From 5f1c603b3dcf1e7daa7d7aabd8e60efaa213bc52 Mon Sep 17 00:00:00 2001
From: Ian Wienand <iwienand@redhat.com>
Date: Fri, 5 Nov 2021 08:18:27 +1100
Subject: [PATCH] gerrit: don't chown mariadb container directory

We are currently re-chowning the running db directories back to root,
causing havoc for the db.  Drop the explicit permissions to avoid
this.

Change-Id: I8d8ce5c62c660875d5c6eed54c686996576ec9df
---
 playbooks/roles/gerrit/tasks/main.yaml | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)

diff --git a/playbooks/roles/gerrit/tasks/main.yaml b/playbooks/roles/gerrit/tasks/main.yaml
index bea17596cd..f23b486b8c 100644
--- a/playbooks/roles/gerrit/tasks/main.yaml
+++ b/playbooks/roles/gerrit/tasks/main.yaml
@@ -285,16 +285,14 @@
   when: gerrit_redirect_vhost is defined
   notify: gerrit Reload apache2
 
-- name: Start gerrit
-  include_tasks: start.yaml
-
+# NOTE(ianw) This deliberately does not set owner/group/mode, as the
+# mariadb container chowns this directory to be owned by a
+# container-internal user and drops root privileges.  We don't want to
+# reset this from outside the container.
 - name: Setup reviewdb directory for mariadb
   file:
     state: directory
     path: /home/gerrit2/reviewdb
-    owner: root
-    group: root
-    mode: 0755
 
 - name: Set up root mariadb conf file
   template:
@@ -302,6 +300,9 @@
     dest: /root/.gerrit_db.cnf
     mode: 0400
 
+- name: Start gerrit
+  include_tasks: start.yaml
+
 - name: Set up cron job to optmize git repos
   cron:
     name: optmize-git-repos