openstack/kolla-ansible
Code Issues Proposed changes

Merge "Change default permissions in jinja templates."

Browse Source
This commit is contained in:
Jenkins 2017-05-29 10:17:40 +00:00 committed by Gerrit Code Review
commit c93a63195d
28 changed files with 34 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/roles/ceilometer/templates/ceilometer-api.json.j2
View File

@ -14,7 +14,7 @@
"source": "{{ container_config_directory }}/wsgi-ceilometer-api.conf", "source": "{{ container_config_directory }}/wsgi-ceilometer-api.conf",
"dest": "/etc/{{ apache_dir }}/{{ apache_file }}", "dest": "/etc/{{ apache_dir }}/{{ apache_file }}",
"owner": "ceilometer", "owner": "ceilometer",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/policy.json",

2
ansible/roles/chrony/templates/chrony.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/chrony.conf", "source": "{{ container_config_directory }}/chrony.conf",
"dest": "/etc/chrony/chrony.conf", "dest": "/etc/chrony/chrony.conf",
"owner": "chrony", "owner": "chrony",
"perm": "0644" "perm": "0600"
} }
] ]
} }

4
ansible/roles/common/templates/cron.json.j2
View File

@ -57,14 +57,14 @@
"source": "{{ container_config_directory }}/logrotate/global.conf", "source": "{{ container_config_directory }}/logrotate/global.conf",
"dest": "/etc/logrotate.conf", "dest": "/etc/logrotate.conf",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
}, },
{% for service, enabled in services if enabled | bool %} {% for service, enabled in services if enabled | bool %}
{ {
"source": "{{ container_config_directory }}/logrotate/{{ service }}.conf", "source": "{{ container_config_directory }}/logrotate/{{ service }}.conf",
"dest": "/etc/logrotate.d/{{ service }}.conf", "dest": "/etc/logrotate.d/{{ service }}.conf",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
}{{ ',' if not loop.last else '' }} }{{ ',' if not loop.last else '' }}
{% endfor %} {% endfor %}

2
ansible/roles/gnocchi/templates/gnocchi-api.json.j2
View File

@ -13,7 +13,7 @@
"source": "{{ container_config_directory }}/wsgi-gnocchi.conf", "source": "{{ container_config_directory }}/wsgi-gnocchi.conf",
"dest": "/etc/{{ gnocchi_dir }}/wsgi-gnocchi.conf", "dest": "/etc/{{ gnocchi_dir }}/wsgi-gnocchi.conf",
"owner": "gnocchi", "owner": "gnocchi",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/policy.json",

2
ansible/roles/haproxy/templates/haproxy.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/haproxy.cfg", "source": "{{ container_config_directory }}/haproxy.cfg",
"dest": "/etc/haproxy/haproxy.cfg", "dest": "/etc/haproxy/haproxy.cfg",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/haproxy.pem", "source": "{{ container_config_directory }}/haproxy.pem",

2
ansible/roles/haproxy/templates/keepalived.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/keepalived.conf", "source": "{{ container_config_directory }}/keepalived.conf",
"dest": "/etc/keepalived/keepalived.conf", "dest": "/etc/keepalived/keepalived.conf",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
} }
] ]
} }

4
ansible/roles/horizon/templates/horizon.json.j2
View File

@ -33,7 +33,7 @@
"source": "{{ container_config_directory }}/horizon.conf", "source": "{{ container_config_directory }}/horizon.conf",
"dest": "/etc/{{ apache_dir }}/{{ apache_file }}", "dest": "/etc/{{ apache_dir }}/{{ apache_file }}",
"owner": "horizon", "owner": "horizon",
"perm": "0644" "perm": "0600"
}, },
{% for service, enabled in services if enabled | bool %} {% for service, enabled in services if enabled | bool %}
{ {
@ -48,7 +48,7 @@
"source": "{{ container_config_directory }}/local_settings", "source": "{{ container_config_directory }}/local_settings",
"dest": "/etc/openstack-dashboard/local_settings", "dest": "/etc/openstack-dashboard/local_settings",
"owner": "horizon", "owner": "horizon",
"perm": "0644" "perm": "0600"
} }
] ]
} }

6
ansible/roles/ironic/templates/ironic-pxe.json.j2
View File

@ -6,20 +6,20 @@
"source": "{{ container_config_directory }}/ironic-agent.kernel", "source": "{{ container_config_directory }}/ironic-agent.kernel",
"dest": "/tftpboot/ironic-agent.kernel", "dest": "/tftpboot/ironic-agent.kernel",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/ironic-agent.initramfs", "source": "{{ container_config_directory }}/ironic-agent.initramfs",
"dest": "/tftpboot/ironic-agent.initramfs", "dest": "/tftpboot/ironic-agent.initramfs",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
}, },
{% endif %} {% endif %}
{ {
"source": "{{ container_config_directory }}/default", "source": "{{ container_config_directory }}/default",
"dest": "/tftpboot/pxelinux.cfg/default", "dest": "/tftpboot/pxelinux.cfg/default",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

2
ansible/roles/karbor/templates/karbor-api.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/karbor.conf", "source": "{{ container_config_directory }}/karbor.conf",
"dest": "/etc/karbor/karbor.conf", "dest": "/etc/karbor/karbor.conf",
"owner": "karbor", "owner": "karbor",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

2
ansible/roles/karbor/templates/karbor-operationengine.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/karbor.conf", "source": "{{ container_config_directory }}/karbor.conf",
"dest": "/etc/karbor/karbor.conf", "dest": "/etc/karbor/karbor.conf",
"owner": "karbor", "owner": "karbor",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

4
ansible/roles/karbor/templates/karbor-protection.json.j2
View File

@ -5,13 +5,13 @@
"source": "{{ container_config_directory }}/karbor.conf", "source": "{{ container_config_directory }}/karbor.conf",
"dest": "/etc/karbor/karbor.conf", "dest": "/etc/karbor/karbor.conf",
"owner": "karbor", "owner": "karbor",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/providers.d/openstack-infra.conf", "source": "{{ container_config_directory }}/providers.d/openstack-infra.conf",
"dest": "/etc/karbor/providers.d/openstack-infra.conf", "dest": "/etc/karbor/providers.d/openstack-infra.conf",
"owner": "karbor", "owner": "karbor",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

2
ansible/roles/keystone/templates/keystone-fernet.json.j2
View File

@ -11,7 +11,7 @@
"source": "{{ container_config_directory }}/crontab", "source": "{{ container_config_directory }}/crontab",
"dest": "/var/spool/cron/crontabs/root/fernet-cron", "dest": "/var/spool/cron/crontabs/root/fernet-cron",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/fernet-rotate.sh", "source": "{{ container_config_directory }}/fernet-rotate.sh",

2
ansible/roles/keystone/templates/keystone-ssh.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/sshd_config", "source": "{{ container_config_directory }}/sshd_config",
"dest": "/etc/ssh/sshd_config", "dest": "/etc/ssh/sshd_config",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/id_rsa.pub", "source": "{{ container_config_directory }}/id_rsa.pub",

2
ansible/roles/keystone/templates/keystone.json.j2
View File

@ -33,7 +33,7 @@
"source": "{{ container_config_directory }}/wsgi-keystone.conf", "source": "{{ container_config_directory }}/wsgi-keystone.conf",
"dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf", "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
"owner": "keystone", "owner": "keystone",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

2
ansible/roles/mistral/templates/mistral-api.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/mistral.conf", "source": "{{ container_config_directory }}/mistral.conf",
"dest": "/etc/mistral/mistral.conf", "dest": "/etc/mistral/mistral.conf",
"owner": "mistral", "owner": "mistral",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/policy.json",

2
ansible/roles/mistral/templates/mistral-engine.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/mistral.conf", "source": "{{ container_config_directory }}/mistral.conf",
"dest": "/etc/mistral/mistral.conf", "dest": "/etc/mistral/mistral.conf",
"owner": "mistral", "owner": "mistral",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/policy.json",

2
ansible/roles/mistral/templates/mistral-executor.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/mistral.conf", "source": "{{ container_config_directory }}/mistral.conf",
"dest": "/etc/mistral/mistral.conf", "dest": "/etc/mistral/mistral.conf",
"owner": "mistral", "owner": "mistral",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/policy.json",

2
ansible/roles/mongodb/templates/mongodb.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/mongodb.conf", "source": "{{ container_config_directory }}/mongodb.conf",
"dest": "/etc/mongodb.conf", "dest": "/etc/mongodb.conf",
"owner": "mongodb", "owner": "mongodb",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

4
ansible/roles/nova/templates/nova-libvirt.json.j2
View File

@ -5,13 +5,13 @@
"source": "{{ container_config_directory }}/libvirtd.conf", "source": "{{ container_config_directory }}/libvirtd.conf",
"dest": "/etc/libvirt/libvirtd.conf", "dest": "/etc/libvirt/libvirtd.conf",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/qemu.conf", "source": "{{ container_config_directory }}/qemu.conf",
"dest": "/etc/libvirt/qemu.conf", "dest": "/etc/libvirt/qemu.conf",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
}{% if nova_backend == "rbd" %}, }{% if nova_backend == "rbd" %},
{ {
"source": "{{ container_config_directory }}/secrets", "source": "{{ container_config_directory }}/secrets",

2
ansible/roles/nova/templates/nova-ssh.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/sshd_config", "source": "{{ container_config_directory }}/sshd_config",
"dest": "/etc/ssh/sshd_config", "dest": "/etc/ssh/sshd_config",
"owner": "root", "owner": "root",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/ssh_config", "source": "{{ container_config_directory }}/ssh_config",

2
ansible/roles/nova/templates/placement-api.json.j2
View File

@ -20,7 +20,7 @@
"source": "{{ container_config_directory }}/placement-api-wsgi.conf", "source": "{{ container_config_directory }}/placement-api-wsgi.conf",
"dest": "/etc/{{ apache_conf_dir }}/placement-api-wsgi.conf", "dest": "/etc/{{ apache_conf_dir }}/placement-api-wsgi.conf",
"owner": "nova", "owner": "nova",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

2
ansible/roles/solum/templates/solum-api.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/solum.conf", "source": "{{ container_config_directory }}/solum.conf",
"dest": "/etc/solum/solum.conf", "dest": "/etc/solum/solum.conf",
"owner": "solum", "owner": "solum",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

2
ansible/roles/solum/templates/solum-conductor.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/solum.conf", "source": "{{ container_config_directory }}/solum.conf",
"dest": "/etc/solum/solum.conf", "dest": "/etc/solum/solum.conf",
"owner": "solum", "owner": "solum",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

2
ansible/roles/solum/templates/solum-deployer.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/solum.conf", "source": "{{ container_config_directory }}/solum.conf",
"dest": "/etc/solum/solum.conf", "dest": "/etc/solum/solum.conf",
"owner": "solum", "owner": "solum",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

2
ansible/roles/solum/templates/solum-worker.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/solum.conf", "source": "{{ container_config_directory }}/solum.conf",
"dest": "/etc/solum/solum.conf", "dest": "/etc/solum/solum.conf",
"owner": "solum", "owner": "solum",
"perm": "0644" "perm": "0600"
} }
], ],
"permissions": [ "permissions": [

2
ansible/roles/watcher/templates/watcher-api.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/watcher.conf", "source": "{{ container_config_directory }}/watcher.conf",
"dest": "/etc/watcher/watcher.conf", "dest": "/etc/watcher/watcher.conf",
"owner": "watcher", "owner": "watcher",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/policy.json",

2
ansible/roles/watcher/templates/watcher-applier.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/watcher.conf", "source": "{{ container_config_directory }}/watcher.conf",
"dest": "/etc/watcher/watcher.conf", "dest": "/etc/watcher/watcher.conf",
"owner": "watcher", "owner": "watcher",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/policy.json",

2
ansible/roles/watcher/templates/watcher-engine.json.j2
View File

@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/watcher.conf", "source": "{{ container_config_directory }}/watcher.conf",
"dest": "/etc/watcher/watcher.conf", "dest": "/etc/watcher/watcher.conf",
"owner": "watcher", "owner": "watcher",
"perm": "0644" "perm": "0600"
}, },
{ {
"source": "{{ container_config_directory }}/policy.json", "source": "{{ container_config_directory }}/policy.json",