projects / lttng-ci.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: b519cea)
ansible: restrict mode on internal certificate private key to user
authorKienan Stewart <kstewart@efficios.com>
Mon, 12 Feb 2024 15:49:47 +0000 (10:49 -0500)
committerKienan Stewart <kstewart@efficios.com>
Mon, 12 Feb 2024 15:49:47 +0000 (10:49 -0500)
Samba asserts that the mode is 0600, not 0640.

Change-Id: If6ca4dba54726c29caba18575f9c0796d14a6b79
Signed-off-by: Kienan Stewart <kstewart@efficios.com>
automation/ansible/roles/common/tasks/certs.yml patch | blob | blame | history

diff --git a/automation/ansible/roles/common/tasks/certs.yml b/automation/ansible/roles/common/tasks/certs.yml
index eeb1bfa9657fb1fc44885afb2d00ad5206531bd0..fc79947292d13d6284d89583a756dc8464090c79 100644 (file)
--- a/automation/ansible/roles/common/tasks/certs.yml
+++ b/automation/ansible/roles/common/tasks/certs.yml
@@ -10,7 +10,7 @@
 - name: Deploy internal certificate key
   ansible.builtin.copy:
     dest: "{{common_certificate_key_path_prefix}}/internal.efficios.com.key"
-    mode: '0640'
+    mode: '0600'
     owner: 'root'
     group: 'root'
     content: "{{lookup('community.general.bitwarden', 'TLS Certificate internal.efficios.com', collection_id='35c5d8b1-2520-4450-a479-aef50131b930')[0]['notes'] }}"
Unnamed repository; edit this file 'description' to name the repository.
This page took 0.02752 seconds and 4 git commands to generate.