From: Alfredo Deza <adeza@redhat.com>
Date: Fri, 10 Apr 2015 17:06:09 +0000 (-0400)
Subject: Change umask when creating keyrings
X-Git-Tag: v1.5.22.1~1^2~2
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=650096ce83e8b9e8da24ea433e2d167f8bb84527;p=ceph-deploy.git

Change umask when creating keyrings

So that they aren't world readable by default

Unable to cherry-pick due to multiple changes in single commit
Original commit: 3cdc6cb5

Signed-off-by: Alfredo Deza <adeza@redhat.com>
(cherry picked from commit 5404647b76460ec83e43a570afcef4c87b8cb662)
---

diff --git a/ceph_deploy/new.py b/ceph_deploy/new.py
index 902e87d..a4dfb57 100644
--- a/ceph_deploy/new.py
+++ b/ceph_deploy/new.py
@@ -211,18 +211,21 @@ def new_mon_keyring(args):
     keypath = '{name}.mon.keyring'.format(
         name=args.cluster,
         )
-
+    oldmask = os.umask(077)
     LOG.debug('Writing monitor keyring to %s...', keypath)
-    tmp = '%s.tmp' % keypath
-    with file(tmp, 'w') as f:
-        f.write(mon_keyring)
     try:
-        os.rename(tmp, keypath)
-    except OSError as e:
-        if e.errno == errno.EEXIST:
-            raise exc.ClusterExistsError(keypath)
-        else:
-            raise
+        tmp = '%s.tmp' % keypath
+        with file(tmp, 'w') as f:
+            f.write(mon_keyring)
+        try:
+            os.rename(tmp, keypath)
+        except OSError as e:
+            if e.errno == errno.EEXIST:
+                raise exc.ClusterExistsError(keypath)
+            else:
+                raise
+    finally:
+        os.umask(oldmask)
 
 
 @priority(10)