From 404dd96343e3fb25590a29b504ef1c952650a54a Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Mon, 25 Mar 2019 14:16:45 +0000
Subject: [PATCH] Remove recurse: yes for owner/perms on /etc/kolla

When kolla-ansible bootstrap-servers is run, it executes one of the
following two tasks:

- name: Ensure node_config_directory directory exists for user kolla
  file:
    path: "{{ node_config_directory }}"
    state: directory
    recurse: true
    owner: "{{ kolla_user }}"
    group: "{{ kolla_group }}"
    mode: "0755"
  become: True
  when: create_kolla_user | bool

- name: Ensure node_config_directory directory exists
  file:
    path: "{{ node_config_directory }}"
    state: directory
    recurse: true
    mode: "0755"
  become: True
  when: not create_kolla_user | bool

On the first run, normally node_config_directory (/etc/kolla/) doesn't
exist, so it is created with kolla:kolla ownership and 0755 permissions.

If we then run 'kolla-ansible deploy', config files are created for
containers in this directory, e.g. /etc/kolla/nova-compute/. Permissions
for those files should be set according to 'config_owner_user' and
'config_owner_group'.

If at some point we again run kolla-ansible bootstrap-servers, it will
recursively set the ownership and permissions of all files in /etc/kolla
to kolla:kolla / 0755.

The solution is to change bootstrap-servers to not set the owner and
permissions recursively. It's also arguable that /etc/kolla should be
owned by 'config_owner_user' and 'config_owner_group', rather than
kolla:kolla, although that's a separate issue.

Change-Id: I24668914a9cedc94d5a6cb835648740ce9ce6e39
Closes-Bug: #1821599
(cherry picked from commit 6b0be5c5bacd91bb94ec6b75715affb9777e568d)
---
 ansible/roles/baremetal/tasks/pre-install.yml | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/ansible/roles/baremetal/tasks/pre-install.yml b/ansible/roles/baremetal/tasks/pre-install.yml
index 3818c9b2c2..c87250a077 100644
--- a/ansible/roles/baremetal/tasks/pre-install.yml
+++ b/ansible/roles/baremetal/tasks/pre-install.yml
@@ -127,7 +127,6 @@
   file:
     path: "{{ node_config_directory }}"
     state: directory
-    recurse: yes
     owner: kolla
     group: kolla
     mode: 0755
@@ -138,7 +137,6 @@
   file:
     path: "{{ node_config_directory }}"
     state: directory
-    recurse: yes
-    mode: 0644
+    mode: 0755
   become: True
   when: not create_kolla_user | bool