From 93c9ad892cb26ec44fccb69a3cf34da479274da4 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Piliszek?= Date: Wed, 6 May 2020 20:24:53 +0200 Subject: [PATCH] Make nova perms consistent between applications Nova cells support introduced a slight regression that triggers odd behaviour when we tried switching to Apache (httpd) [1]. Bootstrap no longer applied permissions recursively to all log files, creating a discrepancy between normal and bootstrap runs and also Nova and other services such as Cinder (regarding bootstrap logging). This patch fixes it. Backport to Train. Not creating reno nor a bug record because it does not affect any current standard usage in any currently known way. Note this only really hides (standardizes?) the global issue that we don't control file permissions on newly created files too well. [1] https://review.opendev.org/724793 Change-Id: I35e9924ccede5edd2e1307043379aba944725143 Needed-By: https://review.opendev.org/724793 --- ansible/roles/nova-cell/templates/nova-cell-bootstrap.json.j2 | 3 ++- ansible/roles/nova/templates/nova-api-bootstrap.json.j2 | 3 ++- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/ansible/roles/nova-cell/templates/nova-cell-bootstrap.json.j2 b/ansible/roles/nova-cell/templates/nova-cell-bootstrap.json.j2 index f286f00a08..db993edd57 100644 --- a/ansible/roles/nova-cell/templates/nova-cell-bootstrap.json.j2 +++ b/ansible/roles/nova-cell/templates/nova-cell-bootstrap.json.j2 @@ -11,7 +11,8 @@ "permissions": [ { "path": "/var/log/kolla/nova", - "owner": "nova:nova" + "owner": "nova:nova", + "recurse": true } ] } diff --git a/ansible/roles/nova/templates/nova-api-bootstrap.json.j2 b/ansible/roles/nova/templates/nova-api-bootstrap.json.j2 index f286f00a08..db993edd57 100644 --- a/ansible/roles/nova/templates/nova-api-bootstrap.json.j2 +++ b/ansible/roles/nova/templates/nova-api-bootstrap.json.j2 @@ -11,7 +11,8 @@ "permissions": [ { "path": "/var/log/kolla/nova", - "owner": "nova:nova" + "owner": "nova:nova", + "recurse": true } ] }