Make the shade cache and groups writable by admin

In order for individuals to be able to run launch node commands without becoming root, make these group owned and group writeable by admin. Change-Id: I0a2fa336919be24d41a6a9c0a88b91a87536cbcc
2016-03-09 11:37:12 -06:00 · 2016-03-09 11:37:12 -06:00 · 8b3bb61ae7
commit 8b3bb61ae7
parent e8e201cc75
1 changed files with 26 additions and 2 deletions
--- a/modules/openstack_project/manifests/puppetmaster.pp
+++ b/modules/openstack_project/manifests/puppetmaster.pp
@ -233,6 +233,9 @@ class openstack_project::puppetmaster (

  file { '/etc/ansible/hosts':
    ensure  => directory,
+    owner   => 'root',
+    group   => 'admin',
+    mode    => '0755',
  }

  file { '/etc/ansible/hosts/puppet':
@ -255,8 +258,15 @@ class openstack_project::puppetmaster (
  file { '/etc/ansible/hosts/emergency':
    ensure  => present,
    owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
+    group   => 'admin',
+    mode    => '0664',
+  }
+
+  file { '/etc/ansible/hosts/generated-groups':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'admin',
+    mode    => '0664',
  }

  file { '/etc/ansible/hosts/infracloud':
@ -275,6 +285,20 @@ class openstack_project::puppetmaster (
    notify => Exec['expand_groups'],
  }

+  file { '/var/cache/ansible-inventory':
+    ensure  => directory,
+    owner   => 'root',
+    group   => 'admin',
+    mode    => '2775',
+  }
+
+  file { '/var/cache/ansible-inventory/ansible-inventory.cache':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'admin',
+    mode    => '0664',
+  }
+
  file { '/usr/local/bin/expand-groups.sh':
    owner  => 'root',
    group  => 'root',