From 51816f0faf90141a5c5a1caebc0117aebdc6b2f9 Mon Sep 17 00:00:00 2001
From: Andrey <agrebennikov@mirantis.com>
Date: Tue, 17 Jan 2017 17:26:14 -0600
Subject: [PATCH] Change permission for conf folder

According to the security guide config files should not be
reachable by any users except the owner and root.

Change-Id: Ib9da740b5504533a1224d7c0b3e07e1af8b352b5
---
 tasks/nova_pre_install.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/tasks/nova_pre_install.yml b/tasks/nova_pre_install.yml
index 9f6afe3e..7f53f6c7 100644
--- a/tasks/nova_pre_install.yml
+++ b/tasks/nova_pre_install.yml
@@ -60,7 +60,7 @@
     mode: "{{ item.mode|default('0755') }}"
   with_items:
     - { path: "/openstack", owner: "root", group: "root" }
-    - { path: "/etc/nova" }
+    - { path: "/etc/nova", mode: "0750" }
     - { path: "/etc/nova/rootwrap.d", owner: "root", group: "root" }
     - { path: "/etc/sudoers.d", mode: "0750", owner: "root", group: "root" }
     - { path: "/var/cache/nova" }