runner

2.2 KB•YML

fix-permissions.yml

2.2 KB • 66 lines • yaml

1---
2# Runner Services - Fix Directory Permissions
3# This task file fixes existing directory permissions to ensure proper group ownership and inheritance
4
5- name: Ensure /docker base directory has correct ownership and permissions
6  file:
7    path: /docker
8    state: directory
9    owner: ansible
10    group: users
11    mode: '2775'  # 2 sets the setgid bit
12  become: yes
13
14- name: Fix ownership and permissions for all runner directories
15  file:
16    path: "{{ item }}"
17    state: directory
18    owner: "{{ runner_user }}"
19    group: "{{ runner_group }}"
20    mode: '2775'  # 2 sets the setgid bit
21    recurse: yes
22  loop: "{{ runner_config_directories }}"
23  become: yes
24  ignore_errors: yes  # In case some directories don't exist yet
25
26- name: Create NFS mount directories (no permission changes on NFS mounts)
27  file:
28    path: "{{ item }}"
29    state: directory
30    # DO NOT set ownership/permissions on NFS mount points - managed by NFS server
31  loop: "{{ runner_nfs_directories }}"
32  become: yes
33  ignore_errors: yes
34
35- name: Set special permissions for Frigate config file
36  file:
37    path: "{{ frigate_config_dir }}/config/config.yml"
38    owner: "{{ runner_user }}"
39    group: "{{ runner_group }}"
40    mode: '0777'
41  become: yes
42  when: frigate_enabled
43  ignore_errors: yes  # In case file doesn't exist yet
44
45- name: Verify /docker directory permissions
46  stat:
47    path: /docker
48  register: docker_dir_stat
49  become: yes
50
51# Note: Individual service directories are checked as part of runner_config_directories
52
53- name: Display permission fix results
54  debug:
55    msg: |
56      Directory Permission Fix Results:
57      - /docker exists: {{ docker_dir_stat.stat.exists }}
58      - /docker owner:group: {{ docker_dir_stat.stat.pw_name | default('N/A') }}:{{ docker_dir_stat.stat.gr_name | default('N/A') }}
59      - /docker mode: {{ docker_dir_stat.stat.mode | default('N/A') }}
60      - Service directories checked: {{ runner_config_directories | length }} directories
61      - All service-specific directories under /docker/[service] pattern
62      
63      Expected results:
64      - All directories should be owned by {{ runner_user }}:{{ runner_group }}
65      - All directories should have mode 2775 (group sticky bit set)
66      - Frigate config should have mode 777 if enabled

1--- 2# Runner Services - Fix Directory Permissions 3# This task file fixes existing directory permissions to ensure proper group ownership and inheritance 4 5- name: Ensure /docker base directory has correct ownership and permissions 6 file: 7 path: /docker 8 state: directory 9 owner: ansible 10 group: users 11 mode: '2775' # 2 sets the setgid bit 12 become: yes 13 14- name: Fix ownership and permissions for all runner directories 15 file: 16 path: "{{ item }}" 17 state: directory 18 owner: "{{ runner_user }}" 19 group: "{{ runner_group }}" 20 mode: '2775' # 2 sets the setgid bit 21 recurse: yes 22 loop: "{{ runner_config_directories }}" 23 become: yes 24 ignore_errors: yes # In case some directories don't exist yet 25 26- name: Create NFS mount directories (no permission changes on NFS mounts) 27 file: 28 path: "{{ item }}" 29 state: directory 30 # DO NOT set ownership/permissions on NFS mount points - managed by NFS server 31 loop: "{{ runner_nfs_directories }}" 32 become: yes 33 ignore_errors: yes 34 35- name: Set special permissions for Frigate config file 36 file: 37 path: "{{ frigate_config_dir }}/config/config.yml" 38 owner: "{{ runner_user }}" 39 group: "{{ runner_group }}" 40 mode: '0777' 41 become: yes 42 when: frigate_enabled 43 ignore_errors: yes # In case file doesn't exist yet 44 45- name: Verify /docker directory permissions 46 stat: 47 path: /docker 48 register: docker_dir_stat 49 become: yes 50 51# Note: Individual service directories are checked as part of runner_config_directories 52 53- name: Display permission fix results 54 debug: 55 msg: | 56 Directory Permission Fix Results: 57 - /docker exists: {{ docker_dir_stat.stat.exists }} 58 - /docker owner:group: {{ docker_dir_stat.stat.pw_name | default('N/A') }}:{{ docker_dir_stat.stat.gr_name | default('N/A') }} 59 - /docker mode: {{ docker_dir_stat.stat.mode | default('N/A') }} 60 - Service directories checked: {{ runner_config_directories | length }} directories 61 - All service-specific directories under /docker/[service] pattern 62 63 Expected results: 64 - All directories should be owned by {{ runner_user }}:{{ runner_group }} 65 - All directories should have mode 2775 (group sticky bit set) 66 - Frigate config should have mode 777 if enabled