From 5b73af9c34b8ef929a8dbd9c29a21212f204d000 Mon Sep 17 00:00:00 2001
From: John Fulton <fulton@redhat.com>
Date: Tue, 18 Aug 2020 10:41:42 -0400
Subject: [PATCH] Set default permission for prometheus config files

Regardless of the outcome of Ansible 2.9.12 issue 71200
we can set a default permission for these files.

Closes: https://github.com/ceph/ceph-ansible/issues/5677

Signed-off-by: John Fulton <fulton@redhat.com>
(cherry picked from commit 95dee6f1cad71cddb69f7bcddbd199ebcad45d8c)
---
 roles/ceph-prometheus/tasks/main.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/ceph-prometheus/tasks/main.yml b/roles/ceph-prometheus/tasks/main.yml
index 55ce5e2e2..a9fb9b9e5 100644
--- a/roles/ceph-prometheus/tasks/main.yml
+++ b/roles/ceph-prometheus/tasks/main.yml
@@ -13,6 +13,7 @@
     src: prometheus.yml.j2
     dest: "{{ prometheus_conf_dir }}/prometheus.yml"
     owner: "{{ prometheus_user_id }}"
+    mode: 0640
   notify: service handler
 
 - name: make sure the alerting rules directory exists
@@ -42,7 +43,8 @@
   template:
     src: alertmanager.yml.j2
     dest: "{{ alertmanager_conf_dir }}/alertmanager.yml"
-    owner: "root"
+    owner: "{{ prometheus_user_id }}"
+    mode: 0640
   notify: service handler
 
 - name: include setup_container.yml
-- 
2.39.5