aboutsummaryrefslogtreecommitdiff
path: root/roles/baikal
diff options
context:
space:
mode:
Diffstat (limited to 'roles/baikal')
-rw-r--r--roles/baikal/tasks/main.yml15
1 files changed, 7 insertions, 8 deletions
diff --git a/roles/baikal/tasks/main.yml b/roles/baikal/tasks/main.yml
index f00e902..c84ad29 100644
--- a/roles/baikal/tasks/main.yml
+++ b/roles/baikal/tasks/main.yml
@@ -1,18 +1,17 @@
---
# Baikal needs rw permissions on *config/* for *nginx* user.
# The *nginx* user in the container has uid=101.
-# uid mapping with userns works as follows
-# root uid=0 (rootless container) -> user uid on hosts
-# .... uid=1 (rootless container) -> user first subuid
-#
-# => uid=101 (rootless container) -> user subuid + 100
-- name: HACK to satify baikal container
+- name: Change permissions of baikal files to nginx in namespace
ansible.builtin.file:
path: "{{ DATA_ROOT }}/baikal/config"
recurse: true
- owner: 100100
- group: 100100
+ owner: 101
+ group: 101
become: true
+ become_method: containers.podman.podman_unshare
+ # By default become user is 'root'.
+ # https://github.com/containers/ansible-podman-collections/issues/529
+ become_user: "{{ USER }}"
- name: Baikal
containers.podman.podman_container: