Change umask when writing files.

So that getherkeys doesn't make them world readable.

Unable to cherry-pick due tue multiple changes in single commit.
Original commit: 3cdc6cb5

Signed-off-by: Alfredo Deza <adeza@redhat.com>
(cherry picked from commit e9c8408a993b86bb2b8d2adf5ef8668b2208a460)

diff --git a/ceph_deploy/gatherkeys.py b/ceph_deploy/gatherkeys.py
index e3b355e160d71c5281ac7935557a84e9d48d8e01..d889bec6fefa428076fb277607ac7d0b84b453b4 100644 (file)
--- a/ceph_deploy/gatherkeys.py
+++ b/ceph_deploy/gatherkeys.py
@@ -30,47 +30,52 @@ def fetch_file(args, frompath, topath, _hosts):
 
 
 def gatherkeys(args):
-    # client.admin
-    keyring = '/etc/ceph/{cluster}.client.admin.keyring'.format(
-        cluster=args.cluster)
-    r = fetch_file(
-        args=args,
-        frompath=keyring,
-        topath='{cluster}.client.admin.keyring'.format(
-            cluster=args.cluster),
-        _hosts=args.mon,
-        )
-    if not r:
-        raise exc.KeyNotFoundError(keyring, args.mon)
-
-    # mon.
-    keyring = '/var/lib/ceph/mon/{cluster}-{{hostname}}/keyring'.format(
-        cluster=args.cluster)
-    r = fetch_file(
-        args=args,
-        frompath=keyring,
-        topath='{cluster}.mon.keyring'.format(cluster=args.cluster),
-        _hosts=args.mon,
-        )
-    if not r:
-        raise exc.KeyNotFoundError(keyring, args.mon)
+    oldmask = os.umask(077)
+    try:
+        # client.admin
+        keyring = '/etc/ceph/{cluster}.client.admin.keyring'.format(
+            cluster=args.cluster)
+        r = fetch_file(
+            args=args,
+            frompath=keyring,
+            topath='{cluster}.client.admin.keyring'.format(
+                cluster=args.cluster),
+            _hosts=args.mon,
+            )
+        if not r:
+            raise exc.KeyNotFoundError(keyring, args.mon)
 
-    # bootstrap
-    for what in ['osd', 'mds']:
-        keyring = '/var/lib/ceph/bootstrap-{what}/{cluster}.keyring'.format(
-            what=what,
+        # mon.
+        keyring = '/var/lib/ceph/mon/{cluster}-{{hostname}}/keyring'.format(
             cluster=args.cluster)
         r = fetch_file(
             args=args,
             frompath=keyring,
-            topath='{cluster}.bootstrap-{what}.keyring'.format(
-                cluster=args.cluster,
-                what=what),
+            topath='{cluster}.mon.keyring'.format(cluster=args.cluster),
             _hosts=args.mon,
             )
         if not r:
             raise exc.KeyNotFoundError(keyring, args.mon)
 
+        # bootstrap
+        for what in ['osd', 'mds']:
+            keyring = '/var/lib/ceph/bootstrap-{what}/{cluster}.keyring'.format(
+                what=what,
+                cluster=args.cluster)
+            r = fetch_file(
+                args=args,
+                frompath=keyring,
+                topath='{cluster}.bootstrap-{what}.keyring'.format(
+                    cluster=args.cluster,
+                    what=what),
+                _hosts=args.mon,
+                )
+            if not r:
+                raise exc.KeyNotFoundError(keyring, args.mon)
+
+    finally:
+        os.umask(oldmask)
+
 
 @priority(40)
 def make(parser):