From: Seena Fallah <seenafallah@gmail.com>
Date: Thu, 16 May 2024 22:09:37 +0000 (+0200)
Subject: ceph-container: keep run dir permission consistent
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=5c0b69af98425b3bf434e6fad359bf8a6189db00;p=ceph-ansible.git

ceph-container: keep run dir permission consistent

Make it the same as "Create ceph initial directories" task
and make owner and group 167 for containers so they can write
with ceph user.

Signed-off-by: Seena Fallah <seenafallah@gmail.com>
(cherry picked from commit 65c84a3583ea4cceb3b4baf70757e62c70a5ccea)
---

diff --git a/group_vars/all.yml.sample b/group_vars/all.yml.sample
index e534fa962..988158133 100644
--- a/group_vars/all.yml.sample
+++ b/group_vars/all.yml.sample
@@ -287,7 +287,7 @@ dummy:
 # must be in octal or symbolic form
 #rbd_client_directory_owner: ceph
 #rbd_client_directory_group: ceph
-#rbd_client_directory_mode: "0770"
+#rbd_client_directory_mode: "0755"
 
 #rbd_client_log_path: /var/log/ceph
 #rbd_client_log_file: "{{ rbd_client_log_path }}/qemu-guest-$pid.log" # must be writable by QEMU and allowed by SELinux or AppArmor
diff --git a/roles/ceph-container-common/tasks/prerequisites.yml b/roles/ceph-container-common/tasks/prerequisites.yml
index 1d062a8d9..4009a3278 100644
--- a/roles/ceph-container-common/tasks/prerequisites.yml
+++ b/roles/ceph-container-common/tasks/prerequisites.yml
@@ -28,7 +28,7 @@
 - name: Ensure tmpfiles.d is present
   ansible.builtin.lineinfile:
     path: /etc/tmpfiles.d/ceph-common.conf
-    line: "d /run/ceph 0770 root root -"
+    line: "d /run/ceph 0755 167 167 -"
     owner: root
     group: root
     mode: "0644"
diff --git a/roles/ceph-defaults/defaults/main.yml b/roles/ceph-defaults/defaults/main.yml
index ffb6abfe6..8ab19b402 100644
--- a/roles/ceph-defaults/defaults/main.yml
+++ b/roles/ceph-defaults/defaults/main.yml
@@ -279,7 +279,7 @@ rbd_client_directories: true # this will create rbd_client_log_path and rbd_clie
 # must be in octal or symbolic form
 rbd_client_directory_owner: ceph
 rbd_client_directory_group: ceph
-rbd_client_directory_mode: "0770"
+rbd_client_directory_mode: "0755"
 
 rbd_client_log_path: /var/log/ceph
 rbd_client_log_file: "{{ rbd_client_log_path }}/qemu-guest-$pid.log" # must be writable by QEMU and allowed by SELinux or AppArmor