From: Casey Bodley <cbodley@redhat.com>
Date: Mon, 20 Apr 2020 14:50:00 +0000 (-0400)
Subject: qa/rgw: allow 'ceph' user to read vault token
X-Git-Tag: v15.2.2~48^2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=929c1dd7215d09aad87752fa3406d83ccf8e30c7;p=ceph.git

qa/rgw: allow 'ceph' user to read vault token

Signed-off-by: Casey Bodley <cbodley@redhat.com>
(cherry picked from commit 58a773b59c2f563caa02ff913d6d00f009f62730)
---

diff --git a/qa/tasks/rgw.py b/qa/tasks/rgw.py
index df900d2c4505..2d99d9962f1c 100644
--- a/qa/tasks/rgw.py
+++ b/qa/tasks/rgw.py
@@ -132,10 +132,11 @@ def start_rgw(ctx, config, clients):
                 raise ConfigError('vault: no "root_token" specified')
             # create token on file
             ctx.cluster.only(client).run(args=['echo', '-n', ctx.vault.root_token, run.Raw('>'), token_path])
-            log.info("Restrict access to token file")
-            ctx.cluster.only(client).run(args=['chmod', '600', token_path])
             log.info("Token file content")
             ctx.cluster.only(client).run(args=['cat', token_path])
+            log.info("Restrict access to token file")
+            ctx.cluster.only(client).run(args=['chmod', '600', token_path])
+            ctx.cluster.only(client).run(args=['sudo', 'chown', 'ceph', token_path])
 
             rgw_cmd.extend([
                 '--rgw_crypt_vault_addr', "{}:{}".format(*ctx.vault.endpoints[vault_role]),