diff --git a/ansible/roles/glance/tasks/start.yml b/ansible/roles/glance/tasks/start.yml index a28e3f3b14..80be58c2b7 100644 --- a/ansible/roles/glance/tasks/start.yml +++ b/ansible/roles/glance/tasks/start.yml @@ -16,8 +16,6 @@ volumes: - "{{ node_config_directory }}/glance-registry/:{{ container_config_directory }}/:ro" - "/var/lib/kolla/dev/log:/dev/log" - volumes_from: - - glance_data env: KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" when: inventory_hostname in groups['glance-registry'] @@ -39,6 +37,8 @@ volumes: - "{{ node_config_directory }}/glance-api/:{{ container_config_directory }}/:ro" - "/var/lib/kolla/dev/log:/dev/log" + volumes_from: + - glance_data env: KOLLA_CONFIG_STRATEGY: "{{ config_strategy }}" when: inventory_hostname in groups['glance-api'] diff --git a/docker/glance/glance-api/extend_start.sh b/docker/glance/glance-api/extend_start.sh index 6f3cab8307..4b99201c9c 100644 --- a/docker/glance/glance-api/extend_start.sh +++ b/docker/glance/glance-api/extend_start.sh @@ -4,5 +4,6 @@ # of the KOLLA_BOOTSTRAP variable being set, including empty. if [[ "${!KOLLA_BOOTSTRAP[@]}" ]]; then glance-manage db_sync + sudo chown -R glance: /var/lib/glance/ exit 0 fi diff --git a/docker/glance/glance-base/Dockerfile.j2 b/docker/glance/glance-base/Dockerfile.j2 index 447c2d5b9f..8f0cadfebb 100644 --- a/docker/glance/glance-base/Dockerfile.j2 +++ b/docker/glance/glance-base/Dockerfile.j2 @@ -44,4 +44,8 @@ RUN ln -s glance-base-source/* glance \ {% endif %} -RUN usermod -a -G kolla glance +COPY glance_sudoers /etc/sudoers.d/glance_sudoers + +RUN usermod -a -G kolla glance \ + && chmod 750 /etc/sudoers.d \ + && chmod 440 /etc/sudoers.d/glance_sudoers diff --git a/docker/glance/glance-base/glance_sudoers b/docker/glance/glance-base/glance_sudoers new file mode 100644 index 0000000000..ffb536abf5 --- /dev/null +++ b/docker/glance/glance-base/glance_sudoers @@ -0,0 +1 @@ +%kolla ALL=(root) NOPASSWD: /usr/bin/chown -R glance\: /var/lib/glance/, /bin/chown -R glance\: /var/lib/glance/