From e6cfaee10ce64afe8f5dd5ea9560ffa2c0b4ea90 Mon Sep 17 00:00:00 2001 From: Pierre Riteau Date: Sat, 15 Jan 2022 07:39:13 +0100 Subject: [PATCH] Fix permission denied errors with ping on c8s They seem to think ping is too dangerous for normal users. Co-Authored-By: Pierre Riteau Signed-off-by: Dr. Jens Harbott Depends-On: https://review.opendev.org/c/openstack/kolla-ansible/+/824903 Change-Id: I30c2a7b6850350901b15fe196175508634c8e9a5 --- ansible/roles/baremetal/tasks/pre-install.yml | 9 +++++++++ roles/multi-node-managed-addressing/tasks/main.yml | 1 + 2 files changed, 10 insertions(+) diff --git a/ansible/roles/baremetal/tasks/pre-install.yml b/ansible/roles/baremetal/tasks/pre-install.yml index a3777ca48b..97308cf608 100644 --- a/ansible/roles/baremetal/tasks/pre-install.yml +++ b/ansible/roles/baremetal/tasks/pre-install.yml @@ -41,6 +41,15 @@ - inventory_hostname not in groups['bifrost'] or hostvars[inventory_hostname]['api_interface'] | replace('-', '_') in hostvars[inventory_hostname].ansible_facts +- name: Ensure unprivileged users can use ping + become: true + sysctl: + name: net.ipv4.ping_group_range + value: '0 2147483647' + state: present + sysctl_file: "{{ kolla_sysctl_conf_path }}" + when: ansible_facts.os_family == 'RedHat' + # NOTE(osmanlicilegi): The distribution might come with cloud-init installed, and manage_etc_hosts # configuration enabled. If so, it will override the file /etc/hosts from cloud-init templates at # every boot, which will break RabbitMQ. To prevent this happens, first we check whether cloud-init diff --git a/roles/multi-node-managed-addressing/tasks/main.yml b/roles/multi-node-managed-addressing/tasks/main.yml index 9235fe2df6..30753a0ab2 100644 --- a/roles/multi-node-managed-addressing/tasks/main.yml +++ b/roles/multi-node-managed-addressing/tasks/main.yml @@ -66,6 +66,7 @@ - managed_network_address_family == 'ipv6' - name: Ping across the managed network + become: true vars: ping_command: "{{ 'ping' if managed_network_address_family == 'ipv4' else 'ping6' }}" command: "{{ ping_command }} -c1 {{ hostvars[item].managed_interface_address }}"