Skip to content

Commit

Permalink
Role edpm_ceph_hci_pre needs become to update firewall
Browse files Browse the repository at this point in the history
Add `become: true` to tasks in firewall.yml from the role
edpm_ceph_hci_pre since the move to using cloud-admin [1]
exposed that we were relying on the role being run as root.
When run as cloud-admin without become these tasks failed:
[Errno 13] Permission denied: b'/var/lib/edpm-config/firewall'

[1] openstack-k8s-operators/install_yamls#531

Signed-off-by: John Fulton <fulton@redhat.com>
fultonj committed Sep 14, 2023

Verified

This commit was signed with the committer’s verified signature.
strider Gaël Chamoulaud
1 parent f4adc32 commit 7f34fab
Showing 1 changed file with 2 additions and 0 deletions.
2 changes: 2 additions & 0 deletions roles/edpm_ceph_hci_pre/tasks/firewall.yml
Original file line number Diff line number Diff line change
@@ -15,6 +15,7 @@
# under the License.

- name: Ensure firewall directory is present
become: true
ansible.builtin.file:
path: "{{ edpm_ceph_hci_pre_firewall_yaml_file | dirname }}"
state: directory
@@ -23,6 +24,7 @@
mode: '0750'

- name: Inject firewall configuration for Ceph Server
become: true
ansible.builtin.template:
dest: "{{ edpm_ceph_hci_pre_firewall_yaml_file }}"
src: 'firewall.yaml.j2'

0 comments on commit 7f34fab

Please sign in to comment.