Set /run/podman ACL before starting collectd

When collectd sensubility is enabled, the collectd requires access to
/run/podman. This change adds a separate container to update ACL of
the path before starting the collectd container.

Closes-Bug: #1987641
Change-Id: I6dd514a5e52c01562645011a51afa989a60e0f93
This commit is contained in:
Takashi Kajinami 2022-08-27 01:05:07 +09:00
parent d73dae1a83
commit 8e8efcfb3a

View File

@ -572,6 +572,16 @@ outputs:
mode: "0755"
content: { get_file: ../../container_config_scripts/monitoring/collectd_check_health.py }
docker_config:
step_2:
if:
- {get_param: CollectdEnableSensubility}
- collectd_init_perm:
image: {get_attr: [RoleParametersValue, value, ContainerCollectdImage]}
net: none
user: root
volumes:
- /run:/run:rw
command: ['setfacl', '-R', '-m', 'u:collectd:rwx', '/run/podman']
step_3:
collectd:
image: {get_attr: [RoleParametersValue, value, ContainerCollectdImage]}
@ -637,11 +647,6 @@ outputs:
service:
name: rsyslog
state: restarted
- name: add access to podman to collectd user
ansible.builtin.shell: sudo podman exec -it collectd setfacl -R -m u:collectd:rwx /run/podman
when:
- enable_sensubility
- step|int == 4
host_prep_tasks:
- name: create persistent directories
file: