Write script to /var/tmp instead of /usr/local/bin

/var/tmp is world writeable which allows this local task to be run by non-root users Further, the deployment host never executes the script so there is no need for it to be in a location which is in the $PATH Icf47ca346634885cab521fc054493ce623f17cb9 Change-Id: I84616d25a0e3231efd32da01f72607fe45c1b434
2016-07-28 14:05:01 -04:00 · 2016-07-28 14:05:01 -04:00 · d85ab728c4
commit d85ab728c4
parent fed503cd49
1 changed files with 2 additions and 2 deletions
--- a/tasks/nova_compute_key_distribute.yml
+++ b/tasks/nova_compute_key_distribute.yml
@ -19,7 +19,7 @@
 - name: Drop authorized keys file script locally
  template:
    src: "nova-key-insert.sh.j2"
-    dest: "/usr/local/bin/openstack-nova-key.sh"
+    dest: "/var/tmp/openstack-nova-key.sh"
    mode: "0755"
  delegate_to: localhost
  when: inventory_hostname == groups['nova_compute'][0]
@ -29,7 +29,7 @@

 - name: Copy templated authorized keys file script
  copy:
-    src: "/usr/local/bin/openstack-nova-key.sh"
+    src: "/var/tmp/openstack-nova-key.sh"
    dest: "/usr/local/bin/openstack-nova-key.sh"
    mode: "0755"
  tags: