From 274291463e99eab805a4265adc856c1bffafa9ad Mon Sep 17 00:00:00 2001 From: James McCarthy Date: Wed, 15 Mar 2017 07:24:33 +0000 Subject: [PATCH] Change default permissions in jinja templates. Many of the templates use 600, remove unnecessary permission on these templates to bring them in line with the others. Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27 --- ansible/roles/ceilometer/templates/ceilometer-api.json.j2 | 2 +- ansible/roles/chrony/templates/chrony.json.j2 | 2 +- ansible/roles/common/templates/cron.json.j2 | 4 ++-- ansible/roles/gnocchi/templates/gnocchi-api.json.j2 | 2 +- ansible/roles/haproxy/templates/haproxy.json.j2 | 2 +- ansible/roles/haproxy/templates/keepalived.json.j2 | 2 +- ansible/roles/horizon/templates/horizon.json.j2 | 4 ++-- ansible/roles/ironic/templates/ironic-pxe.json.j2 | 6 +++--- ansible/roles/karbor/templates/karbor-api.json.j2 | 2 +- .../roles/karbor/templates/karbor-operationengine.json.j2 | 2 +- ansible/roles/karbor/templates/karbor-protection.json.j2 | 4 ++-- ansible/roles/keystone/templates/keystone-fernet.json.j2 | 2 +- ansible/roles/keystone/templates/keystone-ssh.json.j2 | 2 +- ansible/roles/keystone/templates/keystone.json.j2 | 2 +- ansible/roles/mistral/templates/mistral-api.json.j2 | 2 +- ansible/roles/mistral/templates/mistral-engine.json.j2 | 2 +- ansible/roles/mistral/templates/mistral-executor.json.j2 | 2 +- ansible/roles/mongodb/templates/mongodb.json.j2 | 2 +- ansible/roles/nova/templates/nova-libvirt.json.j2 | 4 ++-- ansible/roles/nova/templates/nova-ssh.json.j2 | 2 +- ansible/roles/nova/templates/placement-api.json.j2 | 2 +- ansible/roles/solum/templates/solum-api.json.j2 | 2 +- ansible/roles/solum/templates/solum-conductor.json.j2 | 2 +- ansible/roles/solum/templates/solum-deployer.json.j2 | 2 +- ansible/roles/solum/templates/solum-worker.json.j2 | 2 +- ansible/roles/watcher/templates/watcher-api.json.j2 | 2 +- ansible/roles/watcher/templates/watcher-applier.json.j2 | 2 +- ansible/roles/watcher/templates/watcher-engine.json.j2 | 2 +- 28 files changed, 34 insertions(+), 34 deletions(-) diff --git a/ansible/roles/ceilometer/templates/ceilometer-api.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-api.json.j2 index 0f8f16b86a..271d5e0f79 100644 --- a/ansible/roles/ceilometer/templates/ceilometer-api.json.j2 +++ b/ansible/roles/ceilometer/templates/ceilometer-api.json.j2 @@ -14,7 +14,7 @@ "source": "{{ container_config_directory }}/wsgi-ceilometer-api.conf", "dest": "/etc/{{ apache_dir }}/{{ apache_file }}", "owner": "ceilometer", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/policy.json", diff --git a/ansible/roles/chrony/templates/chrony.json.j2 b/ansible/roles/chrony/templates/chrony.json.j2 index f082b6d897..03f3ee9c7a 100644 --- a/ansible/roles/chrony/templates/chrony.json.j2 +++ b/ansible/roles/chrony/templates/chrony.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/chrony.conf", "dest": "/etc/chrony/chrony.conf", "owner": "chrony", - "perm": "0644" + "perm": "0600" } ] } diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2 index d3b3422faf..5f5a762d95 100644 --- a/ansible/roles/common/templates/cron.json.j2 +++ b/ansible/roles/common/templates/cron.json.j2 @@ -57,14 +57,14 @@ "source": "{{ container_config_directory }}/logrotate/global.conf", "dest": "/etc/logrotate.conf", "owner": "root", - "perm": "0644" + "perm": "0600" }, {% for service, enabled in services if enabled | bool %} { "source": "{{ container_config_directory }}/logrotate/{{ service }}.conf", "dest": "/etc/logrotate.d/{{ service }}.conf", "owner": "root", - "perm": "0644" + "perm": "0600" }{{ ',' if not loop.last else '' }} {% endfor %} diff --git a/ansible/roles/gnocchi/templates/gnocchi-api.json.j2 b/ansible/roles/gnocchi/templates/gnocchi-api.json.j2 index 3a9d85d99a..f7dc1a338c 100644 --- a/ansible/roles/gnocchi/templates/gnocchi-api.json.j2 +++ b/ansible/roles/gnocchi/templates/gnocchi-api.json.j2 @@ -13,7 +13,7 @@ "source": "{{ container_config_directory }}/wsgi-gnocchi.conf", "dest": "/etc/{{ gnocchi_dir }}/wsgi-gnocchi.conf", "owner": "gnocchi", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/policy.json", diff --git a/ansible/roles/haproxy/templates/haproxy.json.j2 b/ansible/roles/haproxy/templates/haproxy.json.j2 index c95dd77031..9e0d2808f8 100644 --- a/ansible/roles/haproxy/templates/haproxy.json.j2 +++ b/ansible/roles/haproxy/templates/haproxy.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/haproxy.cfg", "dest": "/etc/haproxy/haproxy.cfg", "owner": "root", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/haproxy.pem", diff --git a/ansible/roles/haproxy/templates/keepalived.json.j2 b/ansible/roles/haproxy/templates/keepalived.json.j2 index 63a760c675..3bcafd3189 100644 --- a/ansible/roles/haproxy/templates/keepalived.json.j2 +++ b/ansible/roles/haproxy/templates/keepalived.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/keepalived.conf", "dest": "/etc/keepalived/keepalived.conf", "owner": "root", - "perm": "0644" + "perm": "0600" } ] } diff --git a/ansible/roles/horizon/templates/horizon.json.j2 b/ansible/roles/horizon/templates/horizon.json.j2 index 95e2fca2f7..3436421a29 100644 --- a/ansible/roles/horizon/templates/horizon.json.j2 +++ b/ansible/roles/horizon/templates/horizon.json.j2 @@ -33,7 +33,7 @@ "source": "{{ container_config_directory }}/horizon.conf", "dest": "/etc/{{ apache_dir }}/{{ apache_file }}", "owner": "horizon", - "perm": "0644" + "perm": "0600" }, {% for service, enabled in services if enabled | bool %} { @@ -48,7 +48,7 @@ "source": "{{ container_config_directory }}/local_settings", "dest": "/etc/openstack-dashboard/local_settings", "owner": "horizon", - "perm": "0644" + "perm": "0600" } ] } diff --git a/ansible/roles/ironic/templates/ironic-pxe.json.j2 b/ansible/roles/ironic/templates/ironic-pxe.json.j2 index 536d8fad77..b26cd5755f 100644 --- a/ansible/roles/ironic/templates/ironic-pxe.json.j2 +++ b/ansible/roles/ironic/templates/ironic-pxe.json.j2 @@ -6,20 +6,20 @@ "source": "{{ container_config_directory }}/ironic-agent.kernel", "dest": "/tftpboot/ironic-agent.kernel", "owner": "root", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/ironic-agent.initramfs", "dest": "/tftpboot/ironic-agent.initramfs", "owner": "root", - "perm": "0644" + "perm": "0600" }, {% endif %} { "source": "{{ container_config_directory }}/default", "dest": "/tftpboot/pxelinux.cfg/default", "owner": "root", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/karbor/templates/karbor-api.json.j2 b/ansible/roles/karbor/templates/karbor-api.json.j2 index cc67e710e9..ccb784eaed 100644 --- a/ansible/roles/karbor/templates/karbor-api.json.j2 +++ b/ansible/roles/karbor/templates/karbor-api.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/karbor.conf", "dest": "/etc/karbor/karbor.conf", "owner": "karbor", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/karbor/templates/karbor-operationengine.json.j2 b/ansible/roles/karbor/templates/karbor-operationengine.json.j2 index d07e481fcd..f61498ce65 100644 --- a/ansible/roles/karbor/templates/karbor-operationengine.json.j2 +++ b/ansible/roles/karbor/templates/karbor-operationengine.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/karbor.conf", "dest": "/etc/karbor/karbor.conf", "owner": "karbor", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/karbor/templates/karbor-protection.json.j2 b/ansible/roles/karbor/templates/karbor-protection.json.j2 index 4094d4f447..304aece619 100644 --- a/ansible/roles/karbor/templates/karbor-protection.json.j2 +++ b/ansible/roles/karbor/templates/karbor-protection.json.j2 @@ -5,13 +5,13 @@ "source": "{{ container_config_directory }}/karbor.conf", "dest": "/etc/karbor/karbor.conf", "owner": "karbor", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/providers.d/openstack-infra.conf", "dest": "/etc/karbor/providers.d/openstack-infra.conf", "owner": "karbor", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/keystone/templates/keystone-fernet.json.j2 b/ansible/roles/keystone/templates/keystone-fernet.json.j2 index f1019a5374..c7aa50e18d 100644 --- a/ansible/roles/keystone/templates/keystone-fernet.json.j2 +++ b/ansible/roles/keystone/templates/keystone-fernet.json.j2 @@ -11,7 +11,7 @@ "source": "{{ container_config_directory }}/crontab", "dest": "/var/spool/cron/crontabs/root/fernet-cron", "owner": "root", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/fernet-rotate.sh", diff --git a/ansible/roles/keystone/templates/keystone-ssh.json.j2 b/ansible/roles/keystone/templates/keystone-ssh.json.j2 index c13e0eda60..ca016f8223 100644 --- a/ansible/roles/keystone/templates/keystone-ssh.json.j2 +++ b/ansible/roles/keystone/templates/keystone-ssh.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/sshd_config", "dest": "/etc/ssh/sshd_config", "owner": "root", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/id_rsa.pub", diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2 index 3cd7921116..0d5d95facc 100644 --- a/ansible/roles/keystone/templates/keystone.json.j2 +++ b/ansible/roles/keystone/templates/keystone.json.j2 @@ -33,7 +33,7 @@ "source": "{{ container_config_directory }}/wsgi-keystone.conf", "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf", "owner": "keystone", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/mistral/templates/mistral-api.json.j2 b/ansible/roles/mistral/templates/mistral-api.json.j2 index 2b5c5c4022..aa565a0fba 100644 --- a/ansible/roles/mistral/templates/mistral-api.json.j2 +++ b/ansible/roles/mistral/templates/mistral-api.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/mistral.conf", "dest": "/etc/mistral/mistral.conf", "owner": "mistral", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/policy.json", diff --git a/ansible/roles/mistral/templates/mistral-engine.json.j2 b/ansible/roles/mistral/templates/mistral-engine.json.j2 index bf3df91863..3393d275b1 100644 --- a/ansible/roles/mistral/templates/mistral-engine.json.j2 +++ b/ansible/roles/mistral/templates/mistral-engine.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/mistral.conf", "dest": "/etc/mistral/mistral.conf", "owner": "mistral", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/policy.json", diff --git a/ansible/roles/mistral/templates/mistral-executor.json.j2 b/ansible/roles/mistral/templates/mistral-executor.json.j2 index 091818ad59..8a1f438e49 100644 --- a/ansible/roles/mistral/templates/mistral-executor.json.j2 +++ b/ansible/roles/mistral/templates/mistral-executor.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/mistral.conf", "dest": "/etc/mistral/mistral.conf", "owner": "mistral", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/policy.json", diff --git a/ansible/roles/mongodb/templates/mongodb.json.j2 b/ansible/roles/mongodb/templates/mongodb.json.j2 index e9792efbd8..edb530ee23 100644 --- a/ansible/roles/mongodb/templates/mongodb.json.j2 +++ b/ansible/roles/mongodb/templates/mongodb.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/mongodb.conf", "dest": "/etc/mongodb.conf", "owner": "mongodb", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/nova/templates/nova-libvirt.json.j2 b/ansible/roles/nova/templates/nova-libvirt.json.j2 index aa19f7a396..8ce0da1676 100644 --- a/ansible/roles/nova/templates/nova-libvirt.json.j2 +++ b/ansible/roles/nova/templates/nova-libvirt.json.j2 @@ -5,13 +5,13 @@ "source": "{{ container_config_directory }}/libvirtd.conf", "dest": "/etc/libvirt/libvirtd.conf", "owner": "root", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/qemu.conf", "dest": "/etc/libvirt/qemu.conf", "owner": "root", - "perm": "0644" + "perm": "0600" }{% if nova_backend == "rbd" %}, { "source": "{{ container_config_directory }}/secrets", diff --git a/ansible/roles/nova/templates/nova-ssh.json.j2 b/ansible/roles/nova/templates/nova-ssh.json.j2 index 1fb041ecc9..f31f6d95e0 100644 --- a/ansible/roles/nova/templates/nova-ssh.json.j2 +++ b/ansible/roles/nova/templates/nova-ssh.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/sshd_config", "dest": "/etc/ssh/sshd_config", "owner": "root", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/ssh_config", diff --git a/ansible/roles/nova/templates/placement-api.json.j2 b/ansible/roles/nova/templates/placement-api.json.j2 index 10ff1cfaac..fba578a84f 100644 --- a/ansible/roles/nova/templates/placement-api.json.j2 +++ b/ansible/roles/nova/templates/placement-api.json.j2 @@ -20,7 +20,7 @@ "source": "{{ container_config_directory }}/placement-api-wsgi.conf", "dest": "/etc/{{ apache_conf_dir }}/placement-api-wsgi.conf", "owner": "nova", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/solum/templates/solum-api.json.j2 b/ansible/roles/solum/templates/solum-api.json.j2 index 68afad6686..866dcd8132 100644 --- a/ansible/roles/solum/templates/solum-api.json.j2 +++ b/ansible/roles/solum/templates/solum-api.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/solum.conf", "dest": "/etc/solum/solum.conf", "owner": "solum", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/solum/templates/solum-conductor.json.j2 b/ansible/roles/solum/templates/solum-conductor.json.j2 index 2fef4bc3cf..0106030a28 100644 --- a/ansible/roles/solum/templates/solum-conductor.json.j2 +++ b/ansible/roles/solum/templates/solum-conductor.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/solum.conf", "dest": "/etc/solum/solum.conf", "owner": "solum", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/solum/templates/solum-deployer.json.j2 b/ansible/roles/solum/templates/solum-deployer.json.j2 index 53d8fc5aee..228f42bdad 100644 --- a/ansible/roles/solum/templates/solum-deployer.json.j2 +++ b/ansible/roles/solum/templates/solum-deployer.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/solum.conf", "dest": "/etc/solum/solum.conf", "owner": "solum", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/solum/templates/solum-worker.json.j2 b/ansible/roles/solum/templates/solum-worker.json.j2 index 35afc47d77..2a883df8dd 100644 --- a/ansible/roles/solum/templates/solum-worker.json.j2 +++ b/ansible/roles/solum/templates/solum-worker.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/solum.conf", "dest": "/etc/solum/solum.conf", "owner": "solum", - "perm": "0644" + "perm": "0600" } ], "permissions": [ diff --git a/ansible/roles/watcher/templates/watcher-api.json.j2 b/ansible/roles/watcher/templates/watcher-api.json.j2 index 149ceb16f7..2d8233b21c 100644 --- a/ansible/roles/watcher/templates/watcher-api.json.j2 +++ b/ansible/roles/watcher/templates/watcher-api.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/watcher.conf", "dest": "/etc/watcher/watcher.conf", "owner": "watcher", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/policy.json", diff --git a/ansible/roles/watcher/templates/watcher-applier.json.j2 b/ansible/roles/watcher/templates/watcher-applier.json.j2 index 63292e2d78..7124824c3a 100644 --- a/ansible/roles/watcher/templates/watcher-applier.json.j2 +++ b/ansible/roles/watcher/templates/watcher-applier.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/watcher.conf", "dest": "/etc/watcher/watcher.conf", "owner": "watcher", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/policy.json", diff --git a/ansible/roles/watcher/templates/watcher-engine.json.j2 b/ansible/roles/watcher/templates/watcher-engine.json.j2 index deb285889b..f1d4d65f9d 100644 --- a/ansible/roles/watcher/templates/watcher-engine.json.j2 +++ b/ansible/roles/watcher/templates/watcher-engine.json.j2 @@ -5,7 +5,7 @@ "source": "{{ container_config_directory }}/watcher.conf", "dest": "/etc/watcher/watcher.conf", "owner": "watcher", - "perm": "0644" + "perm": "0600" }, { "source": "{{ container_config_directory }}/policy.json",