Set /run/podman ACL before starting collectd
When collectd sensubility is enabled, the collectd requires access to /run/podman. This change adds a separate container to update ACL of the path before starting the collectd container. Closes-Bug: #1987641 Change-Id: I6dd514a5e52c01562645011a51afa989a60e0f93
This commit is contained in:
parent
d73dae1a83
commit
8e8efcfb3a
@ -572,6 +572,16 @@ outputs:
|
||||
mode: "0755"
|
||||
content: { get_file: ../../container_config_scripts/monitoring/collectd_check_health.py }
|
||||
docker_config:
|
||||
step_2:
|
||||
if:
|
||||
- {get_param: CollectdEnableSensubility}
|
||||
- collectd_init_perm:
|
||||
image: {get_attr: [RoleParametersValue, value, ContainerCollectdImage]}
|
||||
net: none
|
||||
user: root
|
||||
volumes:
|
||||
- /run:/run:rw
|
||||
command: ['setfacl', '-R', '-m', 'u:collectd:rwx', '/run/podman']
|
||||
step_3:
|
||||
collectd:
|
||||
image: {get_attr: [RoleParametersValue, value, ContainerCollectdImage]}
|
||||
@ -637,11 +647,6 @@ outputs:
|
||||
service:
|
||||
name: rsyslog
|
||||
state: restarted
|
||||
- name: add access to podman to collectd user
|
||||
ansible.builtin.shell: sudo podman exec -it collectd setfacl -R -m u:collectd:rwx /run/podman
|
||||
when:
|
||||
- enable_sensubility
|
||||
- step|int == 4
|
||||
host_prep_tasks:
|
||||
- name: create persistent directories
|
||||
file:
|
||||
|
Loading…
Reference in New Issue
Block a user