From cf3bb3b46b0f520800ba73f2d90fbf46dd111762 Mon Sep 17 00:00:00 2001
From: Dmitriy Rabotyagov <dmitriy.rabotyagov@cleura.com>
Date: Tue, 30 Apr 2024 20:55:07 +0200
Subject: [PATCH] Set correct permissions for rootwrap.d

Recursive task against /etc/cinder/rootwrap.d set directory permissions
to 0640 as well, which is not really valid. Also it was not idempotent
with dir creation from pre-install step.

Change-Id: Idbd09c78943d954f42f89acce40096c3754024be
---
 tasks/glance_install.yml      | 1 +
 tasks/glance_post_install.yml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/tasks/glance_install.yml b/tasks/glance_install.yml
index 542194a4..2f2b8fb2 100644
--- a/tasks/glance_install.yml
+++ b/tasks/glance_install.yml
@@ -96,6 +96,7 @@
     - path: "{{ glance_etc_dir }}/rootwrap.d"
       owner: "root"
       group: "root"
+      mode: "0750"
     - path: "/var/cache/glance"
     - path: "{{ glance_system_user_home }}"
     - path: "{{ glance_system_user_home }}/cache"
diff --git a/tasks/glance_post_install.yml b/tasks/glance_post_install.yml
index 7681e3f2..00eea551 100644
--- a/tasks/glance_post_install.yml
+++ b/tasks/glance_post_install.yml
@@ -152,7 +152,7 @@
     path: "{{ glance_etc_dir }}/rootwrap.d"
     owner: "root"
     group: "root"
-    mode: "0640"
+    mode: "u=rwX,g=rX,o="
     recurse: true
 
 - name: Run the systemd mount role