Fix permission denied errors with ping on c8s

They seem to think ping is too dangerous for normal users. Co-Authored-By: Pierre Riteau <pierre@stackhpc.com> Signed-off-by: Dr. Jens Harbott <harbott@osism.tech> Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/824903 Change-Id: I30c2a7b6850350901b15fe196175508634c8e9a5
2022-01-15 07:39:13 +01:00 · 2022-01-15 07:39:13 +01:00 · e6cfaee10c
commit e6cfaee10c
parent 12d3e1d23e
2 changed files with 10 additions and 0 deletions
--- a/ansible/roles/baremetal/tasks/pre-install.yml
+++ b/ansible/roles/baremetal/tasks/pre-install.yml
@ -41,6 +41,15 @@
    - inventory_hostname not in groups['bifrost'] or
      hostvars[inventory_hostname]['api_interface'] | replace('-', '_') in hostvars[inventory_hostname].ansible_facts

+- name: Ensure unprivileged users can use ping
+  become: true
+  sysctl:
+    name: net.ipv4.ping_group_range
+    value: '0 2147483647'
+    state: present
+    sysctl_file: "{{ kolla_sysctl_conf_path }}"
+  when: ansible_facts.os_family == 'RedHat'
+
 # NOTE(osmanlicilegi): The distribution might come with cloud-init installed, and manage_etc_hosts
 # configuration enabled. If so, it will override the file /etc/hosts from cloud-init templates at
 # every boot, which will break RabbitMQ. To prevent this happens, first we check whether cloud-init
--- a/roles/multi-node-managed-addressing/tasks/main.yml
+++ b/roles/multi-node-managed-addressing/tasks/main.yml
@ -66,6 +66,7 @@
    - managed_network_address_family == 'ipv6'

 - name: Ping across the managed network
+  become: true
  vars:
    ping_command: "{{ 'ping' if managed_network_address_family == 'ipv4' else 'ping6' }}"
  command: "{{ ping_command }} -c1 {{ hostvars[item].managed_interface_address }}"