diff --git a/ansible/roles/ironic/templates/ironic-api.json.j2 b/ansible/roles/ironic/templates/ironic-api.json.j2
index 621f0e29d4..d9b650dd88 100644
--- a/ansible/roles/ironic/templates/ironic-api.json.j2
+++ b/ansible/roles/ironic/templates/ironic-api.json.j2
@@ -7,5 +7,12 @@
             "owner": "ironic",
             "perm": "0600"
         }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/ironic"
+            "owner": "ironic:ironic",
+            "recurse": true
+        }
     ]
 }
diff --git a/ansible/roles/ironic/templates/ironic-conductor.json.j2 b/ansible/roles/ironic/templates/ironic-conductor.json.j2
index 68e5596f68..1118c5d246 100644
--- a/ansible/roles/ironic/templates/ironic-conductor.json.j2
+++ b/ansible/roles/ironic/templates/ironic-conductor.json.j2
@@ -7,5 +7,22 @@
             "owner": "ironic",
             "perm": "0600"
         }
+    ],
+    "permissions": [
+        {
+            "path": "/var/log/kolla/ironic",
+            "owner": "ironic:ironic",
+            "recurse": true
+        },
+        {
+            "path": "/var/lib/ironic",
+            "owner": "ironic:ironic",
+            "recurse": true
+        },
+        {
+            "path": "/tftpboot"
+            "owner": "ironic:ironic",
+            "recurse": true
+        }
     ]
 }