Change umask when creating keyrings

So that they aren't world readable by default

Unable to cherry-pick due to multiple changes in single commit
Original commit: 3cdc6cb5

Signed-off-by: Alfredo Deza <adeza@redhat.com>
(cherry picked from commit 5404647b76460ec83e43a570afcef4c87b8cb662)

diff --git a/ceph_deploy/new.py b/ceph_deploy/new.py
index 902e87d9cccb4f3dc32aaad52ed430e7b3f1d0b4..a4dfb5765c75745f29e60d552e33a8904f98f3cd 100644 (file)
--- a/ceph_deploy/new.py
+++ b/ceph_deploy/new.py
@@ -211,18 +211,21 @@ def new_mon_keyring(args):
     keypath = '{name}.mon.keyring'.format(
         name=args.cluster,
         )
-
+    oldmask = os.umask(077)
     LOG.debug('Writing monitor keyring to %s...', keypath)
-    tmp = '%s.tmp' % keypath
-    with file(tmp, 'w') as f:
-        f.write(mon_keyring)
     try:
-        os.rename(tmp, keypath)
-    except OSError as e:
-        if e.errno == errno.EEXIST:
-            raise exc.ClusterExistsError(keypath)
-        else:
-            raise
+        tmp = '%s.tmp' % keypath
+        with file(tmp, 'w') as f:
+            f.write(mon_keyring)
+        try:
+            os.rename(tmp, keypath)
+        except OSError as e:
+            if e.errno == errno.EEXIST:
+                raise exc.ClusterExistsError(keypath)
+            else:
+                raise
+    finally:
+        os.umask(oldmask)
 
 
 @priority(10)