alertmanager/prometheus: fix owner/group

Set the owner/group on alertmanager and prometheus directories and
files to nobody and nogroup (uid and gid 65534) to avoid permission
issues.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1901543

Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
(cherry picked from commit eb452d35bc)
pull/6145/head
Dimitri Savineau 2020-11-25 12:00:38 -05:00 committed by Guillaume Abrioux
parent 1ac034a802
commit fa06752e4b
1 changed files with 9 additions and 4 deletions

View File

@ -4,6 +4,7 @@
path: "{{ item }}"
state: directory
owner: "{{ prometheus_user_id }}"
group: "{{ prometheus_user_id }}"
with_items:
- "{{ prometheus_conf_dir }}"
- "{{ prometheus_data_dir }}"
@ -13,6 +14,7 @@
src: prometheus.yml.j2
dest: "{{ prometheus_conf_dir }}/prometheus.yml"
owner: "{{ prometheus_user_id }}"
group: "{{ prometheus_user_id }}"
mode: 0640
notify: service handler
@ -20,21 +22,23 @@
file:
path: "/etc/prometheus/alerting/"
state: directory
recurse: yes
owner: "{{ prometheus_user_id }}"
group: "{{ prometheus_user_id }}"
- name: copy alerting rules
copy:
src: "ceph_dashboard.yml"
dest: "/etc/prometheus/alerting/ceph_dashboard.yml"
owner: root
group: root
owner: "{{ prometheus_user_id }}"
group: "{{ prometheus_user_id }}"
mode: 0644
- name: create alertmanager directories
file:
path: "{{ item }}"
state: directory
owner: "root"
owner: "{{ prometheus_user_id }}"
group: "{{ prometheus_user_id }}"
with_items:
- "{{ alertmanager_conf_dir }}"
- "{{ alertmanager_data_dir }}"
@ -44,6 +48,7 @@
src: alertmanager.yml.j2
dest: "{{ alertmanager_conf_dir }}/alertmanager.yml"
owner: "{{ prometheus_user_id }}"
group: "{{ prometheus_user_id }}"
mode: 0640
notify: service handler