From 69c2b667b89b92b3eac6463186eeb5a163eaf7b3 Mon Sep 17 00:00:00 2001 From: Johannes Stoelp Date: Thu, 8 Dec 2022 22:27:34 +0100 Subject: baikal: use podman unshare to fixup file permissions instead of hard coded subuid values --- roles/baikal/tasks/main.yml | 15 +++++++-------- 1 file changed, 7 insertions(+), 8 deletions(-) (limited to 'roles/baikal/tasks/main.yml') diff --git a/roles/baikal/tasks/main.yml b/roles/baikal/tasks/main.yml index f00e902..c84ad29 100644 --- a/roles/baikal/tasks/main.yml +++ b/roles/baikal/tasks/main.yml @@ -1,18 +1,17 @@ --- # Baikal needs rw permissions on *config/* for *nginx* user. # The *nginx* user in the container has uid=101. -# uid mapping with userns works as follows -# root uid=0 (rootless container) -> user uid on hosts -# .... uid=1 (rootless container) -> user first subuid -# -# => uid=101 (rootless container) -> user subuid + 100 -- name: HACK to satify baikal container +- name: Change permissions of baikal files to nginx in namespace ansible.builtin.file: path: "{{ DATA_ROOT }}/baikal/config" recurse: true - owner: 100100 - group: 100100 + owner: 101 + group: 101 become: true + become_method: containers.podman.podman_unshare + # By default become user is 'root'. + # https://github.com/containers/ansible-podman-collections/issues/529 + become_user: "{{ USER }}" - name: Baikal containers.podman.podman_container: -- cgit v1.2.3