tripleo

  1. Bug #1788257
  2. Comment #6

Comment 6 for bug 1788257

Revision history for this message
OpenStack Infra (hudson-openstack) wrote : Fix merged to puppet-tripleo (stable/queens)

Reviewed: https://review.openstack.org/631513
Committed: https://git.openstack.org/cgit/openstack/puppet-tripleo/commit/?id=dd92d595daabc7d284b3a131cd1ebfe97985120d
Submitter: Zuul
Branch: stable/queens

commit dd92d595daabc7d284b3a131cd1ebfe97985120d
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Wed Jan 16 14:43:54 2019 +0200

    Explicitly set certmonger's CA cert's permissions

    We were relying on the default permissions that were being set by the
    command that extracts the certificate into a PEM file. This wasn't the
    right approach, as it could be too restrictive in some setups.

    Here, we explicitly tell puppet to set the appropriate permissions
    instead.

    Given this is a certificate file, and there's no private key involved,
    we can set it as world readable (0644). As folks in the system need to
    access the file.

    Change-Id: I4b2cb1071e3fd5a1277d54b86822e8fef2df0d78
    Closes-bug: #1788257
    (cherry picked from commit 5d6201f9fc97c525913e1aded8edd85de60ab528)