From ca7c840d8c80d87763f860d08b0585fcfbce7943 Mon Sep 17 00:00:00 2001
From: Christian Adams <chadams@redhat.com>
Date: Mon, 13 Apr 2020 19:33:23 -0400
Subject: [PATCH] Fix permissions on rsyslog.conf for k8s

---
 awx/main/constants.py                                  | 2 +-
 installer/roles/image_build/tasks/main.yml             | 2 +-
 installer/roles/kubernetes/templates/deployment.yml.j2 | 6 ++++++
 3 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/awx/main/constants.py b/awx/main/constants.py
index 4c98d264dd..c32280df08 100644
--- a/awx/main/constants.py
+++ b/awx/main/constants.py
@@ -38,7 +38,7 @@ ENV_BLACKLIST = frozenset((
     'AD_HOC_COMMAND_ID', 'REST_API_URL', 'REST_API_TOKEN', 'MAX_EVENT_RES',
     'CALLBACK_QUEUE', 'CALLBACK_CONNECTION', 'CACHE',
     'JOB_CALLBACK_DEBUG', 'INVENTORY_HOSTVARS',
-    'AWX_HOST', 'PROJECT_REVISION'
+    'AWX_HOST', 'PROJECT_REVISION', 'SUPERVISOR_WEB_CONFIG_PATH'
 ))
 
 # loggers that may be called in process of emitting a log
diff --git a/installer/roles/image_build/tasks/main.yml b/installer/roles/image_build/tasks/main.yml
index be2a66f11d..428076782d 100644
--- a/installer/roles/image_build/tasks/main.yml
+++ b/installer/roles/image_build/tasks/main.yml
@@ -148,7 +148,7 @@
   copy:
     src: rsyslog.conf
     dest: "{{ docker_base_path }}/rsyslog.conf"
-    mode: '0700'
+    mode: '0660'
   delegate_to: localhost
 
 - name: Stage supervisor.conf
diff --git a/installer/roles/kubernetes/templates/deployment.yml.j2 b/installer/roles/kubernetes/templates/deployment.yml.j2
index 30afe9f0d5..0b6313987d 100644
--- a/installer/roles/kubernetes/templates/deployment.yml.j2
+++ b/installer/roles/kubernetes/templates/deployment.yml.j2
@@ -98,6 +98,8 @@ spec:
               mountPath: "/var/run/supervisor"
             - name: rsyslog-socket
               mountPath: "/var/run/rsyslog"
+            - name: rsyslog-dir
+              mountPath: "/var/lib/awx/rsyslog"
 {% if ca_trust_dir is defined %}
             - name: {{ kubernetes_deployment_name }}-ca-trust-dir
               mountPath: "/etc/pki/ca-trust/source/anchors/"
@@ -182,6 +184,8 @@ spec:
               mountPath: "/var/run/supervisor"
             - name: rsyslog-socket
               mountPath: "/var/run/rsyslog"
+            - name: rsyslog-dir
+              mountPath: "/var/lib/awx/rsyslog"
 {% if ca_trust_dir is defined %}
             - name: {{ kubernetes_deployment_name }}-ca-trust-dir
               mountPath: "/etc/pki/ca-trust/source/anchors/"
@@ -327,6 +331,8 @@ spec:
           emptyDir: {}
         - name: rsyslog-socket
           emptyDir: {}
+        - name: rsyslog-dir
+          emptyDir: {}
 {% if ca_trust_dir is defined %}
         - name: {{ kubernetes_deployment_name }}-ca-trust-dir
           hostPath: