Comment 3 for bug 1821599

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to kolla-ansible (stable/rocky)

Reviewed: https://review.openstack.org/648958
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=79a976307b8dc1741f72788f88486b7289fdda34
Submitter: Zuul
Branch: stable/rocky

commit 79a976307b8dc1741f72788f88486b7289fdda34
Author: Mark Goddard <email address hidden>
Date: Mon Mar 25 14:16:45 2019 +0000

    Remove recurse: yes for owner/perms on /etc/kolla

    When kolla-ansible bootstrap-servers is run, it executes one of the
    following two tasks:

    - name: Ensure node_config_directory directory exists for user kolla
      file:
        path: "{{ node_config_directory }}"
        state: directory
        recurse: true
        owner: "{{ kolla_user }}"
        group: "{{ kolla_group }}"
        mode: "0755"
      become: True
      when: create_kolla_user | bool

    - name: Ensure node_config_directory directory exists
      file:
        path: "{{ node_config_directory }}"
        state: directory
        recurse: true
        mode: "0755"
      become: True
      when: not create_kolla_user | bool

    On the first run, normally node_config_directory (/etc/kolla/) doesn't
    exist, so it is created with kolla:kolla ownership and 0755 permissions.

    If we then run 'kolla-ansible deploy', config files are created for
    containers in this directory, e.g. /etc/kolla/nova-compute/. Permissions
    for those files should be set according to 'config_owner_user' and
    'config_owner_group'.

    If at some point we again run kolla-ansible bootstrap-servers, it will
    recursively set the ownership and permissions of all files in /etc/kolla
    to kolla:kolla / 0755.

    The solution is to change bootstrap-servers to not set the owner and
    permissions recursively. It's also arguable that /etc/kolla should be
    owned by 'config_owner_user' and 'config_owner_group', rather than
    kolla:kolla, although that's a separate issue.

    Change-Id: I24668914a9cedc94d5a6cb835648740ce9ce6e39
    Closes-Bug: #1821599
    (cherry picked from commit 6b0be5c5bacd91bb94ec6b75715affb9777e568d)