Fix permissions for SSH private key for Ubuntu distro installations

Due to weird postinst logic of keystone-common package permissions
for SSH private key that is used for fernet rotation are reset to 0640 which
prevents SSH from further functioning.

We add post-package installation task that will ensure private key permissions
for Ubuntu distro installations specifically.

Change-Id: I1ebee33e3cf52cc0a9c474423a4fd5fa7f1cbe81
This commit is contained in:
Dmitriy Rabotyagov 2024-04-04 22:38:43 +02:00 committed by Dmitriy Rabotyagov
parent 47bd365532
commit a782b6157a

View File

@ -113,6 +113,17 @@
value: "{{ keystone_venv_tag }}" value: "{{ keystone_venv_tag }}"
mode: "0644" mode: "0644"
# NOTE(noonedeadpunk): Ubuntu packages does recursively chmod all files
# for keystone user $HOME:
# https://bugs.launchpad.net/cloud-archive/+bug/2060235
- name: Ensure SSH keys has right permissions
file:
path: "{{ keystone_system_user_home }}/.ssh/id_rsa"
mode: "0600"
when:
- install_packages is changed
- ansible_facts['distribution'] | lower == 'ubuntu'
- name: Initialise the upgrade facts - name: Initialise the upgrade facts
ini_file: ini_file:
dest: "/etc/ansible/facts.d/openstack_ansible.fact" dest: "/etc/ansible/facts.d/openstack_ansible.fact"