diff options
| -rw-r--r-- | roles/baikal/tasks/main.yml | 15 |
1 files changed, 7 insertions, 8 deletions
diff --git a/roles/baikal/tasks/main.yml b/roles/baikal/tasks/main.yml index f00e902..c84ad29 100644 --- a/roles/baikal/tasks/main.yml +++ b/roles/baikal/tasks/main.yml @@ -1,18 +1,17 @@ --- # Baikal needs rw permissions on *config/* for *nginx* user. # The *nginx* user in the container has uid=101. -# uid mapping with userns works as follows -# root uid=0 (rootless container) -> user uid on hosts -# .... uid=1 (rootless container) -> user first subuid -# -# => uid=101 (rootless container) -> user subuid + 100 -- name: HACK to satify baikal container +- name: Change permissions of baikal files to nginx in namespace ansible.builtin.file: path: "{{ DATA_ROOT }}/baikal/config" recurse: true - owner: 100100 - group: 100100 + owner: 101 + group: 101 become: true + become_method: containers.podman.podman_unshare + # By default become user is 'root'. + # https://github.com/containers/ansible-podman-collections/issues/529 + become_user: "{{ USER }}" - name: Baikal containers.podman.podman_container: |