Make generated private key files not world readable

The kolla-ansible certificates command creates a self-signed certificate and corresponding private key. This change sets the file mode on the files that contain the private key so that they are not world readable. Change-Id: I7bfba5975af8d230e5d00c2ce801a914fbbf2d4e
2018-05-09 14:39:05 -04:00 · 2018-05-09 14:39:05 -04:00 · 3991ebcd79
commit 3991ebcd79
parent b60468f06e
1 changed files with 8 additions and 0 deletions
--- a/ansible/roles/certificates/tasks/generate.yml
+++ b/ansible/roles/certificates/tasks/generate.yml
@ -22,6 +22,13 @@
  with_items:
    - "{{ node_config_directory }}/certificates/private/haproxy.key"

+- name: Setting permissions on key
+  become: true
+  file:
+    path: "{{ node_config_directory }}/certificates/private/haproxy.key"
+    mode: 0600
+    state: file
+
 - name: Creating Server Certificate
  become: true
  command: creates="{{ item }}" openssl req -new -nodes -sha256 -x509 \
@ -45,3 +52,4 @@
  assemble:
    src: "{{ node_config_directory }}/certificates/private"
    dest: "{{ node_config_directory }}/certificates/haproxy.pem"
+    mode: 0600