Merge "Rootwrap configuration should be owned by root"

2016-03-09 07:17:23 +00:00 · 2016-03-09 07:17:23 +00:00 · ba11de3626
commit ba11de3626
parent b58230d136 cc35393659
2 changed files with 11 additions and 9 deletions
--- a/tasks/neutron_post_install.yml
+++ b/tasks/neutron_post_install.yml
@ -17,8 +17,8 @@
  config_template:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
-    owner: "{{ neutron_system_user_name }}"
-    group: "{{ neutron_system_group_name }}"
+    owner: "{{ item.owner|default(neutron_system_user_name) }}"
+    group: "{{ item.group|default(neutron_system_group_name) }}"
    mode: "0644"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
@ -37,6 +37,8 @@
      config_type: "ini"
    - src: "rootwrap.conf.j2"
      dest: "/etc/neutron/rootwrap.conf"
+      owner: "root"
+      group: "root"
      config_overrides: "{{ neutron_rootwrap_conf_overrides }}"
      config_type: "ini"
    - src: "policy.json.j2"
@ -83,12 +85,12 @@
  tags:
    - neutron-config

- name: Drop neutron Configs
+- name: Drop neutron rootwrap filters
  copy:
    src: "{{ item.src }}"
    dest: "{{ item.dest }}"
-    owner: "{{ neutron_system_user_name }}"
-    group: "{{ neutron_system_group_name }}"
+    owner: "root"
+    group: "root"
  with_items:
    - { src: "rootwrap.d/debug.filters", dest: "/etc/neutron/rootwrap.d/debug.filters" }
    - { src: "rootwrap.d/dibbler.filters", dest: "/etc/neutron/rootwrap.d/dibbler.filters" }
@ -104,12 +106,12 @@
  tags:
    - neutron-config

- name: Drop neutron agent filters
+- name: Drop neutron agent rootwrap filters
  copy:
    src: "{{ item.value.service_rootwrap }}"
    dest: "/etc/neutron/{{ item.value.service_rootwrap }}"
-    owner: "{{ neutron_system_user_name }}"
-    group: "{{ neutron_system_group_name }}"
+    owner: "root"
+    group: "root"
  with_dict: neutron_services
  when:
      - item.value.service_en | bool
--- a/tasks/neutron_pre_install.yml
+++ b/tasks/neutron_pre_install.yml
@ -44,7 +44,7 @@
    - { path: "/etc/neutron" }
    - { path: "/etc/neutron/plugins" }
    - { path: "/etc/neutron/plugins/{{ neutron_plugin_type }}" }
-    - { path: "/etc/neutron/rootwrap.d" }
+    - { path: "/etc/neutron/rootwrap.d", owner: "root", group: "root" }
    - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
    - { path: "/var/cache/neutron" }
    - { path: "/var/lock/neutron" }