From b80e94ca36ead681d7654574b7600bfe4c8d88cb Mon Sep 17 00:00:00 2001 From: Mark Goddard Date: Thu, 10 May 2018 14:47:11 +0100 Subject: [PATCH] Fix permissions of kolla-ansible target virtualenv When using a target virtual environment for kolla-ansible [1], it is possible to get a Permission Denied error. This can occur if the permissions of /opt/kayobe or /opt/kayobe/venvs are restricted to the stack user (0700), since kolla ansible uses the kolla user. Although it makes sense for /opt/kayobe/venvs/kayobe to be 0700, /opt/kayobe and /opt/kayobe/venvs should be 0755 to allow the kolla user to access a virtualenv in /opt/kayobe/venvs/kolla-ansible. This was seen during deployment of a seed, with kayobe target virtualenvs [2] also in use. Since the kayobe-target-venv.yml playbook is one of the first playbooks to be run, it will create the /opt/kayobe and /opt/kayobe/venvs directories, and set the permissions correctly. [1] http://kayobe.readthedocs.io/en/latest/configuration/kolla-ansible.html#remote-execution-environment [2] http://kayobe.readthedocs.io/en/latest/configuration/kayobe.html#remote-execution-environment Change-Id: I124cff8f08309c1eeef78c035c4cf195367b21f2 Story: 2001968 Task: 15868 --- ansible/kayobe-target-venv.yml | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/ansible/kayobe-target-venv.yml b/ansible/kayobe-target-venv.yml index 74e290b47..fa7f24a6f 100644 --- a/ansible/kayobe-target-venv.yml +++ b/ansible/kayobe-target-venv.yml @@ -28,6 +28,18 @@ state: installed become: True + - name: Ensure global virtualenv directory exists + file: + path: "{{ virtualenv_path }}" + state: directory + owner: "{{ ansible_user }}" + group: "{{ ansible_user }}" + mode: 0755 + # Check whether the virtualenv directory is a subdirectory of the + # global virtualenv directory. + when: virtualenv.startswith(virtualenv_path) + become: True + - name: Ensure kayobe virtualenv directory exists file: path: "{{ virtualenv }}"