gitlab: Update molecule tests to catch missing become directives

Signed-off-by: Norman Ziegner <[email protected]>

Author: Normo

molecule/gitlab/converge.yml

@@ -6,6 +6,7 @@
 ---
 - name: "Converge"
   hosts: "all"
+  become: false
   tasks:
     - name: "Include gitlab role"
       ansible.builtin.include_role:

molecule/gitlab/molecule.yml

@@ -13,7 +13,7 @@ platforms:
     image: "${MOLECULE_IMAGE:-ghcr.io/hifis-net/ubuntu-systemd:24.04}"
     pre_build_image: true
     privileged: true
-    systemd: "always"
+    systemd: true
     tty: true
     override_command: false
 provisioner:
@@ -29,6 +29,7 @@ provisioner:
   inventory:
     host_vars:
       instancegitlab:
+        ansible_user: "ansible"
         gitlab_edition: "gitlab-ce"
         gitlab_ip_range: "0.0.0.0/0"
         gitlab_additional_configurations:

molecule/gitlab/prepare.yml

@@ -13,6 +13,7 @@
         - "ansible_facts.distribution_major_version | int >= 7"
       block:
         - name: "Install missing dependencies"
+          become: true
           ansible.builtin.dnf:
             name:
               - "sudo"
@@ -21,24 +22,11 @@
             state: "present"
             update_cache: true
 
-        # Workaround to prevent "sudo: PAM account management error" because of non-readable shadows file on AlmaLinux
-        - name: "Get file stats for /etc/shadow"
-          ansible.builtin.stat:
-            path: "/etc/shadow"
-          register: "shadow"
-
-        - name: "Fix permissions for /etc/shadow"
-          ansible.builtin.file:
-            path: "/etc/shadow"
-            owner: "root"
-            group: "{{ shadow.stat.gr_name }}"
-            mode: "0640"
-          when: "not shadow.stat.rusr"
-
     - name: "Install depenencies for OS family Debian"
       when: "ansible_facts.os_family == 'Debian'"
       block:
         - name: "Install missing dependencies"
+          become: true
           ansible.builtin.apt:
             name:
               - "sudo"      # for `become` privilege escalation

molecule/gitlab/verify.yml

@@ -54,12 +54,14 @@
       failed_when: "liveness_check.status == 503"
 
     - name: "Check the output of gitlab status"
+      become: true
       ansible.builtin.command: "gitlab-ctl status"
       register: "gitlab_ctl_status"
       changed_when: "gitlab_ctl_status.rc != 0"
       failed_when: "gitlab_ctl_status.rc != 0"
 
     - name: "Check GitLab configuration via Rake task"
+      become: true
       ansible.builtin.command: "gitlab-rake gitlab:check"
       register: "gitlab_rake_check"
       changed_when: "gitlab_rake_check.rc != 0"