Giuseppe Lavagetto has uploaded a new change for review.
https://gerrit.wikimedia.org/r/289370
Change subject: openstack: allow unprivileged users to access nova logs
......................................................................
openstack: allow unprivileged users to access nova logs
We now allow to grant a specific group of users to own the log directory
/var/log/nova instead of 'adm', which we do not need anyways as we do
not set use_syslog=True in nova confgurations.
Bug: T133992
Change-Id: I5fe5575c5f57ebc5590ba7f756f9efd48d24d531
---
M modules/openstack/manifests/common.pp
1 file changed, 9 insertions(+), 1 deletion(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/70/289370/1
diff --git a/modules/openstack/manifests/common.pp
b/modules/openstack/manifests/common.pp
index 505eec0..f42f2ba 100644
--- a/modules/openstack/manifests/common.pp
+++ b/modules/openstack/manifests/common.pp
@@ -9,7 +9,7 @@
$instance_status_wiki_user,
$instance_status_wiki_pass,
$openstack_version=$::openstack::version,
- ) {
+ ) {
include openstack::repo
@@ -32,6 +32,14 @@
require_package($packages)
+ # Allow unprivileged users to look at nova logs
+ file { '/var/log/nova':
+ ensure => directory,
+ owner => 'root',
+ group => hiera('openstack::log_group', 'adm'),
+ mode => '0750',
+ }
+
file {
'/etc/nova/nova.conf':
content =>
template("openstack/${openstack_version}/nova/nova.conf.erb"),
--
To view, visit https://gerrit.wikimedia.org/r/289370
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I5fe5575c5f57ebc5590ba7f756f9efd48d24d531
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Giuseppe Lavagetto <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
