From d81a2fb7aa23643a3729f76940dd996a3854aed1 Mon Sep 17 00:00:00 2001 From: Dmitriy Rabotyagov Date: Mon, 26 Aug 2024 19:01:02 +0200 Subject: [PATCH] Ensure proper permissions for OVN Metadata service With change of the user under which ovn-metadata service is running from root to neutron, it was clean forgot to change an ownership for existing configuration produced be the service during upgrades. This patch adds an extra folder defenition that should ensure ownership being correct for all files related to the ovn-metadata-proxy service. Closes-Bug: #2077684 Change-Id: I8e82558fce8a420dca5fb5302dd5f73e40230e48 --- tasks/neutron_pre_install.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/tasks/neutron_pre_install.yml b/tasks/neutron_pre_install.yml index a83e6de6..a15d6d9d 100644 --- a/tasks/neutron_pre_install.yml +++ b/tasks/neutron_pre_install.yml @@ -58,6 +58,7 @@ owner: "{{ item.owner | default(neutron_system_user_name) }}" group: "{{ item.group | default(neutron_system_group_name) }}" mode: "{{ item.mode | default(omit) }}" + recurse: "{{ item.recurse | default(omit) }}" when: - (item.condition | default(true)) | bool with_items: @@ -72,6 +73,10 @@ group: "root" - path: "{{ neutron_system_home_folder }}" mode: "0755" + - path: "{{ neutron_system_home_folder }}/ovn-metadata-proxy" + mode: "u=rwX,g=rX,o=rX" + recurse: True + condition: "{{ (neutron_plugin_type == 'ml2.ovn' and neutron_services['neutron-ovn-metadata-agent']['group'] in group_names) }}" - path: "{{ neutron_system_home_folder }}/ha_confs" state: "{{ (neutron_plugin_type == 'ml2.ovn') | ternary('absent', 'directory') }}"