From: Guillaume Abrioux <gabrioux@redhat.com>
Date: Wed, 21 Oct 2020 12:26:57 +0000 (+0200)
Subject: iscsi: fix ownership on iscsi-gateway.cfg
X-Git-Tag: v6.0.0alpha3~82
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=a822f773002a010ebedddcc2c8cd8f5a03dc786a;p=ceph-ansible.git

iscsi: fix ownership on iscsi-gateway.cfg

This file is currently deployed with '0644' ownership making this file
readable by any user on the system.
Since it contains sensitive information it should be readable by the
owner only.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1890119

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
---

diff --git a/roles/ceph-iscsi-gw/tasks/common.yml b/roles/ceph-iscsi-gw/tasks/common.yml
index 70ad0bfb8..a7de4623c 100644
--- a/roles/ceph-iscsi-gw/tasks/common.yml
+++ b/roles/ceph-iscsi-gw/tasks/common.yml
@@ -44,6 +44,7 @@
     dest: /etc/ceph/iscsi-gateway.cfg
     config_type: ini
     config_overrides: '{{ iscsi_conf_overrides }}'
+    mode: "0600"
   notify: restart ceph rbd-target-api-gw
 
 - name: set_fact container_exec_cmd