Make the iPXE and PXE boot files world-readable

Change-Id: I8ac09e69149d7855cc754e15bd379170f822ee01
This commit is contained in:
Dmitry Tantsur 2020-08-21 18:48:15 +02:00
parent 3a7ca47680
commit 2eabfd77ff
2 changed files with 24 additions and 0 deletions

View File

@ -49,6 +49,16 @@
- name: "Copy full iPXE image into /tftpboot" - name: "Copy full iPXE image into /tftpboot"
copy: src={{ ipxe_dir }}/{{ ipxe_full_binary }} dest=/tftpboot/ remote_src=true copy: src={{ ipxe_dir }}/{{ ipxe_full_binary }} dest=/tftpboot/ remote_src=true
- name: Make boot files owned by ironic and world-readable
file:
path: "{{ item }}"
mode: 0644
owner: ironic
group: ironic
loop:
- /tftpboot/undionly.kpxe
- "/tftpboot/{{ ipxe_full_binary }}"
- name: "Set up iPXE for EFI booting" - name: "Set up iPXE for EFI booting"
block: block:
- name: "Check if the iPXE EFI image is present" - name: "Check if the iPXE EFI image is present"
@ -72,6 +82,16 @@
- name: "Copy iPXE EFI image into /tftpboot" - name: "Copy iPXE EFI image into /tftpboot"
copy: src={{ ipxe_dir }}/{{ ipxe_efi_binary }} dest=/tftpboot/ remote_src=true copy: src={{ ipxe_dir }}/{{ ipxe_efi_binary }} dest=/tftpboot/ remote_src=true
- name: Make UEFI boot files owned by ironic and world-readable
file:
path: "{{ item }}"
mode: 0644
owner: ironic
group: ironic
loop:
- "/tftpboot/{{ ipxe_efi_binary }}"
- "{{ http_boot_folder }}/{{ ipxe_efi_binary }}"
when: enable_uefi_ipxe | bool == true when: enable_uefi_ipxe | bool == true
# Similar logic to below can be utilized to retrieve files # Similar logic to below can be utilized to retrieve files

View File

@ -0,0 +1,4 @@
---
fixes:
- |
Fixes ACL of PXE and iPXE boot files to make sure they are world-readable.