From d327681b99915578fc8b389fda69556966db905f Mon Sep 17 00:00:00 2001
From: Kevin Coakley <kcoakley@sdsc.edu>
Date: Tue, 26 Feb 2019 09:30:31 -0800
Subject: [PATCH] Set permissions on monitor directory to u=rwX,g=rX,o=rX
 recursive

Set directories to 755 and files to 644 to /var/lib/ceph/mon/{{ cluster }}-{{ monitor_name }} recursively instead of setting files and directories to 755 recursively. The ceph mon process writes files to this path with permissions 644. This update stops ansible from updating the permissions in /var/lib/ceph/mon/{{ cluster }}-{{ monitor_name }} every time ceph mon writes a file and increases idempotency.

Signed-off-by: Kevin Coakley <kcoakley@sdsc.edu>
---
 roles/ceph-mon/tasks/deploy_monitors.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml
index 6cb79f6ce..233c383fb 100644
--- a/roles/ceph-mon/tasks/deploy_monitors.yml
+++ b/roles/ceph-mon/tasks/deploy_monitors.yml
@@ -43,7 +43,7 @@
     state: directory
     owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
     group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
-    mode: "0755"
+    mode: "u=rwX,g=rX,o=rX"
     recurse: true
 
 - name: set_fact client_admin_ceph_authtool_cap