]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ansible.git/commitdiff
dashboard: set less permissive permissions on dashboard certificate/key
authorGuillaume Abrioux <gabrioux@redhat.com>
Wed, 15 May 2019 12:38:46 +0000 (14:38 +0200)
committerGuillaume Abrioux <gabrioux@redhat.com>
Fri, 17 May 2019 14:05:58 +0000 (16:05 +0200)
use `0440` instead of `0644` is enough

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 14f381200d7341ff5c5ce19e8768da8e97f43fcd)

roles/ceph-dashboard/tasks/configure_dashboard.yml
roles/ceph-grafana/tasks/configure_grafana.yml

index ba7e57049d031d7683ac949160e6f512a6feb9ca..d61edd6c8da1d5a0f2481a0fba9c8f29d13d678d 100644 (file)
@@ -20,7 +20,7 @@
     dest: "/etc/ceph/ceph-dashboard.crt"
     owner: root
     group: root
-    mode: 0644
+    mode: 0440
   when:
     - dashboard_crt
     - dashboard_protocol == "https"
@@ -31,7 +31,7 @@
     dest: "/etc/ceph/ceph-dashboard.key"
     owner: root
     group: root
-    mode: 0644
+    mode: 0440
   when:
     - dashboard_key
     - dashboard_protocol == "https"
index 80522e42f48f3f6e01244cd126778449d1b695ee..bbb5ab224933c4acade91b54eef582a17d2b5fcb 100644 (file)
@@ -49,7 +49,7 @@
   copy:
     src: "{{ grafana_key }}"
     dest: "/etc/grafana/ceph-dashboard.key"
-    mode: 0640
+    mode: 0440
   when:
     - grafana_key
     - dashboard_protocol == "https"