commit dd92d595daabc7d284b3a131cd1ebfe97985120d
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Wed Jan 16 14:43:54 2019 +0200
Explicitly set certmonger's CA cert's permissions
We were relying on the default permissions that were being set by the
command that extracts the certificate into a PEM file. This wasn't the
right approach, as it could be too restrictive in some setups.
Here, we explicitly tell puppet to set the appropriate permissions
instead.
Given this is a certificate file, and there's no private key involved,
we can set it as world readable (0644). As folks in the system need to
access the file.
Change-Id: I4b2cb1071e3fd5a1277d54b86822e8fef2df0d78
Closes-bug: #1788257
(cherry picked from commit 5d6201f9fc97c525913e1aded8edd85de60ab528)
Reviewed: https:/ /review. openstack. org/631513 /git.openstack. org/cgit/ openstack/ puppet- tripleo/ commit/ ?id=dd92d595daa bc7d284b3a131cd 1ebfe97985120d
Committed: https:/
Submitter: Zuul
Branch: stable/queens
commit dd92d595daabc7d 284b3a131cd1ebf e97985120d
Author: Juan Antonio Osorio Robles <email address hidden>
Date: Wed Jan 16 14:43:54 2019 +0200
Explicitly set certmonger's CA cert's permissions
We were relying on the default permissions that were being set by the
command that extracts the certificate into a PEM file. This wasn't the
right approach, as it could be too restrictive in some setups.
Here, we explicitly tell puppet to set the appropriate permissions
instead.
Given this is a certificate file, and there's no private key involved,
we can set it as world readable (0644). As folks in the system need to
access the file.
Change-Id: I4b2cb1071e3fd5 a1277d54b86822e 8fef2df0d78 5913e1aded8edd8 5de60ab528)
Closes-bug: #1788257
(cherry picked from commit 5d6201f9fc97c52