Securing /etc/nova
* /etc/nova should be 700 and owned by nova:nova, since all files are group readable.
This commit is contained in:
parent
261c28a991
commit
7d176f39e6
|
@ -110,6 +110,8 @@ Attributes
|
|||
==========
|
||||
|
||||
* `default["nova"]["keystone_service_chef_role"]` - The name of the Chef role that sets up the Keystone Service API
|
||||
* `default["nova"]["user"]` - User nova services run as
|
||||
* `default["nova"]["group"]` - Group nova services run as
|
||||
* `default["nova"]["nova_setup_chef_role"]` - The name of the Chef role that sets up Nova
|
||||
* `default["nova"]["db"]["name"]` - Name of nova database
|
||||
* `default["nova"]["db"]["username"]` - Username for nova database access
|
||||
|
|
|
@ -29,6 +29,9 @@ default["nova"]["service_tenant_name"] = "service"
|
|||
default["nova"]["service_user"] = "nova"
|
||||
default["nova"]["service_role"] = "admin"
|
||||
|
||||
default["nova"]["user"] = "nova"
|
||||
default["nova"]["group"] = "nova"
|
||||
|
||||
# Logging stuff
|
||||
default["nova"]["syslog"]["use"] = false
|
||||
default["nova"]["syslog"]["facility"] = "LOG_LOCAL1"
|
||||
|
|
|
@ -30,9 +30,9 @@ platform_options = node["nova"]["platform"]
|
|||
node.set_unless['nova']['service_pass'] = secure_password
|
||||
|
||||
directory "/var/lock/nova" do
|
||||
owner "nova"
|
||||
group "nova"
|
||||
mode 00755
|
||||
owner node["nova"]["user"]
|
||||
group node["nova"]["group"]
|
||||
mode 00700
|
||||
|
||||
action :create
|
||||
end
|
||||
|
|
|
@ -26,11 +26,11 @@ include_recipe "nova::nova-common"
|
|||
platform_options = node["nova"]["platform"]
|
||||
|
||||
directory "/var/lock/nova" do
|
||||
owner "nova"
|
||||
group "nova"
|
||||
mode 00755
|
||||
owner node["nova"]["user"]
|
||||
group node["nova"]["group"]
|
||||
mode 00700
|
||||
|
||||
action :create
|
||||
action :create
|
||||
end
|
||||
|
||||
package "python-keystone" do
|
||||
|
|
|
@ -30,9 +30,9 @@ node.set_unless['nova']['service_pass'] = secure_password
|
|||
platform_options = node["nova"]["platform"]
|
||||
|
||||
directory "/var/lock/nova" do
|
||||
owner "nova"
|
||||
group "nova"
|
||||
mode 00755
|
||||
owner node["nova"]["user"]
|
||||
group node["nova"]["group"]
|
||||
mode 00700
|
||||
|
||||
action :create
|
||||
end
|
||||
|
|
|
@ -26,11 +26,11 @@ include_recipe "nova::nova-common"
|
|||
platform_options = node["nova"]["platform"]
|
||||
|
||||
directory "/var/lock/nova" do
|
||||
owner "nova"
|
||||
group "nova"
|
||||
mode 00755
|
||||
owner node["nova"]["user"]
|
||||
group node["nova"]["group"]
|
||||
mode 00700
|
||||
|
||||
action :create
|
||||
action :create
|
||||
end
|
||||
|
||||
package "python-keystone" do
|
||||
|
|
|
@ -36,9 +36,9 @@ platform_options["common_packages"].each do |pkg|
|
|||
end
|
||||
|
||||
directory "/etc/nova" do
|
||||
owner "nova"
|
||||
group "nova"
|
||||
mode 00755
|
||||
owner node["nova"]["user"]
|
||||
group node["nova"]["group"]
|
||||
mode 00700
|
||||
|
||||
action :create
|
||||
end
|
||||
|
|
|
@ -22,9 +22,9 @@ include_recipe "nova::nova-common"
|
|||
platform_options = node["nova"]["platform"]
|
||||
|
||||
directory "/var/lock/nova" do
|
||||
owner "nova"
|
||||
group "nova"
|
||||
mode 00755
|
||||
owner node["nova"]["user"]
|
||||
group node["nova"]["group"]
|
||||
mode 00700
|
||||
|
||||
action :create
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue