openstack/puppet-tripleo
Code Issues Proposed changes
0a73e19d01
puppet-tripleo/manifests/certmonger
History
Juan Antonio Osorio Robles 5d6201f9fc Explicitly set certmonger's CA cert's permissions 
We were relying on the default permissions that were being set by the
command that extracts the certificate into a PEM file. This wasn't the
right approach, as it could be too restrictive in some setups.

Here, we explicitly tell puppet to set the appropriate permissions
instead.

Given this is a certificate file, and there's no private key involved,
we can set it as world readable (0644). As folks in the system need to
access the file.

Change-Id: I4b2cb1071e3fd5a1277d54b86822e8fef2df0d78
Closes-bug: #1788257
2019-01-17 08:10:38 +02:00
..
ca Explicitly set certmonger's CA cert's permissions 2019-01-17 08:10:38 +02:00
apache_dirs.pp Ensure directory exists for certificates for httpd 2017-04-11 11:45:43 +00:00
etcd.pp Enable internal network TLS for etcd 2017-04-12 08:28:02 +00:00
haproxy_dirs.pp Fixes incorrect license for certmonger haproxy dirs 2018-04-09 15:50:32 -04:00
haproxy.pp Include local CA installation outside of HAProxy cert setup 2018-04-06 09:20:30 +03:00
httpd.pp Certmonger: Make postsave command configurable 2017-08-18 18:59:35 +00:00
libvirt_dirs.pp TLS-everywhere: Add resources for libvirt's cert for live migration 2017-04-07 11:31:40 +03:00
libvirt_vnc_dirs.pp Add support for libvirt VNC TLS with option of a dedicated CA 2018-02-14 10:23:26 +00:00
libvirt_vnc.pp Add support for libvirt VNC TLS with option of a dedicated CA 2018-02-14 10:23:26 +00:00
libvirt.pp TLS-everywhere/libvirt: Make postsave command configurable 2017-08-24 12:30:08 +00:00
mysql.pp Certmonger: Make postsave command configurable 2017-08-18 18:59:35 +00:00
neutron.pp Removes neutron ownership of certs 2018-03-28 11:27:02 -07:00
novnc_proxy.pp Remove MongoDB 2019-01-04 12:48:43 +00:00
opendaylight.pp Fixes incorrect ownership of ODL TLS cert/key 2018-03-20 12:47:07 -04:00
openvswitch.pp Adds TLS support for OpenDaylight 2018-01-19 17:11:07 -05:00
qemu_dirs.pp Add support for native TLS encryption on NBD for disk migration 2018-12-05 11:31:43 +01:00
qemu_nbd_dirs.pp Add support for native TLS encryption on NBD for disk migration 2018-12-05 11:31:43 +01:00
qemu.pp Fix linting issues 2018-12-17 17:08:05 -07:00
rabbitmq.pp Fix certificate ownership of rabbitmq 2018-05-17 07:08:22 +00:00
redis.pp Fix Redis TLS setup, including replication traffic 2018-02-09 09:18:19 +00:00