Remove setting ACLs during Upgrade

Currently, we are setting file ACLs on /var/lib/neutron as part of
upgrade tasks if there is a neutron user in the system. Since moving to
containerized deployment, we don't have neutron user on the system
anymore. This code was added to resolve issues arising with existing
neutron resources when moving from system services to containerized
services.

This patch is to remove the stale upgrade tasks to remove file ACLs.

Closes-Bug: #1943034

Signed-off-by: Purandhar Sairam Mannidi <pmannidi@redhat.com>
Change-Id: I19f457a99dedfd781bd56987e3fea6626737500d
(cherry picked from commit a522941695)
(cherry picked from commit b9fe05d56c)
(cherry picked from commit 2d21dcce74)
This commit is contained in:
Purandhar Sairam Mannidi 2021-09-09 10:02:53 +10:00
parent 7a37bc744e
commit 193d2311a3
3 changed files with 0 additions and 93 deletions

View File

@ -453,34 +453,3 @@ outputs:
mode: 0755
content: {get_file: ./kill-script}
upgrade_tasks: []
post_upgrade_tasks:
- name: Check for neutron user
getent:
database: passwd
key: neutron
fail_key: false
- name: Set neutron_user_avail
set_fact:
neutron_user_avail: "{{ getent_passwd is defined }}"
- when:
- step|int == 2
- neutron_user_avail|bool
block:
- name: Ensure read/write access for files created after upgrade
become: true
shell: |
umask 0002
setfacl -d -R -m u:neutron:rwx /var/lib/neutron
setfacl -R -m u:neutron:rw /var/lib/neutron
find /var/lib/neutron -type d -exec setfacl -m u:neutron:rwx '{}' \;
- name: Provide access for domain sockets
failed_when: false
become: true
shell: |
umask 0002
setfacl -m u:neutron:rwx "{{ item }}"
with_items:
- /var/lib/neutron/metadata_proxy
- /var/lib/neutron
# These files are not necessarily present
failed_when: false

View File

@ -393,34 +393,3 @@ outputs:
mode: 0755
content: {get_file: ./kill-script}
upgrade_tasks: []
post_upgrade_tasks:
- name: Check for neutron user
getent:
database: passwd
key: neutron
fail_key: false
- name: Set neutron_user_avail
set_fact:
neutron_user_avail: "{{ getent_passwd is defined }}"
- when:
- step|int == 2
- neutron_user_avail|bool
block:
- name: Ensure r/w access for existing files after upgrade
become: true
shell: |
umask 0002
setfacl -d -R -m u:neutron:rwx /var/lib/neutron
setfacl -R -m u:neutron:rw /var/lib/neutron
find /var/lib/neutron -type d -exec setfacl -m u:neutron:rwx '{}' \;
- name: Provide access to domain sockets
become: true
shell: |
umask 0002
setfacl -m u:neutron:rwx "{{ item }}"
with_items:
- /var/lib/neutron/metadata_proxy
- /var/lib/neutron/keepalived-state-change
- /var/lib/neutron
# These files are not necessarily present
failed_when: false

View File

@ -210,34 +210,3 @@ outputs:
persistent: yes
state: yes
upgrade_tasks: []
post_upgrade_tasks:
- name: Check for neutron user
getent:
database: passwd
key: neutron
fail_key: false
- name: Set neutron_user_avail
set_fact:
neutron_user_avail: "{{ getent_passwd is defined }}"
- when:
- step|int == 2
- neutron_user_avail|bool
block:
- name: Ensure r/w access for existing files after upgrade
become: true
shell: |
umask 0002
setfacl -d -R -m u:neutron:rwx /var/lib/neutron
setfacl -R -m u:neutron:rw /var/lib/neutron
find /var/lib/neutron -type d -exec setfacl -m u:neutron:rwx '{}' \;
- name: Provide access to domain sockets
become: true
shell: |
umask 0002
setfacl -m u:neutron:rwx "{{ item }}"
with_items:
- /var/lib/neutron/metadata_proxy
- /var/lib/neutron/keepalived-state-change
- /var/lib/neutron
# These files are not necessarily present
failed_when: false