ceph
/
ceph-ansible
mirror of https://github.com/ceph/ceph-ansible.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

dashboard: set less permissive permissions on dashboard certificate/key 

use `0440` instead of `0644` is enough

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit 14f381200d)
pull/3999/head
Guillaume Abrioux 2019-05-15 14:38:46 +02:00
parent c45906e0ac
commit 79ad697af7
2 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
roles/ceph-dashboard/tasks/configure_dashboard.yml
View File

@ -20,7 +20,7 @@
dest: "/etc/ceph/ceph-dashboard.crt" dest: "/etc/ceph/ceph-dashboard.crt"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0440
when: when:
- dashboard_crt - dashboard_crt
- dashboard_protocol == "https" - dashboard_protocol == "https"
@ -31,7 +31,7 @@
dest: "/etc/ceph/ceph-dashboard.key" dest: "/etc/ceph/ceph-dashboard.key"
owner: root owner: root
group: root group: root
mode: 0644 mode: 0440
when: when:
- dashboard_key - dashboard_key
- dashboard_protocol == "https" - dashboard_protocol == "https"

2
roles/ceph-grafana/tasks/configure_grafana.yml
View File

@ -49,7 +49,7 @@
copy: copy:
src: "{{ grafana_key }}" src: "{{ grafana_key }}"
dest: "/etc/grafana/ceph-dashboard.key" dest: "/etc/grafana/ceph-dashboard.key"
mode: 0640 mode: 0440
when: when:
- grafana_key - grafana_key
- dashboard_protocol == "https" - dashboard_protocol == "https"