alertmanager/prometheus: fix owner/group

Set the owner/group on alertmanager and prometheus directories and files to nobody and nogroup (uid and gid 65534) to avoid permission issues. Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1901543 Signed-off-by: Dimitri Savineau <dsavinea@redhat.com>
ceph · Nov 27, 2020 · eb452d3 · eb452d3
1 parent 239a142
commit eb452d3
Showing 1 changed file with 9 additions and 4 deletions.
diff --git a/roles/ceph-prometheus/tasks/main.yml b/roles/ceph-prometheus/tasks/main.yml
@@ -4,6 +4,7 @@
     path: "{{ item }}"
     state: directory
     owner: "{{ prometheus_user_id }}"
+    group: "{{ prometheus_user_id }}"
   with_items:
    - "{{ prometheus_conf_dir }}"
    - "{{ prometheus_data_dir }}"
@@ -13,28 +14,31 @@
     src: prometheus.yml.j2
     dest: "{{ prometheus_conf_dir }}/prometheus.yml"
     owner: "{{ prometheus_user_id }}"
+    group: "{{ prometheus_user_id }}"
     mode: 0640
   notify: service handler
 
 - name: make sure the alerting rules directory exists
   file:
     path: "/etc/prometheus/alerting/"
     state: directory
-    recurse: yes
+    owner: "{{ prometheus_user_id }}"
+    group: "{{ prometheus_user_id }}"
 
 - name: copy alerting rules
   copy:
     src: "ceph_dashboard.yml"
     dest: "/etc/prometheus/alerting/ceph_dashboard.yml"
-    owner: root
-    group: root
+    owner: "{{ prometheus_user_id }}"
+    group: "{{ prometheus_user_id }}"
     mode: 0644
 
 - name: create alertmanager directories
   file:
     path: "{{ item }}"
     state: directory
-    owner: "root"
+    owner: "{{ prometheus_user_id }}"
+    group: "{{ prometheus_user_id }}"
   with_items:
    - "{{ alertmanager_conf_dir }}"
    - "{{ alertmanager_data_dir }}"
@@ -44,6 +48,7 @@
     src: alertmanager.yml.j2
     dest: "{{ alertmanager_conf_dir }}/alertmanager.yml"
     owner: "{{ prometheus_user_id }}"
+    group: "{{ prometheus_user_id }}"
     mode: 0640
   notify: service handler