qa/rgw: allow 'ceph' user to read vault token

Signed-off-by: Casey Bodley <cbodley@redhat.com>

diff --git a/qa/tasks/rgw.py b/qa/tasks/rgw.py
index 199aa63f811d64f30948e2c1f10b42eab05afb17..70bc9f88cfa6150a2dbcf71c6af03fac1f3af058 100644 (file)
--- a/qa/tasks/rgw.py
+++ b/qa/tasks/rgw.py
@@ -132,10 +132,11 @@ def start_rgw(ctx, config, clients):
                 raise ConfigError('vault: no "root_token" specified')
             # create token on file
             ctx.cluster.only(client).run(args=['echo', '-n', ctx.vault.root_token, run.Raw('>'), token_path])
-            log.info("Restrict access to token file")
-            ctx.cluster.only(client).run(args=['chmod', '600', token_path])
             log.info("Token file content")
             ctx.cluster.only(client).run(args=['cat', token_path])
+            log.info("Restrict access to token file")
+            ctx.cluster.only(client).run(args=['chmod', '600', token_path])
+            ctx.cluster.only(client).run(args=['sudo', 'chown', 'ceph', token_path])
 
             rgw_cmd.extend([
                 '--rgw_crypt_vault_addr', "{}:{}".format(*ctx.vault.endpoints[vault_role]),