[openstack-dev] [openstack-ansible] restrictive umask / file permissions in target hosts

Markus Zoeller mzoeller at linux.vnet.ibm.com
Wed Jul 26 12:48:35 UTC 2017


On 25.07.2017 16:20, Major Hayden wrote:
> On 07/25/2017 08:36 AM, Markus Zoeller wrote:
>> A short grep in 'openstack-ansible' shows that the file permissions are
>> often not set. I used these commands:
>>
>> $ grep -n -R "template:" --include \*.yml -A 5
>> $ grep -n -R "copy:" --include \*.yml -A 5
>>
>> IIUC, we're using 'ansible-lint' for style checks. Does it make sense to
>> add a new rule which warns/enforces to set the mode (or group/user)?
> 
> I'd definitely be in support of that. We should be as explicit as possible when we deploy files and templates.
> 
> --
> Major Hayden

To close the loop, I've added a bug report to track this effort:
https://bugs.launchpad.net/openstack-ansible/+bug/1706595

TBH, I'm not sure when/if I can work on that. I also don't know how the
effort prioritization works within the openstack-ansible project.

-- 
Regards, Markus Zoeller (markus_z)




More information about the OpenStack-dev mailing list