: Get container status
-  become: true
   ansible.builtin.shell:
     cmd: |
       podman ps -a --format "{{ '{{.Names}} {{.Status}}' }}" | grep {{ container_name }}
   changed_when: false
   register: container_status
 
+- name:  Show the container name and status
+  ansible.builtin.debug:
+    var: container_status.stdout
+
 - when: container_status.stdout | length == 0
   block:
   - name: Show the containers
@@ -34,4 +36,3 @@
       Container does not meet the required conditions:
       {%- if container_status.stdout | length == 0 %}Container name did not match any existing containers;{% endif %}
       {%- if "unhealthy" in container_status.stdout %}Container status is unhealthy;{% endif %}
-      Container '{{ container_name }}' is not in 'healthy' status. Current status: {{ container_status.stdout }}