From 5c0b69af98425b3bf434e6fad359bf8a6189db00 Mon Sep 17 00:00:00 2001 From: Seena Fallah Date: Fri, 17 May 2024 00:09:37 +0200 Subject: [PATCH] ceph-container: keep run dir permission consistent Make it the same as "Create ceph initial directories" task and make owner and group 167 for containers so they can write with ceph user. Signed-off-by: Seena Fallah (cherry picked from commit 65c84a3583ea4cceb3b4baf70757e62c70a5ccea) --- group_vars/all.yml.sample | 2 +- roles/ceph-container-common/tasks/prerequisites.yml | 2 +- roles/ceph-defaults/defaults/main.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample index e534fa962..988158133 100644 --- a/group_vars/all.yml.sample +++ b/group_vars/all.yml.sample @@ -287,7 +287,7 @@ dummy: # must be in octal or symbolic form #rbd_client_directory_owner: ceph #rbd_client_directory_group: ceph -#rbd_client_directory_mode: "0770" +#rbd_client_directory_mode: "0755" #rbd_client_log_path: /var/log/ceph #rbd_client_log_file: "{{ rbd_client_log_path }}/qemu-guest-$pid.log" # must be writable by QEMU and allowed by SELinux or AppArmor diff --git a/roles/ceph-container-common/tasks/prerequisites.yml b/roles/ceph-container-common/tasks/prerequisites.yml index 1d062a8d9..4009a3278 100644 --- a/roles/ceph-container-common/tasks/prerequisites.yml +++ b/roles/ceph-container-common/tasks/prerequisites.yml @@ -28,7 +28,7 @@ - name: Ensure tmpfiles.d is present ansible.builtin.lineinfile: path: /etc/tmpfiles.d/ceph-common.conf - line: "d /run/ceph 0770 root root -" + line: "d /run/ceph 0755 167 167 -" owner: root group: root mode: "0644" diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml index ffb6abfe6..8ab19b402 100644 --- a/roles/ceph-defaults/defaults/main.yml +++ b/roles/ceph-defaults/defaults/main.yml @@ -279,7 +279,7 @@ rbd_client_directories: true # this will create rbd_client_log_path and rbd_clie # must be in octal or symbolic form rbd_client_directory_owner: ceph rbd_client_directory_group: ceph -rbd_client_directory_mode: "0770" +rbd_client_directory_mode: "0755" rbd_client_log_path: /var/log/ceph rbd_client_log_file: "{{ rbd_client_log_path }}/qemu-guest-$pid.log" # must be writable by QEMU and allowed by SELinux or AppArmor