On the first run, normally node_config_directory (/etc/kolla/) doesn't
exist, so it is created with kolla:kolla ownership and 0755 permissions.
If we then run 'kolla-ansible deploy', config files are created for
containers in this directory, e.g. /etc/kolla/nova-compute/. Permissions
for those files should be set according to 'config_owner_user' and
'config_owner_group'.
If at some point we again run kolla-ansible bootstrap-servers, it will
recursively set the ownership and permissions of all files in /etc/kolla
to kolla:kolla / 0755.
The solution is to change bootstrap-servers to not set the owner and
permissions recursively. It's also arguable that /etc/kolla should be
owned by 'config_owner_user' and 'config_owner_group', rather than
kolla:kolla, although that's a separate issue.
Change-Id: I24668914a9cedc94d5a6cb835648740ce9ce6e39
Closes-Bug: #1821599
(cherry picked from commit 6b0be5c5bacd91bb94ec6b75715affb9777e568d)
Reviewed: https:/ /review. openstack. org/648958 /git.openstack. org/cgit/ openstack/ kolla-ansible/ commit/ ?id=79a976307b8 dc1741f72788f88 486b7289fdda34
Committed: https:/
Submitter: Zuul
Branch: stable/rocky
commit 79a976307b8dc17 41f72788f88486b 7289fdda34
Author: Mark Goddard <email address hidden>
Date: Mon Mar 25 14:16:45 2019 +0000
Remove recurse: yes for owner/perms on /etc/kolla
When kolla-ansible bootstrap-servers is run, it executes one of the
following two tasks:
- name: Ensure node_config_ directory directory exists for user kolla directory }}"
file:
path: "{{ node_config_
state: directory
recurse: true
owner: "{{ kolla_user }}"
group: "{{ kolla_group }}"
mode: "0755"
become: True
when: create_kolla_user | bool
- name: Ensure node_config_ directory directory exists directory }}"
file:
path: "{{ node_config_
state: directory
recurse: true
mode: "0755"
become: True
when: not create_kolla_user | bool
On the first run, normally node_config_ directory (/etc/kolla/) doesn't
exist, so it is created with kolla:kolla ownership and 0755 permissions.
If we then run 'kolla-ansible deploy', config files are created for nova-compute/ . Permissions owner_group' .
containers in this directory, e.g. /etc/kolla/
for those files should be set according to 'config_owner_user' and
'config_
If at some point we again run kolla-ansible bootstrap-servers, it will
recursively set the ownership and permissions of all files in /etc/kolla
to kolla:kolla / 0755.
The solution is to change bootstrap-servers to not set the owner and owner_group' , rather than
permissions recursively. It's also arguable that /etc/kolla should be
owned by 'config_owner_user' and 'config_
kolla:kolla, although that's a separate issue.
Change-Id: I24668914a9cedc 94d5a6cb8356487 40ce9ce6e39 b94ec6b75715aff b9777e568d)
Closes-Bug: #1821599
(cherry picked from commit 6b0be5c5bacd91b