Fix permissions of kolla-ansible target virtualenv

When using a target virtual environment for kolla-ansible [1], it is possible
to get a Permission Denied error. This can occur if the permissions of
/opt/kayobe or /opt/kayobe/venvs are restricted to the stack user (0700), since
kolla ansible uses the kolla user.

Although it makes sense for /opt/kayobe/venvs/kayobe to be 0700, /opt/kayobe
and /opt/kayobe/venvs should be 0755 to allow the kolla user to access a
virtualenv in /opt/kayobe/venvs/kolla-ansible.

This was seen during deployment of a seed, with kayobe target virtualenvs [2]
also in use. Since the kayobe-target-venv.yml playbook is one of the first
playbooks to be run, it will create the /opt/kayobe and /opt/kayobe/venvs
directories, and set the permissions correctly.

[1] http://kayobe.readthedocs.io/en/latest/configuration/kolla-ansible.html#remote-execution-environment
[2] http://kayobe.readthedocs.io/en/latest/configuration/kayobe.html#remote-execution-environment

Change-Id: I124cff8f08309c1eeef78c035c4cf195367b21f2
Story: 2001968
Task: 15868
This commit is contained in:
Mark Goddard 2018-05-10 14:47:11 +01:00
parent 424d0f9c51
commit b80e94ca36

View File

@ -28,6 +28,18 @@
state: installed state: installed
become: True become: True
- name: Ensure global virtualenv directory exists
file:
path: "{{ virtualenv_path }}"
state: directory
owner: "{{ ansible_user }}"
group: "{{ ansible_user }}"
mode: 0755
# Check whether the virtualenv directory is a subdirectory of the
# global virtualenv directory.
when: virtualenv.startswith(virtualenv_path)
become: True
- name: Ensure kayobe virtualenv directory exists - name: Ensure kayobe virtualenv directory exists
file: file:
path: "{{ virtualenv }}" path: "{{ virtualenv }}"