Remove setting ACLs during Upgrade
Currently, we are setting file ACLs on /var/lib/neutron as part of upgrade tasks if there is a neutron user in the system. Since moving to containerized deployment, we don't have neutron user on the system anymore. This code was added to resolve issues arising with existing neutron resources when moving from system services to containerized services. This patch is to remove the stale upgrade tasks to remove file ACLs. Closes-Bug: #1943034 Signed-off-by: Purandhar Sairam Mannidi <pmannidi@redhat.com> Change-Id: I19f457a99dedfd781bd56987e3fea6626737500d (cherry picked from commita522941695
) (cherry picked from commitb9fe05d56c
) (cherry picked from commit2d21dcce74
)
This commit is contained in:
parent
7a37bc744e
commit
193d2311a3
|
@ -453,34 +453,3 @@ outputs:
|
||||||
mode: 0755
|
mode: 0755
|
||||||
content: {get_file: ./kill-script}
|
content: {get_file: ./kill-script}
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
post_upgrade_tasks:
|
|
||||||
- name: Check for neutron user
|
|
||||||
getent:
|
|
||||||
database: passwd
|
|
||||||
key: neutron
|
|
||||||
fail_key: false
|
|
||||||
- name: Set neutron_user_avail
|
|
||||||
set_fact:
|
|
||||||
neutron_user_avail: "{{ getent_passwd is defined }}"
|
|
||||||
- when:
|
|
||||||
- step|int == 2
|
|
||||||
- neutron_user_avail|bool
|
|
||||||
block:
|
|
||||||
- name: Ensure read/write access for files created after upgrade
|
|
||||||
become: true
|
|
||||||
shell: |
|
|
||||||
umask 0002
|
|
||||||
setfacl -d -R -m u:neutron:rwx /var/lib/neutron
|
|
||||||
setfacl -R -m u:neutron:rw /var/lib/neutron
|
|
||||||
find /var/lib/neutron -type d -exec setfacl -m u:neutron:rwx '{}' \;
|
|
||||||
- name: Provide access for domain sockets
|
|
||||||
failed_when: false
|
|
||||||
become: true
|
|
||||||
shell: |
|
|
||||||
umask 0002
|
|
||||||
setfacl -m u:neutron:rwx "{{ item }}"
|
|
||||||
with_items:
|
|
||||||
- /var/lib/neutron/metadata_proxy
|
|
||||||
- /var/lib/neutron
|
|
||||||
# These files are not necessarily present
|
|
||||||
failed_when: false
|
|
||||||
|
|
|
@ -393,34 +393,3 @@ outputs:
|
||||||
mode: 0755
|
mode: 0755
|
||||||
content: {get_file: ./kill-script}
|
content: {get_file: ./kill-script}
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
post_upgrade_tasks:
|
|
||||||
- name: Check for neutron user
|
|
||||||
getent:
|
|
||||||
database: passwd
|
|
||||||
key: neutron
|
|
||||||
fail_key: false
|
|
||||||
- name: Set neutron_user_avail
|
|
||||||
set_fact:
|
|
||||||
neutron_user_avail: "{{ getent_passwd is defined }}"
|
|
||||||
- when:
|
|
||||||
- step|int == 2
|
|
||||||
- neutron_user_avail|bool
|
|
||||||
block:
|
|
||||||
- name: Ensure r/w access for existing files after upgrade
|
|
||||||
become: true
|
|
||||||
shell: |
|
|
||||||
umask 0002
|
|
||||||
setfacl -d -R -m u:neutron:rwx /var/lib/neutron
|
|
||||||
setfacl -R -m u:neutron:rw /var/lib/neutron
|
|
||||||
find /var/lib/neutron -type d -exec setfacl -m u:neutron:rwx '{}' \;
|
|
||||||
- name: Provide access to domain sockets
|
|
||||||
become: true
|
|
||||||
shell: |
|
|
||||||
umask 0002
|
|
||||||
setfacl -m u:neutron:rwx "{{ item }}"
|
|
||||||
with_items:
|
|
||||||
- /var/lib/neutron/metadata_proxy
|
|
||||||
- /var/lib/neutron/keepalived-state-change
|
|
||||||
- /var/lib/neutron
|
|
||||||
# These files are not necessarily present
|
|
||||||
failed_when: false
|
|
||||||
|
|
|
@ -210,34 +210,3 @@ outputs:
|
||||||
persistent: yes
|
persistent: yes
|
||||||
state: yes
|
state: yes
|
||||||
upgrade_tasks: []
|
upgrade_tasks: []
|
||||||
post_upgrade_tasks:
|
|
||||||
- name: Check for neutron user
|
|
||||||
getent:
|
|
||||||
database: passwd
|
|
||||||
key: neutron
|
|
||||||
fail_key: false
|
|
||||||
- name: Set neutron_user_avail
|
|
||||||
set_fact:
|
|
||||||
neutron_user_avail: "{{ getent_passwd is defined }}"
|
|
||||||
- when:
|
|
||||||
- step|int == 2
|
|
||||||
- neutron_user_avail|bool
|
|
||||||
block:
|
|
||||||
- name: Ensure r/w access for existing files after upgrade
|
|
||||||
become: true
|
|
||||||
shell: |
|
|
||||||
umask 0002
|
|
||||||
setfacl -d -R -m u:neutron:rwx /var/lib/neutron
|
|
||||||
setfacl -R -m u:neutron:rw /var/lib/neutron
|
|
||||||
find /var/lib/neutron -type d -exec setfacl -m u:neutron:rwx '{}' \;
|
|
||||||
- name: Provide access to domain sockets
|
|
||||||
become: true
|
|
||||||
shell: |
|
|
||||||
umask 0002
|
|
||||||
setfacl -m u:neutron:rwx "{{ item }}"
|
|
||||||
with_items:
|
|
||||||
- /var/lib/neutron/metadata_proxy
|
|
||||||
- /var/lib/neutron/keepalived-state-change
|
|
||||||
- /var/lib/neutron
|
|
||||||
# These files are not necessarily present
|
|
||||||
failed_when: false
|
|
||||||
|
|
Loading…
Reference in New Issue