Fix workstation monitoring permissions issues post-upgrade (#371)

wtripp180901 · sd109 · web-flow · commit 47af052ba29e · 2025-10-08T15:13:52.000+01:00
* fix workstation monitoring permissions issues post-upgrade

* typo

* fixed incorrect modules + idempotency issues

* review comments

Co-authored-by: Scott Davidson &lt;49713135+sd109@users.noreply.github.com&gt;

---------

Co-authored-by: Scott Davidson &lt;49713135+sd109@users.noreply.github.com&gt;
diff --git a/ansible/roles/linux-data-volumes/files/data-volumes-configure-volume.yml b/ansible/roles/linux-data-volumes/files/data-volumes-configure-volume.yml
@@ -67,3 +67,17 @@
     state: mounted
     fstype: "{{ data_volume.get('fs_type', 'ext4') }}"
     opts: "{{ data_volume.get('opts', omit) }}"
+
+# Workaround for https://github.com/azimuth-cloud/azimuth-images/issues/370
+- name: Ensure permissions for mount
+  ansible.builtin.file:
+    path: "{{ item }}"
+    state: directory
+    owner: root
+    group: root
+    mode: "0755"
+  loop:
+    - "{{ data_volume.mountpoint }}"
+    - "{{ data_volume.mountpoint }}/lost+found"
+  # Avoid making changes Zenith data volume
+  when: data_volume.mountpoint == "/data"
diff --git a/ansible/roles/linux-monitoring/files/monitoring-playbook.yml b/ansible/roles/linux-monitoring/files/monitoring-playbook.yml
@@ -23,6 +23,16 @@
         regexp: "{{ ansible_hostname }}"
         line: "{{ ansible_default_ipv4.address }} {{ ansible_hostname }}"
 
+    # Workaround for https://github.com/azimuth-cloud/azimuth-images/issues/370
+    - name: Ensure Prometheus parent directory with correct permissions
+      ansible.builtin.file:
+        path: /data/prometheus
+        state: directory
+        owner: "{{ prometheus_podman_user }}"
+        group: "{{ prometheus_podman_user }}"
+        recurse: true
+        mode: "0755"
+
     - name: Ensure Prometheus data directory exists
       ansible.builtin.file:
         path: "{{ prometheus_data }}"
@@ -31,6 +41,25 @@
         group: "{{ prometheus_podman_user }}"
         mode: "0755"
 
+    # Workaround for https://github.com/azimuth-cloud/azimuth-images/issues/370
+    - name: Check for existing Prometheus data files
+      ansible.builtin.stat:
+        path: "{{ prometheus_data }}/{{ item }}"
+      loop:
+        - lock
+        - queries.active
+      register: _prom_files
+
+    - name: Ensure permissions on Prometheus data files
+      ansible.builtin.file:
+        path: "{{ item.stat.path }}"
+        state: file
+        owner: "{{ prometheus_podman_user }}"
+        group: "{{ prometheus_podman_user }}"
+        mode: "0644"
+      loop: "{{ _prom_files.results }}"
+      when: item.stat.exists
+
     - name: Write Prometheus configuration file
       ansible.builtin.copy:
         content: "{{ prometheus_config | to_nice_yaml() }}"
