Merge "Fix ownership and permissions of admin-openrc.sh"
This commit is contained in:
commit
393888a1cb
@ -1,10 +1,12 @@
|
|||||||
---
|
---
|
||||||
- name: Creating admin openrc file on the deploy node
|
- name: Creating admin openrc file on the deploy node
|
||||||
hosts: localhost
|
hosts: localhost
|
||||||
become: true
|
|
||||||
tasks:
|
tasks:
|
||||||
- name: Template out admin-openrc.sh
|
- name: Template out admin-openrc.sh
|
||||||
|
become: true
|
||||||
template:
|
template:
|
||||||
src: "roles/common/templates/admin-openrc.sh.j2"
|
src: "roles/common/templates/admin-openrc.sh.j2"
|
||||||
dest: "{{ node_config }}/admin-openrc.sh"
|
dest: "{{ node_config }}/admin-openrc.sh"
|
||||||
run_once: True
|
owner: "{{ ansible_user_uid }}"
|
||||||
|
group: "{{ ansible_user_gid }}"
|
||||||
|
mode: 0600
|
||||||
|
@ -0,0 +1,19 @@
|
|||||||
|
---
|
||||||
|
security:
|
||||||
|
- |
|
||||||
|
The ``admin-openrc.sh`` file generated by ``kolla-ansible post-deploy`` was
|
||||||
|
previously created with ``root:root`` ownership and ``644`` permissions.
|
||||||
|
This would allow anyone with access to the same directory to read the file,
|
||||||
|
including the admin credentials. The ownership of ``admin-openrc.sh`` is
|
||||||
|
now set to the user executing ``kolla-ansible``, and the file is assigned a
|
||||||
|
mode of ``600``. This change can be applied by running ``kolla-ansible
|
||||||
|
post-deploy``.
|
||||||
|
fixes:
|
||||||
|
- |
|
||||||
|
The ``admin-openrc.sh`` file generated by ``kolla-ansible post-deploy`` was
|
||||||
|
previously created with ``root:root`` ownership and ``644`` permissions.
|
||||||
|
This would allow anyone with access to the same directory to read the file,
|
||||||
|
including the admin credentials. The ownership of ``admin-openrc.sh`` is
|
||||||
|
now set to the user executing ``kolla-ansible``, and the file is assigned a
|
||||||
|
mode of ``600``. This change can be applied by running ``kolla-ansible
|
||||||
|
post-deploy``.
|
Loading…
Reference in New Issue
Block a user