dashboard: set less permissive permissions on dashboard certificate/key

author Guillaume Abrioux <gabrioux@redhat.com>

Wed, 15 May 2019 12:38:46 +0000 (14:38 +0200)

committer Guillaume Abrioux <gabrioux@redhat.com>

Fri, 17 May 2019 14:05:58 +0000 (16:05 +0200)
author Guillaume Abrioux <gabrioux@redhat.com>
Wed, 15 May 2019 12:38:46 +0000 (14:38 +0200)
committer Guillaume Abrioux <gabrioux@redhat.com>
Fri, 17 May 2019 14:05:58 +0000 (16:05 +0200)
diff --git a/roles/ceph-dashboard/tasks/configure_dashboard.yml b/roles/ceph-dashboard/tasks/configure_dashboard.yml

index ba7e57049d031d7683ac949160e6f512a6feb9ca..d61edd6c8da1d5a0f2481a0fba9c8f29d13d678d 100644 (file)
--- a/roles/ceph-dashboard/tasks/configure_dashboard.yml
+++ b/roles/ceph-dashboard/tasks/configure_dashboard.yml
@@ -20,7 +20,7 @@
      dest: "/etc/ceph/ceph-dashboard.crt"
      owner: root
      group: root
-    mode: 0644
+    mode: 0440
    when:
      - dashboard_crt
      - dashboard_protocol == "https"
@@ -31,7 +31,7 @@
      dest: "/etc/ceph/ceph-dashboard.key"
      owner: root
      group: root
-    mode: 0644
+    mode: 0440
    when:
      - dashboard_key
      - dashboard_protocol == "https"
diff --git a/roles/ceph-grafana/tasks/configure_grafana.yml b/roles/ceph-grafana/tasks/configure_grafana.yml

index 80522e42f48f3f6e01244cd126778449d1b695ee..bbb5ab224933c4acade91b54eef582a17d2b5fcb 100644 (file)
--- a/roles/ceph-grafana/tasks/configure_grafana.yml
+++ b/roles/ceph-grafana/tasks/configure_grafana.yml
@@ -49,7 +49,7 @@
    copy:
      src: "{{ grafana_key }}"
      dest: "/etc/grafana/ceph-dashboard.key"
-    mode: 0640
+    mode: 0440
    when:
      - grafana_key
      - dashboard_protocol == "https"
author	Guillaume Abrioux <gabrioux@redhat.com>
	Wed, 15 May 2019 12:38:46 +0000 (14:38 +0200)
committer	Guillaume Abrioux <gabrioux@redhat.com>
	Fri, 17 May 2019 14:05:58 +0000 (16:05 +0200)
roles/ceph-dashboard/tasks/configure_dashboard.yml		patch \| blob \| history
roles/ceph-grafana/tasks/configure_grafana.yml		patch \| blob \| history