From 07453f346094b184a209380e375f6311987675be Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Tue, 14 Mar 2017 14:44:34 +0000
Subject: [PATCH] Use ironic-inspector user for ironic inspector

This change updates the ironic_inspector container deployment tasks
to use the new kolla ironic-inspector image (see kolla change
Ibdc5ba35db61f4974d4282aff34bcb5ccd952d45). The new image uses the
ironic-inspector user rather than the ironic user to execute the
ironic inspector service as this more closely aligns with what is
typically done by downstream packagers (specifically, Ubuntu and
RDO).

This change sets the owner and group to ironic-inspector when
copying configuration files into place, and uses the log directory
/var/log/kolla/ironic-inspector.

Change-Id: I8579d5c2d741636406ff60bececc74b50743b83e
Depends-On: Ibdc5ba35db61f4974d4282aff34bcb5ccd952d45
Closes-Bug: #1624457
---
 ansible/roles/ironic/templates/ironic-inspector.conf.j2 | 2 +-
 ansible/roles/ironic/templates/ironic-inspector.json.j2 | 6 +++---
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/ansible/roles/ironic/templates/ironic-inspector.conf.j2 b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
index 14cdd9b1f3..5ecdbd40b0 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.conf.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.conf.j2
@@ -1,6 +1,6 @@
 [DEFAULT]
 debug = {{ ironic_logging_debug }}
-log_dir = /var/log/kolla/ironic
+log_dir = /var/log/kolla/ironic-inspector
 
 {% if orchestration_engine != 'KUBERNETES' %}
 listen_address = {{ api_interface_address }}
diff --git a/ansible/roles/ironic/templates/ironic-inspector.json.j2 b/ansible/roles/ironic/templates/ironic-inspector.json.j2
index 5db6cbc90c..f5550a6d5f 100644
--- a/ansible/roles/ironic/templates/ironic-inspector.json.j2
+++ b/ansible/roles/ironic/templates/ironic-inspector.json.j2
@@ -4,13 +4,13 @@
         {
             "source": "{{ container_config_directory }}/inspector.conf",
             "dest": "/etc/ironic-inspector/inspector.conf",
-            "owner": "ironic",
+            "owner": "ironic-inspector",
             "perm": "0600"
         },
         {
             "source": "{{ container_config_directory }}/policy.json",
-            "dest": "/etc/ironic/policy.json",
-            "owner": "ironic",
+            "dest": "/etc/ironic-inspector/policy.json",
+            "owner": "ironic-inspector",
             "perm": "0600",
             "optional": true
         }