aboutsummaryrefslogtreecommitdiff
path: root/roles
diff options
context:
space:
mode:
authorJohannes Stoelp <johannes.stoelp@gmail.com>2022-12-08 22:27:34 +0100
committerJohannes Stoelp <johannes.stoelp@gmail.com>2022-12-08 22:27:34 +0100
commit69c2b667b89b92b3eac6463186eeb5a163eaf7b3 (patch)
tree2a7aad0ddecf7f484706f25c27c006c0a1065112 /roles
parent4bdfbf725d977442ab853731f362b6a61ef242df (diff)
downloadansible-memzero-69c2b667b89b92b3eac6463186eeb5a163eaf7b3.tar.gz
ansible-memzero-69c2b667b89b92b3eac6463186eeb5a163eaf7b3.zip
baikal: use podman unshare to fixup file permissions instead of hard coded subuid values
Diffstat (limited to 'roles')
-rw-r--r--roles/baikal/tasks/main.yml15
1 files changed, 7 insertions, 8 deletions
diff --git a/roles/baikal/tasks/main.yml b/roles/baikal/tasks/main.yml
index f00e902..c84ad29 100644
--- a/roles/baikal/tasks/main.yml
+++ b/roles/baikal/tasks/main.yml
@@ -1,18 +1,17 @@
---
# Baikal needs rw permissions on *config/* for *nginx* user.
# The *nginx* user in the container has uid=101.
-# uid mapping with userns works as follows
-# root uid=0 (rootless container) -> user uid on hosts
-# .... uid=1 (rootless container) -> user first subuid
-#
-# => uid=101 (rootless container) -> user subuid + 100
-- name: HACK to satify baikal container
+- name: Change permissions of baikal files to nginx in namespace
ansible.builtin.file:
path: "{{ DATA_ROOT }}/baikal/config"
recurse: true
- owner: 100100
- group: 100100
+ owner: 101
+ group: 101
become: true
+ become_method: containers.podman.podman_unshare
+ # By default become user is 'root'.
+ # https://github.com/containers/ansible-podman-collections/issues/529
+ become_user: "{{ USER }}"
- name: Baikal
containers.podman.podman_container:
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-21 19:16:39 +0000