openstack
/
tripleo-heat-templates
Code Issues Proposed changes

Make injected CA file readable by others 

Currently the permissions for the CA file that is injected (if the
environment is set), doesn't permit users that don't belong to the group
that owns the file to read it. This is too restrictive and isn't
necessary, as the certificate should be public.

This is useful in the case where we want a service that can't read the
certificate chain (or bundle) to be able to read that CA certificate.
This is the case for the MariaDB version that is being used in CentOS
7.1 for example.

Change-Id: I6ff59326a5570670c031b448fb0ffd8dfbd8b025
This commit is contained in:
Juan Antonio Osorio Robles 2016-02-17 15:48:36 +02:00
parent 509c3be9ef
commit b6ee4bf4a5
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
puppet/extraconfig/tls/ca-inject.yaml
View File

@ -45,7 +45,7 @@ resources:
cat > ${cacert_path} << EOF
${cacert_content}
EOF
chmod 0440 ${cacert_path}
chmod 0444 ${cacert_path}
chown root:root ${cacert_path}
${update_anchor_command}
md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum