Fix permission denied errors with ping on c8s
They seem to think ping is too dangerous for normal users.
Co-Authored-By: Pierre Riteau <pierre@stackhpc.com>
Signed-off-by: Dr. Jens Harbott <harbott@osism.tech>
Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/824968
Change-Id: I30c2a7b6850350901b15fe196175508634c8e9a5
(cherry picked from commit e6cfaee10c
)
This commit is contained in:
parent
17c267e9a5
commit
69b7bb93f1
|
@ -41,6 +41,15 @@
|
||||||
- inventory_hostname not in groups['bifrost'] or
|
- inventory_hostname not in groups['bifrost'] or
|
||||||
hostvars[inventory_hostname]['api_interface'] | replace('-', '_') in hostvars[inventory_hostname].ansible_facts
|
hostvars[inventory_hostname]['api_interface'] | replace('-', '_') in hostvars[inventory_hostname].ansible_facts
|
||||||
|
|
||||||
|
- name: Ensure unprivileged users can use ping
|
||||||
|
become: true
|
||||||
|
sysctl:
|
||||||
|
name: net.ipv4.ping_group_range
|
||||||
|
value: '0 2147483647'
|
||||||
|
state: present
|
||||||
|
sysctl_file: "{{ kolla_sysctl_conf_path }}"
|
||||||
|
when: ansible_facts.os_family == 'RedHat'
|
||||||
|
|
||||||
# NOTE(osmanlicilegi): The distribution might come with cloud-init installed, and manage_etc_hosts
|
# NOTE(osmanlicilegi): The distribution might come with cloud-init installed, and manage_etc_hosts
|
||||||
# configuration enabled. If so, it will override the file /etc/hosts from cloud-init templates at
|
# configuration enabled. If so, it will override the file /etc/hosts from cloud-init templates at
|
||||||
# every boot, which will break RabbitMQ. To prevent this happens, first we check whether cloud-init
|
# every boot, which will break RabbitMQ. To prevent this happens, first we check whether cloud-init
|
||||||
|
|
|
@ -66,6 +66,7 @@
|
||||||
- managed_network_address_family == 'ipv6'
|
- managed_network_address_family == 'ipv6'
|
||||||
|
|
||||||
- name: Ping across the managed network
|
- name: Ping across the managed network
|
||||||
|
become: true
|
||||||
vars:
|
vars:
|
||||||
ping_command: "{{ 'ping' if managed_network_address_family == 'ipv4' else 'ping6' }}"
|
ping_command: "{{ 'ping' if managed_network_address_family == 'ipv4' else 'ping6' }}"
|
||||||
command: "{{ ping_command }} -c1 {{ hostvars[item].managed_interface_address }}"
|
command: "{{ ping_command }} -c1 {{ hostvars[item].managed_interface_address }}"
|
||||||
|
|
Loading…
Reference in New Issue