From 650096ce83e8b9e8da24ea433e2d167f8bb84527 Mon Sep 17 00:00:00 2001
From: Alfredo Deza <adeza@redhat.com>
Date: Fri, 10 Apr 2015 13:06:09 -0400
Subject: [PATCH] Change umask when creating keyrings

So that they aren't world readable by default

Unable to cherry-pick due to multiple changes in single commit
Original commit: 3cdc6cb5

Signed-off-by: Alfredo Deza <adeza@redhat.com>
(cherry picked from commit 5404647b76460ec83e43a570afcef4c87b8cb662)
---
 ceph_deploy/new.py | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/ceph_deploy/new.py b/ceph_deploy/new.py
index 902e87d..a4dfb57 100644
--- a/ceph_deploy/new.py
+++ b/ceph_deploy/new.py
@@ -211,18 +211,21 @@ def new_mon_keyring(args):
     keypath = '{name}.mon.keyring'.format(
         name=args.cluster,
         )
-
+    oldmask = os.umask(077)
     LOG.debug('Writing monitor keyring to %s...', keypath)
-    tmp = '%s.tmp' % keypath
-    with file(tmp, 'w') as f:
-        f.write(mon_keyring)
     try:
-        os.rename(tmp, keypath)
-    except OSError as e:
-        if e.errno == errno.EEXIST:
-            raise exc.ClusterExistsError(keypath)
-        else:
-            raise
+        tmp = '%s.tmp' % keypath
+        with file(tmp, 'w') as f:
+            f.write(mon_keyring)
+        try:
+            os.rename(tmp, keypath)
+        except OSError as e:
+            if e.errno == errno.EEXIST:
+                raise exc.ClusterExistsError(keypath)
+            else:
+                raise
+    finally:
+        os.umask(oldmask)
 
 
 @priority(10)
-- 
2.47.3