From: Kienan Stewart <kstewart@efficios.com>
Date: Mon, 12 Feb 2024 15:49:47 +0000 (-0500)
Subject: ansible: restrict mode on internal certificate private key to user
X-Git-Url: http://git.liburcu.org/?p=lttng-ci.git;a=commitdiff_plain;h=ed7ece9a6404fea1a39a33c1ad0cda42a174979b

ansible: restrict mode on internal certificate private key to user

Samba asserts that the mode is 0600, not 0640.

Change-Id: If6ca4dba54726c29caba18575f9c0796d14a6b79
Signed-off-by: Kienan Stewart <kstewart@efficios.com>
---

diff --git a/automation/ansible/roles/common/tasks/certs.yml b/automation/ansible/roles/common/tasks/certs.yml
index eeb1bfa..fc79947 100644
--- a/automation/ansible/roles/common/tasks/certs.yml
+++ b/automation/ansible/roles/common/tasks/certs.yml
@@ -10,7 +10,7 @@
 - name: Deploy internal certificate key
   ansible.builtin.copy:
     dest: "{{common_certificate_key_path_prefix}}/internal.efficios.com.key"
-    mode: '0640'
+    mode: '0600'
     owner: 'root'
     group: 'root'
     content: "{{lookup('community.general.bitwarden', 'TLS Certificate internal.efficios.com', collection_id='35c5d8b1-2520-4450-a479-aef50131b930')[0]['notes'] }}"