Correct perms of /var/run/heat-config/heat-config

/var/run isn't persisted during image building, so relying on os-apply-config preserving the permissions of the existing file won't work because there isn't one. Instead, 55-heat-config needs to check and fix the permissions of this file on each run. Once it is set by 55-heat-config, os-apply-config will respect the corrected permissions when overwriting. Change-Id: Iecce01d31d66f217ccf4b34cc29f05465dc1886d Closes-Bug: #1520347
2016-06-27 10:31:32 +12:00 · 2016-06-27 10:31:32 +12:00 · 99de956f35
parent 32af44836f
commit 99de956f35
3 changed files with 5 additions and 6 deletions
--- a/hot/software-config/elements/heat-config/install.d/50-heat-config
+++ b/hot/software-config/elements/heat-config/install.d/50-heat-config
@ -1,5 +0,0 @@
-#!/bin/bash
-set -eux
-
-SCRIPTDIR=$(dirname $0)
-install -D -g root -o root -m 0600 ${SCRIPTDIR}/heat-config /var/run/heat-config/heat-config
--- a/hot/software-config/elements/heat-config/install.d/heat-config
+++ b/hot/software-config/elements/heat-config/install.d/heat-config
@ -1 +0,0 @@
-{}
--- a/hot/software-config/elements/heat-config/os-refresh-config/configure.d/55-heat-config
+++ b/hot/software-config/elements/heat-config/os-refresh-config/configure.d/55-heat-config
@ -16,6 +16,7 @@ import json
 import logging
 import os
 import shutil
+import stat
 import subprocess
 import sys

@ -46,6 +47,10 @@ def main(argv=sys.argv):
        log.error('No config file %s' % CONF_FILE)
        return 1

+    conf_mode = stat.S_IMODE(os.lstat(CONF_FILE).st_mode)
+    if conf_mode != 0o600:
+        os.chmod(CONF_FILE, 0o600)
+
    if not os.path.isdir(DEPLOYED_DIR):
        if DEPLOYED_DIR != OLD_DEPLOYED_DIR and os.path.isdir(OLD_DEPLOYED_DIR):
            log.debug('Migrating deployed state from %s to %s' %