From: Guillaume Abrioux <gabrioux@redhat.com>
Date: Wed, 18 Dec 2019 15:14:21 +0000 (+0100)
Subject: Revert "nfs: do not run privileged nfs container"
X-Git-Tag: v6.0.0alpha1~145
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=fca6f788a061bf99d0a1f8a2dca990d4042d2b14;p=ceph-ansible.git

Revert "nfs: do not run privileged nfs container"

This reverts commit d06158e9d9ab4a706ca72a4940e7acb5fc25697d.

Otherwise ganesha consumers can't dynamically update exports using dbus.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1784562
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
---

diff --git a/roles/ceph-nfs/templates/ceph-nfs.service.j2 b/roles/ceph-nfs/templates/ceph-nfs.service.j2
index 3f64ce058..459689ef8 100644
--- a/roles/ceph-nfs/templates/ceph-nfs.service.j2
+++ b/roles/ceph-nfs/templates/ceph-nfs.service.j2
@@ -18,6 +18,10 @@ ExecStart=/usr/bin/{{ container_binary }} run --rm --net=host \
   -v /etc/ganesha:/etc/ganesha:z \
   -v /var/run/ceph:/var/run/ceph:z \
   -v /var/log/ceph:/var/log/ceph:z \
+  {% if ceph_nfs_dynamic_exports %}
+  --privileged \
+  -v /var/run/dbus/system_bus_socket:/var/run/dbus/system_bus_socket \
+  {% endif -%}
   -v /etc/localtime:/etc/localtime:ro \
   -e CLUSTER={{ cluster }} \
   -e CEPH_DAEMON=NFS \