Explicit set qemu certificate group ownership
While the certificates get requested with the appropriate group root:qemu [1] and copied to /etc/pki/qemu/ with -a it has seen that the group ownership is not correct on the target certificate files. Lets set explicit group ownership via the run_after script. Closes-Bug: #1933330 [1] https://github.com/openstack/tripleo-heat-templates/blob/master/deployment/nova/nova-libvirt-container-puppet.yaml#L777-L779 Change-Id: I67698dafb3ade4239d8cee868c0333c5ec89472c
This commit is contained in:
parent
1fa10f57b1
commit
c904c7555c
@ -796,6 +796,7 @@ outputs:
|
|||||||
chmod 644 /etc/pki/qemu/ca-cert.pem
|
chmod 644 /etc/pki/qemu/ca-cert.pem
|
||||||
cp -a /etc/pki/tls/certs/qemu-server-cert.crt /etc/pki/qemu/server-cert.pem
|
cp -a /etc/pki/tls/certs/qemu-server-cert.crt /etc/pki/qemu/server-cert.pem
|
||||||
cp -a /etc/pki/tls/private/qemu-server-cert.key /etc/pki/qemu/server-key.pem
|
cp -a /etc/pki/tls/private/qemu-server-cert.key /etc/pki/qemu/server-key.pem
|
||||||
|
chgrp qemu /etc/pki/qemu/server-*
|
||||||
chmod 0640 /etc/pki/qemu/server-cert.pem
|
chmod 0640 /etc/pki/qemu/server-cert.pem
|
||||||
chmod 0640 /etc/pki/qemu/server-key.pem
|
chmod 0640 /etc/pki/qemu/server-key.pem
|
||||||
systemctl reload tripleo_nova_libvirt
|
systemctl reload tripleo_nova_libvirt
|
||||||
@ -828,6 +829,7 @@ outputs:
|
|||||||
# Copy cert and key to qemu dir
|
# Copy cert and key to qemu dir
|
||||||
cp -a /etc/pki/tls/certs/qemu-client-cert.crt /etc/pki/qemu/client-cert.pem
|
cp -a /etc/pki/tls/certs/qemu-client-cert.crt /etc/pki/qemu/client-cert.pem
|
||||||
cp -a /etc/pki/tls/private/qemu-client-cert.key /etc/pki/qemu/client-key.pem
|
cp -a /etc/pki/tls/private/qemu-client-cert.key /etc/pki/qemu/client-key.pem
|
||||||
|
chgrp qemu /etc/pki/qemu/client-*
|
||||||
chmod 0640 /etc/pki/qemu/client-cert.pem
|
chmod 0640 /etc/pki/qemu/client-cert.pem
|
||||||
chmod 0640 /etc/pki/qemu/client-key.pem
|
chmod 0640 /etc/pki/qemu/client-key.pem
|
||||||
systemctl reload tripleo_nova_libvirt
|
systemctl reload tripleo_nova_libvirt
|
||||||
|
Loading…
Reference in New Issue
Block a user