Fix permissions for SSH private key for Ubuntu distro installations
Due to weird postinst logic of keystone-common package permissions for SSH private key that is used for fernet rotation are reset to 0640 which prevents SSH from further functioning. We add post-package installation task that will ensure private key permissions for Ubuntu distro installations specifically. Change-Id: I1ebee33e3cf52cc0a9c474423a4fd5fa7f1cbe81
This commit is contained in:
parent
47bd365532
commit
a782b6157a
@ -113,6 +113,17 @@
|
|||||||
value: "{{ keystone_venv_tag }}"
|
value: "{{ keystone_venv_tag }}"
|
||||||
mode: "0644"
|
mode: "0644"
|
||||||
|
|
||||||
|
# NOTE(noonedeadpunk): Ubuntu packages does recursively chmod all files
|
||||||
|
# for keystone user $HOME:
|
||||||
|
# https://bugs.launchpad.net/cloud-archive/+bug/2060235
|
||||||
|
- name: Ensure SSH keys has right permissions
|
||||||
|
file:
|
||||||
|
path: "{{ keystone_system_user_home }}/.ssh/id_rsa"
|
||||||
|
mode: "0600"
|
||||||
|
when:
|
||||||
|
- install_packages is changed
|
||||||
|
- ansible_facts['distribution'] | lower == 'ubuntu'
|
||||||
|
|
||||||
- name: Initialise the upgrade facts
|
- name: Initialise the upgrade facts
|
||||||
ini_file:
|
ini_file:
|
||||||
dest: "/etc/ansible/facts.d/openstack_ansible.fact"
|
dest: "/etc/ansible/facts.d/openstack_ansible.fact"
|
||||||
|
Loading…
Reference in New Issue
Block a user