From: Kevin Coakley <kcoakley@sdsc.edu>
Date: Tue, 26 Feb 2019 17:30:31 +0000 (-0800)
Subject: Set permissions on monitor directory to u=rwX,g=rX,o=rX recursive
X-Git-Tag: v4.0.0rc1~78
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=d327681b99915578fc8b389fda69556966db905f;p=ceph-ansible.git

Set permissions on monitor directory to u=rwX,g=rX,o=rX recursive

Set directories to 755 and files to 644 to /var/lib/ceph/mon/{{ cluster }}-{{ monitor_name }} recursively instead of setting files and directories to 755 recursively. The ceph mon process writes files to this path with permissions 644. This update stops ansible from updating the permissions in /var/lib/ceph/mon/{{ cluster }}-{{ monitor_name }} every time ceph mon writes a file and increases idempotency.

Signed-off-by: Kevin Coakley <kcoakley@sdsc.edu>
---

diff --git a/roles/ceph-mon/tasks/deploy_monitors.yml b/roles/ceph-mon/tasks/deploy_monitors.yml
index 6cb79f6ce..233c383fb 100644
--- a/roles/ceph-mon/tasks/deploy_monitors.yml
+++ b/roles/ceph-mon/tasks/deploy_monitors.yml
@@ -43,7 +43,7 @@
     state: directory
     owner: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
     group: "{{ ceph_uid if containerized_deployment else 'ceph' }}"
-    mode: "0755"
+    mode: "u=rwX,g=rX,o=rX"
     recurse: true
 
 - name: set_fact client_admin_ceph_authtool_cap