Change default permissions in jinja templates.

Many of the templates use 600, remove unnecessary permission on these templates to bring them in line with the others. Change-Id: I30fe1b3822b9c7bb6ab98729fc519dc1d603db27

Change default permissions in jinja templates.
27429146 · James McCarthy · dc71ebe2 · 27429146 · 27429146 · 27429146
Commit 27429146 authored 8 years ago by James McCarthy
--- a/ansible/roles/ceilometer/templates/ceilometer-api.json.j2
+++ b/ansible/roles/ceilometer/templates/ceilometer-api.json.j2
@@ -14,7 +14,7 @@
            "source": "{{ container_config_directory }}/wsgi-ceilometer-api.conf",
            "dest": "/etc/{{ apache_dir }}/{{ apache_file }}",
            "owner": "ceilometer",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/policy.json",

--- a/ansible/roles/chrony/templates/chrony.json.j2
+++ b/ansible/roles/chrony/templates/chrony.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/chrony.conf",
            "dest": "/etc/chrony/chrony.conf",
            "owner": "chrony",
-            "perm": "0644"
+            "perm": "0600"
        }
    ]
 }
--- a/ansible/roles/common/templates/cron.json.j2
+++ b/ansible/roles/common/templates/cron.json.j2
@@ -57,14 +57,14 @@
            "source": "{{ container_config_directory }}/logrotate/global.conf",
            "dest": "/etc/logrotate.conf",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        },
 {% for service, enabled in services if enabled | bool %}
        {
            "source": "{{ container_config_directory }}/logrotate/{{ service }}.conf",
            "dest": "/etc/logrotate.d/{{ service }}.conf",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        }{{ ',' if not loop.last else '' }}
 {% endfor %}


--- a/ansible/roles/gnocchi/templates/gnocchi-api.json.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi-api.json.j2
@@ -13,7 +13,7 @@
            "source": "{{ container_config_directory }}/wsgi-gnocchi.conf",
            "dest": "/etc/{{ gnocchi_dir }}/wsgi-gnocchi.conf",
            "owner": "gnocchi",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/policy.json",

--- a/ansible/roles/haproxy/templates/haproxy.json.j2
+++ b/ansible/roles/haproxy/templates/haproxy.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/haproxy.cfg",
            "dest": "/etc/haproxy/haproxy.cfg",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/haproxy.pem",

--- a/ansible/roles/haproxy/templates/keepalived.json.j2
+++ b/ansible/roles/haproxy/templates/keepalived.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/keepalived.conf",
            "dest": "/etc/keepalived/keepalived.conf",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        }
    ]
 }
--- a/ansible/roles/horizon/templates/horizon.json.j2
+++ b/ansible/roles/horizon/templates/horizon.json.j2
@@ -33,7 +33,7 @@
            "source": "{{ container_config_directory }}/horizon.conf",
            "dest": "/etc/{{ apache_dir }}/{{ apache_file }}",
            "owner": "horizon",
-            "perm": "0644"
+            "perm": "0600"
        },
 {% for service, enabled in services if enabled | bool %}
        {
@@ -48,7 +48,7 @@
            "source": "{{ container_config_directory }}/local_settings",
            "dest": "/etc/openstack-dashboard/local_settings",
            "owner": "horizon",
-            "perm": "0644"
+            "perm": "0600"
        }
    ]
 }
--- a/ansible/roles/ironic/templates/ironic-pxe.json.j2
+++ b/ansible/roles/ironic/templates/ironic-pxe.json.j2
@@ -6,20 +6,20 @@
            "source": "{{ container_config_directory }}/ironic-agent.kernel",
            "dest": "/tftpboot/ironic-agent.kernel",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/ironic-agent.initramfs",
            "dest": "/tftpboot/ironic-agent.initramfs",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        },
 {% endif %}
        {
            "source": "{{ container_config_directory }}/default",
            "dest": "/tftpboot/pxelinux.cfg/default",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        }
    ],
    "permissions": [

--- a/ansible/roles/karbor/templates/karbor-api.json.j2
+++ b/ansible/roles/karbor/templates/karbor-api.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/karbor.conf",
            "dest": "/etc/karbor/karbor.conf",
            "owner": "karbor",
-            "perm": "0644"
+            "perm": "0600"
        }
    ],
    "permissions": [

--- a/ansible/roles/karbor/templates/karbor-operationengine.json.j2
+++ b/ansible/roles/karbor/templates/karbor-operationengine.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/karbor.conf",
            "dest": "/etc/karbor/karbor.conf",
            "owner": "karbor",
-            "perm": "0644"
+            "perm": "0600"
        }
    ],
    "permissions": [

--- a/ansible/roles/karbor/templates/karbor-protection.json.j2
+++ b/ansible/roles/karbor/templates/karbor-protection.json.j2
@@ -5,13 +5,13 @@
            "source": "{{ container_config_directory }}/karbor.conf",
            "dest": "/etc/karbor/karbor.conf",
            "owner": "karbor",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/providers.d/openstack-infra.conf",
            "dest": "/etc/karbor/providers.d/openstack-infra.conf",
            "owner": "karbor",
-            "perm": "0644"
+            "perm": "0600"
        }
    ],
    "permissions": [

--- a/ansible/roles/keystone/templates/keystone-fernet.json.j2
+++ b/ansible/roles/keystone/templates/keystone-fernet.json.j2
@@ -11,7 +11,7 @@
            "source": "{{ container_config_directory }}/crontab",
            "dest": "/var/spool/cron/crontabs/root/fernet-cron",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/fernet-rotate.sh",

--- a/ansible/roles/keystone/templates/keystone-ssh.json.j2
+++ b/ansible/roles/keystone/templates/keystone-ssh.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/sshd_config",
            "dest": "/etc/ssh/sshd_config",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/id_rsa.pub",

--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@@ -33,7 +33,7 @@
            "source": "{{ container_config_directory }}/wsgi-keystone.conf",
            "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
            "owner": "keystone",
-            "perm": "0644"
+            "perm": "0600"
        }
    ],
    "permissions": [

--- a/ansible/roles/mistral/templates/mistral-api.json.j2
+++ b/ansible/roles/mistral/templates/mistral-api.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/mistral.conf",
            "dest": "/etc/mistral/mistral.conf",
            "owner": "mistral",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/policy.json",

--- a/ansible/roles/mistral/templates/mistral-engine.json.j2
+++ b/ansible/roles/mistral/templates/mistral-engine.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/mistral.conf",
            "dest": "/etc/mistral/mistral.conf",
            "owner": "mistral",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/policy.json",

--- a/ansible/roles/mistral/templates/mistral-executor.json.j2
+++ b/ansible/roles/mistral/templates/mistral-executor.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/mistral.conf",
            "dest": "/etc/mistral/mistral.conf",
            "owner": "mistral",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/policy.json",

--- a/ansible/roles/mongodb/templates/mongodb.json.j2
+++ b/ansible/roles/mongodb/templates/mongodb.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/mongodb.conf",
            "dest": "/etc/mongodb.conf",
            "owner": "mongodb",
-            "perm": "0644"
+            "perm": "0600"
        }
    ],
    "permissions": [

--- a/ansible/roles/nova/templates/nova-libvirt.json.j2
+++ b/ansible/roles/nova/templates/nova-libvirt.json.j2
@@ -5,13 +5,13 @@
            "source": "{{ container_config_directory }}/libvirtd.conf",
            "dest": "/etc/libvirt/libvirtd.conf",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/qemu.conf",
            "dest": "/etc/libvirt/qemu.conf",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        }{% if nova_backend == "rbd" %},
        {
            "source": "{{ container_config_directory }}/secrets",

--- a/ansible/roles/nova/templates/nova-ssh.json.j2
+++ b/ansible/roles/nova/templates/nova-ssh.json.j2
@@ -5,7 +5,7 @@
            "source": "{{ container_config_directory }}/sshd_config",
            "dest": "/etc/ssh/sshd_config",
            "owner": "root",
-            "perm": "0644"
+            "perm": "0600"
        },
        {
            "source": "{{ container_config_directory }}/ssh_config",