ceph-container: keep run dir permission consistent

Make it the same as "Create ceph initial directories" task and make owner and group 167 for containers so they can write with ceph user. Signed-off-by: Seena Fallah <seenafallah@gmail.com> (cherry picked from commit 65c84a3583)
2024-05-17 00:09:37 +02:00 · 2024-05-17 00:09:37 +02:00 · 5c0b69af98
parent faae48d75b
commit 5c0b69af98
3 changed files with 3 additions and 3 deletions
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@ -287,7 +287,7 @@ dummy:
 # must be in octal or symbolic form
 #rbd_client_directory_owner: ceph
 #rbd_client_directory_group: ceph
-#rbd_client_directory_mode: "0770"
+#rbd_client_directory_mode: "0755"

 #rbd_client_log_path: /var/log/ceph
 #rbd_client_log_file: "{{ rbd_client_log_path }}/qemu-guest-$pid.log" # must be writable by QEMU and allowed by SELinux or AppArmor
--- a/roles/ceph-container-common/tasks/prerequisites.yml
+++ b/roles/ceph-container-common/tasks/prerequisites.yml
@ -28,7 +28,7 @@
 - name: Ensure tmpfiles.d is present
  ansible.builtin.lineinfile:
    path: /etc/tmpfiles.d/ceph-common.conf
-    line: "d /run/ceph 0770 root root -"
+    line: "d /run/ceph 0755 167 167 -"
    owner: root
    group: root
    mode: "0644"
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@ -279,7 +279,7 @@ rbd_client_directories: true # this will create rbd_client_log_path and rbd_clie
 # must be in octal or symbolic form
 rbd_client_directory_owner: ceph
 rbd_client_directory_group: ceph
-rbd_client_directory_mode: "0770"
+rbd_client_directory_mode: "0755"

 rbd_client_log_path: /var/log/ceph
 rbd_client_log_file: "{{ rbd_client_log_path }}/qemu-guest-$pid.log" # must be writable by QEMU and allowed by SELinux or AppArmor