Skip to content

Commit

Permalink
Merge pull request #11079 from patrickdillon/etcd-permissions-bz-1664889
Browse files Browse the repository at this point in the history 
Maintain etcd as owner of certs.
  • Loading branch information
@openshift-merge-robot
openshift-merge-robot committed Jan 25, 2019
2 parents 95736b8 + 28a214a commit eb84bc1
Showing 1 changed file with 11 additions and 1 deletion.
12 changes: 11 additions & 1 deletion roles/etcd/tasks/certificates/fetch_server_certificates_from_ca.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,14 +19,18 @@
- "{{ etcd_peer_cert_file }}"
- "{{ etcd_ca_file }}"
register: g_etcd_server_cert_stat_result
when: not etcd_certificates_redeploy | default(false) | bool


- set_fact:
etcd_server_certs_missing: "{{ true if etcd_certificates_redeploy | default(false) | bool
else (False in (g_etcd_server_cert_stat_result.results
| default({})
| lib_utils_oo_collect(attribute='stat.exists')
| list)) }}"
etcd_file_owner: "{{ ('etcd' in (g_etcd_server_cert_stat_result.results
| default({})
| lib_utils_oo_collect(attribute='stat.pw_name')
| list)) }}"

- name: Ensure generated_certs directory present
file:
Expand Down Expand Up @@ -183,6 +187,8 @@
file:
path: "{{ item }}"
mode: 0600
owner: "{{ 'etcd' if etcd_file_owner | bool else omit }}"
group: "{{ 'etcd' if etcd_file_owner | bool else omit }}"
when: etcd_url_scheme == 'https'
with_items:
- "{{ etcd_ca_file }}"
Expand All @@ -193,6 +199,8 @@
file:
path: "{{ item }}"
mode: 0600
owner: "{{ 'etcd' if etcd_file_owner | bool else omit }}"
group: "{{ 'etcd' if etcd_file_owner | bool else omit }}"
when: etcd_peer_url_scheme == 'https'
with_items:
- "{{ etcd_peer_ca_file }}"
Expand All @@ -205,3 +213,5 @@
path: "{{ etcd_conf_dir }}"
state: directory
mode: 0700
owner: "{{ 'etcd' if etcd_file_owner | bool else omit }}"
group: "{{ 'etcd' if etcd_file_owner | bool else omit }}"

0 comments on commit eb84bc1

Please sign in to comment.