From d85ab728c4a9091458dd7529187359524d2c4d77 Mon Sep 17 00:00:00 2001
From: Travis Truman <travis_truman@cable.comcast.com>
Date: Thu, 28 Jul 2016 14:05:01 -0400
Subject: [PATCH] Write script to /var/tmp instead of /usr/local/bin

/var/tmp is world writeable which allows this local
task to be run by non-root users

Further, the deployment host never executes the script
so there is no need for it to be in a location which is
in the $PATH

Icf47ca346634885cab521fc054493ce623f17cb9

Change-Id: I84616d25a0e3231efd32da01f72607fe45c1b434
---
 tasks/nova_compute_key_distribute.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/tasks/nova_compute_key_distribute.yml b/tasks/nova_compute_key_distribute.yml
index b88d05fa..016b1350 100644
--- a/tasks/nova_compute_key_distribute.yml
+++ b/tasks/nova_compute_key_distribute.yml
@@ -19,7 +19,7 @@
 - name: Drop authorized keys file script locally
   template:
     src: "nova-key-insert.sh.j2"
-    dest: "/usr/local/bin/openstack-nova-key.sh"
+    dest: "/var/tmp/openstack-nova-key.sh"
     mode: "0755"
   delegate_to: localhost
   when: inventory_hostname == groups['nova_compute'][0]
@@ -29,7 +29,7 @@
 
 - name: Copy templated authorized keys file script
   copy:
-    src: "/usr/local/bin/openstack-nova-key.sh"
+    src: "/var/tmp/openstack-nova-key.sh"
     dest: "/usr/local/bin/openstack-nova-key.sh"
     mode: "0755"
   tags: