openstack/kolla-ansible
Code Issues Proposed changes

Make generated private key files not world readable

Browse Source 
The kolla-ansible certificates command creates a self-signed
certificate and corresponding private key.  This change sets the
file mode on the files that contain the private key so that they
are not world readable.

Change-Id: I7bfba5975af8d230e5d00c2ce801a914fbbf2d4e
This commit is contained in:
Mark Giles 2018-05-09 14:39:05 -04:00
parent b60468f06e
commit 3991ebcd79
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
ansible/roles/certificates/tasks/generate.yml
View File

@ -22,6 +22,13 @@
with_items: with_items:
- "{{ node_config_directory }}/certificates/private/haproxy.key" - "{{ node_config_directory }}/certificates/private/haproxy.key"
- name: Setting permissions on key
become: true
file:
path: "{{ node_config_directory }}/certificates/private/haproxy.key"
mode: 0600
state: file
- name: Creating Server Certificate - name: Creating Server Certificate
become: true become: true
command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \ command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \
@ -45,3 +52,4 @@
assemble: assemble:
src: "{{ node_config_directory }}/certificates/private" src: "{{ node_config_directory }}/certificates/private"
dest: "{{ node_config_directory }}/certificates/haproxy.pem" dest: "{{ node_config_directory }}/certificates/haproxy.pem"
mode: 0600