Comment 2 for bug 1821599

Reviewed: https://review.openstack.org/647514
Committed: https://git.openstack.org/cgit/openstack/kolla-ansible/commit/?id=6b0be5c5bacd91bb94ec6b75715affb9777e568d
Submitter: Zuul
Branch: master

commit 6b0be5c5bacd91bb94ec6b75715affb9777e568d
Author: Mark Goddard <email address hidden>
Date: Mon Mar 25 14:16:45 2019 +0000

    Remove recurse: yes for owner/perms on /etc/kolla

    When kolla-ansible bootstrap-servers is run, it executes one of the
    following two tasks:

    - name: Ensure node_config_directory directory exists for user kolla
      file:
        path: "{{ node_config_directory }}"
        state: directory
        recurse: true
        owner: "{{ kolla_user }}"
        group: "{{ kolla_group }}"
        mode: "0755"
      become: True
      when: create_kolla_user | bool

    - name: Ensure node_config_directory directory exists
      file:
        path: "{{ node_config_directory }}"
        state: directory
        recurse: true
        mode: "0755"
      become: True
      when: not create_kolla_user | bool

    On the first run, normally node_config_directory (/etc/kolla/) doesn't
    exist, so it is created with kolla:kolla ownership and 0755 permissions.

    If we then run 'kolla-ansible deploy', config files are created for
    containers in this directory, e.g. /etc/kolla/nova-compute/. Permissions
    for those files should be set according to 'config_owner_user' and
    'config_owner_group'.

    If at some point we again run kolla-ansible bootstrap-servers, it will
    recursively set the ownership and permissions of all files in /etc/kolla
    to kolla:kolla / 0755.

    The solution is to change bootstrap-servers to not set the owner and
    permissions recursively. It's also arguable that /etc/kolla should be
    owned by 'config_owner_user' and 'config_owner_group', rather than
    kolla:kolla, although that's a separate issue.

    Change-Id: I24668914a9cedc94d5a6cb835648740ce9ce6e39
    Closes-Bug: #1821599