diff --git a/ansible/roles/ceilometer/templates/ceilometer-api.json.j2 b/ansible/roles/ceilometer/templates/ceilometer-api.json.j2
index 0f8f16b86a6e81b7e52fccf2ef6a501ecc14baae..271d5e0f797cc861144e0e342802374bd9014a42 100644
--- a/ansible/roles/ceilometer/templates/ceilometer-api.json.j2
+++ b/ansible/roles/ceilometer/templates/ceilometer-api.json.j2
@@ -14,7 +14,7 @@
"source": "{{ container_config_directory }}/wsgi-ceilometer-api.conf",
"dest": "/etc/{{ apache_dir }}/{{ apache_file }}",
"owner": "ceilometer",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
diff --git a/ansible/roles/chrony/templates/chrony.json.j2 b/ansible/roles/chrony/templates/chrony.json.j2
index f082b6d897fd1f0309dc11989f39d80ac4423696..03f3ee9c7a39b4504787e529424d659c962895be 100644
--- a/ansible/roles/chrony/templates/chrony.json.j2
+++ b/ansible/roles/chrony/templates/chrony.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/chrony.conf",
"dest": "/etc/chrony/chrony.conf",
"owner": "chrony",
- "perm": "0644"
+ "perm": "0600"
}
]
}
diff --git a/ansible/roles/common/templates/cron.json.j2 b/ansible/roles/common/templates/cron.json.j2
index d3b3422faf0d95d5edf02040aa49f1f55c57f3e0..5f5a762d9584a2292a27b59ad43662e1a772a8d4 100644
--- a/ansible/roles/common/templates/cron.json.j2
+++ b/ansible/roles/common/templates/cron.json.j2
@@ -57,14 +57,14 @@
"source": "{{ container_config_directory }}/logrotate/global.conf",
"dest": "/etc/logrotate.conf",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
},
{% for service, enabled in services if enabled | bool %}
{
"source": "{{ container_config_directory }}/logrotate/{{ service }}.conf",
"dest": "/etc/logrotate.d/{{ service }}.conf",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
}{{ ',' if not loop.last else '' }}
{% endfor %}
diff --git a/ansible/roles/gnocchi/templates/gnocchi-api.json.j2 b/ansible/roles/gnocchi/templates/gnocchi-api.json.j2
index 3a9d85d99a563a8d8e168aae47bc1f8f31f196e1..f7dc1a338c242e825ba52573fd6394ae7fc39741 100644
--- a/ansible/roles/gnocchi/templates/gnocchi-api.json.j2
+++ b/ansible/roles/gnocchi/templates/gnocchi-api.json.j2
@@ -13,7 +13,7 @@
"source": "{{ container_config_directory }}/wsgi-gnocchi.conf",
"dest": "/etc/{{ gnocchi_dir }}/wsgi-gnocchi.conf",
"owner": "gnocchi",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
diff --git a/ansible/roles/haproxy/templates/haproxy.json.j2 b/ansible/roles/haproxy/templates/haproxy.json.j2
index c95dd77031920a1bf549271d1f41ba0f84b2d805..9e0d2808f89049c6d5fc6dcada9c802377a118e8 100644
--- a/ansible/roles/haproxy/templates/haproxy.json.j2
+++ b/ansible/roles/haproxy/templates/haproxy.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/haproxy.cfg",
"dest": "/etc/haproxy/haproxy.cfg",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/haproxy.pem",
diff --git a/ansible/roles/haproxy/templates/keepalived.json.j2 b/ansible/roles/haproxy/templates/keepalived.json.j2
index 63a760c67509722277b6e60d699675880b05c708..3bcafd318900d07bd018507edab948c0bc3acb0d 100644
--- a/ansible/roles/haproxy/templates/keepalived.json.j2
+++ b/ansible/roles/haproxy/templates/keepalived.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/keepalived.conf",
"dest": "/etc/keepalived/keepalived.conf",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
}
]
}
diff --git a/ansible/roles/horizon/templates/horizon.json.j2 b/ansible/roles/horizon/templates/horizon.json.j2
index 95e2fca2f75cada9b3fcee9170fe4fb22d7a3f13..3436421a298182d3dedc1b80260eaf22263c0f44 100644
--- a/ansible/roles/horizon/templates/horizon.json.j2
+++ b/ansible/roles/horizon/templates/horizon.json.j2
@@ -33,7 +33,7 @@
"source": "{{ container_config_directory }}/horizon.conf",
"dest": "/etc/{{ apache_dir }}/{{ apache_file }}",
"owner": "horizon",
- "perm": "0644"
+ "perm": "0600"
},
{% for service, enabled in services if enabled | bool %}
{
@@ -48,7 +48,7 @@
"source": "{{ container_config_directory }}/local_settings",
"dest": "/etc/openstack-dashboard/local_settings",
"owner": "horizon",
- "perm": "0644"
+ "perm": "0600"
}
]
}
diff --git a/ansible/roles/ironic/templates/ironic-pxe.json.j2 b/ansible/roles/ironic/templates/ironic-pxe.json.j2
index 536d8fad77c0d3f9a348a59c62bde59cf3f7f690..b26cd5755f16308effecfe798a955b730d5e9f62 100644
--- a/ansible/roles/ironic/templates/ironic-pxe.json.j2
+++ b/ansible/roles/ironic/templates/ironic-pxe.json.j2
@@ -6,20 +6,20 @@
"source": "{{ container_config_directory }}/ironic-agent.kernel",
"dest": "/tftpboot/ironic-agent.kernel",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/ironic-agent.initramfs",
"dest": "/tftpboot/ironic-agent.initramfs",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
},
{% endif %}
{
"source": "{{ container_config_directory }}/default",
"dest": "/tftpboot/pxelinux.cfg/default",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/karbor/templates/karbor-api.json.j2 b/ansible/roles/karbor/templates/karbor-api.json.j2
index cc67e710e95f192128b16bf1864c7bcf1f9442ee..ccb784eaed1b8322aabb05832a4c941fa9f9ceb6 100644
--- a/ansible/roles/karbor/templates/karbor-api.json.j2
+++ b/ansible/roles/karbor/templates/karbor-api.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/karbor.conf",
"dest": "/etc/karbor/karbor.conf",
"owner": "karbor",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/karbor/templates/karbor-operationengine.json.j2 b/ansible/roles/karbor/templates/karbor-operationengine.json.j2
index d07e481fcdadd9a970b4c9048f51103e7e19177d..f61498ce65c733532543c63870ad8f3c1776a382 100644
--- a/ansible/roles/karbor/templates/karbor-operationengine.json.j2
+++ b/ansible/roles/karbor/templates/karbor-operationengine.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/karbor.conf",
"dest": "/etc/karbor/karbor.conf",
"owner": "karbor",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/karbor/templates/karbor-protection.json.j2 b/ansible/roles/karbor/templates/karbor-protection.json.j2
index 4094d4f4477d1314a6a0441bc45ce74185b5909d..304aece619c59e24aa51550c169bf35e571767d0 100644
--- a/ansible/roles/karbor/templates/karbor-protection.json.j2
+++ b/ansible/roles/karbor/templates/karbor-protection.json.j2
@@ -5,13 +5,13 @@
"source": "{{ container_config_directory }}/karbor.conf",
"dest": "/etc/karbor/karbor.conf",
"owner": "karbor",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/providers.d/openstack-infra.conf",
"dest": "/etc/karbor/providers.d/openstack-infra.conf",
"owner": "karbor",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/keystone/templates/keystone-fernet.json.j2 b/ansible/roles/keystone/templates/keystone-fernet.json.j2
index f1019a537495019050ed717deb36d52c5bfedcff..c7aa50e18dc997009e8bfbf768bcec273603e67b 100644
--- a/ansible/roles/keystone/templates/keystone-fernet.json.j2
+++ b/ansible/roles/keystone/templates/keystone-fernet.json.j2
@@ -11,7 +11,7 @@
"source": "{{ container_config_directory }}/crontab",
"dest": "/var/spool/cron/crontabs/root/fernet-cron",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/fernet-rotate.sh",
diff --git a/ansible/roles/keystone/templates/keystone-ssh.json.j2 b/ansible/roles/keystone/templates/keystone-ssh.json.j2
index c13e0eda60492f78bab456c9a97deeb6e7673bdc..ca016f8223156274ef48159aa509bf444d688954 100644
--- a/ansible/roles/keystone/templates/keystone-ssh.json.j2
+++ b/ansible/roles/keystone/templates/keystone-ssh.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/sshd_config",
"dest": "/etc/ssh/sshd_config",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/id_rsa.pub",
diff --git a/ansible/roles/keystone/templates/keystone.json.j2 b/ansible/roles/keystone/templates/keystone.json.j2
index 3cd792111656c9a5a965cd770539802382dbb574..0d5d95facc7890f2bfb31acb1d7b54d111f9f4e8 100644
--- a/ansible/roles/keystone/templates/keystone.json.j2
+++ b/ansible/roles/keystone/templates/keystone.json.j2
@@ -33,7 +33,7 @@
"source": "{{ container_config_directory }}/wsgi-keystone.conf",
"dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",
"owner": "keystone",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/mistral/templates/mistral-api.json.j2 b/ansible/roles/mistral/templates/mistral-api.json.j2
index 2b5c5c40223cbcc5d36f9538aaf42ff1943f48f1..aa565a0fba79467d482e6116a65622d5b733b2dc 100644
--- a/ansible/roles/mistral/templates/mistral-api.json.j2
+++ b/ansible/roles/mistral/templates/mistral-api.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/mistral.conf",
"dest": "/etc/mistral/mistral.conf",
"owner": "mistral",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
diff --git a/ansible/roles/mistral/templates/mistral-engine.json.j2 b/ansible/roles/mistral/templates/mistral-engine.json.j2
index bf3df918631e40b4c42a2f13807535ee1af4ca7d..3393d275b11af10cbcd55a5754bcdd35596b365c 100644
--- a/ansible/roles/mistral/templates/mistral-engine.json.j2
+++ b/ansible/roles/mistral/templates/mistral-engine.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/mistral.conf",
"dest": "/etc/mistral/mistral.conf",
"owner": "mistral",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
diff --git a/ansible/roles/mistral/templates/mistral-executor.json.j2 b/ansible/roles/mistral/templates/mistral-executor.json.j2
index 091818ad59a21fb9c43e5a9a3c2e2f5603e03e99..8a1f438e49969f0bd48307431d87f1aa53f9e073 100644
--- a/ansible/roles/mistral/templates/mistral-executor.json.j2
+++ b/ansible/roles/mistral/templates/mistral-executor.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/mistral.conf",
"dest": "/etc/mistral/mistral.conf",
"owner": "mistral",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
diff --git a/ansible/roles/mongodb/templates/mongodb.json.j2 b/ansible/roles/mongodb/templates/mongodb.json.j2
index e9792efbd86630e716773ca6f0621cad66416651..edb530ee238c2ad797943b8fb54fd0d122a2ff3c 100644
--- a/ansible/roles/mongodb/templates/mongodb.json.j2
+++ b/ansible/roles/mongodb/templates/mongodb.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/mongodb.conf",
"dest": "/etc/mongodb.conf",
"owner": "mongodb",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/nova/templates/nova-libvirt.json.j2 b/ansible/roles/nova/templates/nova-libvirt.json.j2
index aa19f7a396074f824b96c9413dd8ae32ae590f14..8ce0da167612f48139807f951441ffe6c44c6c94 100644
--- a/ansible/roles/nova/templates/nova-libvirt.json.j2
+++ b/ansible/roles/nova/templates/nova-libvirt.json.j2
@@ -5,13 +5,13 @@
"source": "{{ container_config_directory }}/libvirtd.conf",
"dest": "/etc/libvirt/libvirtd.conf",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/qemu.conf",
"dest": "/etc/libvirt/qemu.conf",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
}{% if nova_backend == "rbd" %},
{
"source": "{{ container_config_directory }}/secrets",
diff --git a/ansible/roles/nova/templates/nova-ssh.json.j2 b/ansible/roles/nova/templates/nova-ssh.json.j2
index 1fb041ecc9e3d74f928b114427a171ec90b3a072..f31f6d95e001ecdbd76106db4359868a3f8a11c0 100644
--- a/ansible/roles/nova/templates/nova-ssh.json.j2
+++ b/ansible/roles/nova/templates/nova-ssh.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/sshd_config",
"dest": "/etc/ssh/sshd_config",
"owner": "root",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/ssh_config",
diff --git a/ansible/roles/nova/templates/placement-api.json.j2 b/ansible/roles/nova/templates/placement-api.json.j2
index 10ff1cfaac6ce92665f40385a5ce9fab7b634cd1..fba578a84f2be8e9495ec1e8eeea021888c2c2f6 100644
--- a/ansible/roles/nova/templates/placement-api.json.j2
+++ b/ansible/roles/nova/templates/placement-api.json.j2
@@ -20,7 +20,7 @@
"source": "{{ container_config_directory }}/placement-api-wsgi.conf",
"dest": "/etc/{{ apache_conf_dir }}/placement-api-wsgi.conf",
"owner": "nova",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/solum/templates/solum-api.json.j2 b/ansible/roles/solum/templates/solum-api.json.j2
index 68afad66866864884293544e11cbaa43c62674e5..866dcd813294e7bb5d7ff1deffb144715e73f54f 100644
--- a/ansible/roles/solum/templates/solum-api.json.j2
+++ b/ansible/roles/solum/templates/solum-api.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/solum.conf",
"dest": "/etc/solum/solum.conf",
"owner": "solum",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/solum/templates/solum-conductor.json.j2 b/ansible/roles/solum/templates/solum-conductor.json.j2
index 2fef4bc3cff92bc72710c052f1ce44907d14a595..0106030a28dd3e646a8e75c8989b8ffcbdfba1c6 100644
--- a/ansible/roles/solum/templates/solum-conductor.json.j2
+++ b/ansible/roles/solum/templates/solum-conductor.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/solum.conf",
"dest": "/etc/solum/solum.conf",
"owner": "solum",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/solum/templates/solum-deployer.json.j2 b/ansible/roles/solum/templates/solum-deployer.json.j2
index 53d8fc5aee4c268864ea87d875dd17c6744cf2cd..228f42bdadcab32fdaac1a0759a3316806737131 100644
--- a/ansible/roles/solum/templates/solum-deployer.json.j2
+++ b/ansible/roles/solum/templates/solum-deployer.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/solum.conf",
"dest": "/etc/solum/solum.conf",
"owner": "solum",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/solum/templates/solum-worker.json.j2 b/ansible/roles/solum/templates/solum-worker.json.j2
index 35afc47d779ba6e730306173b015730c3b03407f..2a883df8dd8427f9e7e7c2d60065098735fe2a76 100644
--- a/ansible/roles/solum/templates/solum-worker.json.j2
+++ b/ansible/roles/solum/templates/solum-worker.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/solum.conf",
"dest": "/etc/solum/solum.conf",
"owner": "solum",
- "perm": "0644"
+ "perm": "0600"
}
],
"permissions": [
diff --git a/ansible/roles/watcher/templates/watcher-api.json.j2 b/ansible/roles/watcher/templates/watcher-api.json.j2
index 149ceb16f7dc2d8a254c3d6aaca99ad45ebd2d37..2d8233b21c5b7e4d95238f06fc80a7c62a826f16 100644
--- a/ansible/roles/watcher/templates/watcher-api.json.j2
+++ b/ansible/roles/watcher/templates/watcher-api.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/watcher.conf",
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
diff --git a/ansible/roles/watcher/templates/watcher-applier.json.j2 b/ansible/roles/watcher/templates/watcher-applier.json.j2
index 63292e2d78647390eca2d680ff55ce5844a5d1b3..7124824c3a36d5daca9fe8bafdae0544c9894064 100644
--- a/ansible/roles/watcher/templates/watcher-applier.json.j2
+++ b/ansible/roles/watcher/templates/watcher-applier.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/watcher.conf",
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",
diff --git a/ansible/roles/watcher/templates/watcher-engine.json.j2 b/ansible/roles/watcher/templates/watcher-engine.json.j2
index deb285889bed7b4a88bcf76901ddd0e5d3c6328d..f1d4d65f9dbd84563d148be814328bc2360ad1d9 100644
--- a/ansible/roles/watcher/templates/watcher-engine.json.j2
+++ b/ansible/roles/watcher/templates/watcher-engine.json.j2
@@ -5,7 +5,7 @@
"source": "{{ container_config_directory }}/watcher.conf",
"dest": "/etc/watcher/watcher.conf",
"owner": "watcher",
- "perm": "0644"
+ "perm": "0600"
},
{
"source": "{{ container_config_directory }}/policy.json",