From e50f19522a01fa780f66b5d28e36efe3a67f6690 Mon Sep 17 00:00:00 2001
From: Mark Goddard <mark@stackhpc.com>
Date: Fri, 30 Jun 2017 18:15:49 +0100
Subject: [PATCH] Set TFTP file permissions to 0644

The TFTP server used by ironic and ironic inspector (in.tftpd) requires
files to be world readable in order for them to be accessible via
TFTP[1].

The permissions of these files were recently changed to 0600 along with
a number of other files[2].

This change reverts the permissions to 0644 for the ironic inspector PXE
configuration files.

[1] https://linux.die.net/man/8/in.tftpd (security section)
[2]
https://github.com/openstack/kolla-ansible/commit/274291463e99eab805a4265adc856c1bffafa9ad

Change-Id: Ibc281949ebf5bab1e1d2e450ec943728aa00943b
Closes-Bug: #1701695
---
 ansible/roles/ironic/templates/ironic-pxe.json.j2 | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/ansible/roles/ironic/templates/ironic-pxe.json.j2 b/ansible/roles/ironic/templates/ironic-pxe.json.j2
index b26cd5755..536d8fad7 100644
--- a/ansible/roles/ironic/templates/ironic-pxe.json.j2
+++ b/ansible/roles/ironic/templates/ironic-pxe.json.j2
@@ -6,20 +6,20 @@
             "source": "{{ container_config_directory }}/ironic-agent.kernel",
             "dest": "/tftpboot/ironic-agent.kernel",
             "owner": "root",
-            "perm": "0600"
+            "perm": "0644"
         },
         {
             "source": "{{ container_config_directory }}/ironic-agent.initramfs",
             "dest": "/tftpboot/ironic-agent.initramfs",
             "owner": "root",
-            "perm": "0600"
+            "perm": "0644"
         },
 {% endif %}
         {
             "source": "{{ container_config_directory }}/default",
             "dest": "/tftpboot/pxelinux.cfg/default",
             "owner": "root",
-            "perm": "0600"
+            "perm": "0644"
         }
     ],
     "permissions": [
-- 
GitLab