diff --git a/ansible/roles/baremetal/tasks/post-install.yml b/ansible/roles/baremetal/tasks/post-install.yml index 3807b282d6..395a677caa 100644 --- a/ansible/roles/baremetal/tasks/post-install.yml +++ b/ansible/roles/baremetal/tasks/post-install.yml @@ -20,6 +20,7 @@ file: path: /etc/sudoers.d/kolla-ansible-users state: touch + mode: "0640" become: True when: create_kolla_user_sudoers | bool diff --git a/ansible/roles/ceilometer/tasks/config.yml b/ansible/roles/ceilometer/tasks/config.yml index 5af1067818..335e61d5ed 100644 --- a/ansible/roles/ceilometer/tasks/config.yml +++ b/ansible/roles/ceilometer/tasks/config.yml @@ -21,7 +21,7 @@ src: "{{ node_custom_config }}/ceilometer/polling.yaml" dest: "{{ node_config_directory }}/{{ item.key }}/polling.yaml" force: True - mode: "0600" + mode: "0660" become: true register: ceilometer_polling_overwriting when: @@ -123,6 +123,7 @@ template: src: "pipeline.yaml.j2" dest: "{{ node_config_directory }}/{{ item.key }}/pipeline.yaml" + mode: "0660" become: true register: ceilometer_pipelines when: @@ -163,6 +164,7 @@ copy: src: "{{ node_custom_config }}/vmware_ca" dest: "{{ node_config_directory }}/ceilometer-compute/vmware_ca" + mode: "0660" register: vcenter_ca_file when: - nova_compute_virt_type == "vmware" diff --git a/ansible/roles/ceph/tasks/config.yml b/ansible/roles/ceph/tasks/config.yml index ccd9185bb6..6ea77cf965 100644 --- a/ansible/roles/ceph/tasks/config.yml +++ b/ansible/roles/ceph/tasks/config.yml @@ -60,7 +60,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/ceph-nfs/ganesha.conf" - mode: 0600 + mode: "0600" become: true when: - inventory_hostname in groups['ceph-nfs'] diff --git a/ansible/roles/ceph/tasks/start_mdss.yml b/ansible/roles/ceph/tasks/start_mdss.yml index fdce017bf5..76d8a27c6a 100644 --- a/ansible/roles/ceph/tasks/start_mdss.yml +++ b/ansible/roles/ceph/tasks/start_mdss.yml @@ -35,7 +35,7 @@ [mds.{{ item.item }}] key = {{ item.keyring.key }} dest: "{{ node_config_directory }}/ceph-mds/ceph.mds.{{ inventory_hostname }}.keyring" - mode: 0600 + mode: "0600" when: - inventory_hostname == item.item with_items: "{{ ceph_mds_auth.results }}" diff --git a/ansible/roles/ceph/tasks/start_mgrs.yml b/ansible/roles/ceph/tasks/start_mgrs.yml index c151d5675f..2e7af05de6 100644 --- a/ansible/roles/ceph/tasks/start_mgrs.yml +++ b/ansible/roles/ceph/tasks/start_mgrs.yml @@ -15,7 +15,7 @@ [mgr.{{ item.item }}] key = {{ item.keyring.key }} dest: "{{ node_config_directory }}/ceph-mgr/ceph.mgr.{{ inventory_hostname }}.keyring" - mode: 0600 + mode: "0600" when: - inventory_hostname == item.item with_items: "{{ ceph_mgr_keyring.results }}" diff --git a/ansible/roles/cinder/tasks/config.yml b/ansible/roles/cinder/tasks/config.yml index 851d7815eb..9b87c1c0ae 100644 --- a/ansible/roles/cinder/tasks/config.yml +++ b/ansible/roles/cinder/tasks/config.yml @@ -68,6 +68,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/cinder-api/cinder-wsgi.conf" + mode: "0660" with_first_found: - "{{ node_custom_config }}/cinder/{{ inventory_hostname }}/cinder-wsgi.conf" - "{{ node_custom_config }}/cinder/cinder-wsgi.conf" @@ -108,6 +109,7 @@ template: src: "{{ cinder_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ cinder_policy_file }}" + mode: "0660" register: cinder_policy_overwriting when: - item.value.enabled | bool @@ -125,6 +127,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/cinder-volume/nfs_shares" + mode: "0660" with_first_found: - files: - "{{ node_custom_config }}/nfs_shares.j2" diff --git a/ansible/roles/common/tasks/config.yml b/ansible/roles/common/tasks/config.yml index f3fdf23af8..08b97d36c9 100644 --- a/ansible/roles/common/tasks/config.yml +++ b/ansible/roles/common/tasks/config.yml @@ -16,6 +16,7 @@ file: path: "{{ node_config_directory }}/{{ item }}" state: "directory" + mode: "0770" become: true with_items: - "fluentd" @@ -72,6 +73,7 @@ template: src: "{{ item.path }}" dest: "{{ node_config_directory }}/fluentd/input/{{ item.path | basename }}" + mode: "0660" register: fluentd_input_custom when: - enable_fluentd | bool @@ -172,6 +174,7 @@ template: src: "{{ item.path }}" dest: "{{ node_config_directory }}/fluentd/format/{{ item.path | basename }}" + mode: "0660" register: fluentd_format_custom when: - enable_fluentd | bool diff --git a/ansible/roles/designate/tasks/backend_external.yml b/ansible/roles/designate/tasks/backend_external.yml index b37d164968..888928633a 100644 --- a/ansible/roles/designate/tasks/backend_external.yml +++ b/ansible/roles/designate/tasks/backend_external.yml @@ -3,6 +3,7 @@ template: src: "{{ node_custom_config }}/designate/rndc.conf" dest: "{{ node_config_directory }}/{{ item.key }}/rndc.conf" + mode: "0660" register: designate_rndc_conf when: - designate_backend_external == 'bind9' @@ -17,6 +18,7 @@ template: src: "{{ node_custom_config }}/designate/rndc.key" dest: "{{ node_config_directory }}/{{ item.key }}/rndc.key" + mode: "0660" register: designate_rndc_key_file when: - designate_backend_external == 'bind9' diff --git a/ansible/roles/designate/tasks/config.yml b/ansible/roles/designate/tasks/config.yml index 1b7e9f1b61..e6ed85238b 100644 --- a/ansible/roles/designate/tasks/config.yml +++ b/ansible/roles/designate/tasks/config.yml @@ -160,7 +160,7 @@ template: src: "{{ designate_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ designate_policy_file }}" - mode: "0770" + mode: "0660" become: true register: designate_policy_overwriting when: diff --git a/ansible/roles/freezer/tasks/config.yml b/ansible/roles/freezer/tasks/config.yml index e716ab1c3c..eb969317b1 100644 --- a/ansible/roles/freezer/tasks/config.yml +++ b/ansible/roles/freezer/tasks/config.yml @@ -83,7 +83,7 @@ template: src: "{{ freezer_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ freezer_policy_file }}" - mode: "0770" + mode: "0660" become: true register: freezer_policy_overwriting when: diff --git a/ansible/roles/gnocchi/tasks/ceph.yml b/ansible/roles/gnocchi/tasks/ceph.yml index f85eae2c0f..dd0e198f92 100644 --- a/ansible/roles/gnocchi/tasks/ceph.yml +++ b/ansible/roles/gnocchi/tasks/ceph.yml @@ -6,6 +6,7 @@ - "{{ node_custom_config }}/ceph.conf" - "{{ node_custom_config }}/ceph/{{ inventory_hostname }}/ceph.conf" dest: "{{ node_config_directory }}/{{ item }}/ceph.conf" + mode: "0660" become: true when: inventory_hostname in groups[item] with_items: diff --git a/ansible/roles/gnocchi/tasks/config.yml b/ansible/roles/gnocchi/tasks/config.yml index 87c4e87f23..bf7f406945 100644 --- a/ansible/roles/gnocchi/tasks/config.yml +++ b/ansible/roles/gnocchi/tasks/config.yml @@ -99,6 +99,7 @@ template: src: "{{ gnocchi_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ gnocchi_policy_file }}" + mode: "0660" register: gnocchi_policy_overwriting when: - gnocchi_policy_file is defined diff --git a/ansible/roles/gnocchi/tasks/external_ceph.yml b/ansible/roles/gnocchi/tasks/external_ceph.yml index 0e54c73b11..48e2bb5290 100644 --- a/ansible/roles/gnocchi/tasks/external_ceph.yml +++ b/ansible/roles/gnocchi/tasks/external_ceph.yml @@ -3,6 +3,7 @@ template: src: "{{ node_custom_config }}/gnocchi/ceph.conf" dest: "{{ node_config_directory }}/{{ item }}/ceph.conf" + mode: "0660" become: true when: inventory_hostname in groups[item] with_items: @@ -18,6 +19,7 @@ copy: src: "{{ node_custom_config }}/gnocchi/ceph.client.gnocchi.keyring" dest: "{{ node_config_directory }}/{{ item }}/ceph.client.gnocchi.keyring" + mode: "0660" become: true when: inventory_hostname in groups[item] with_items: diff --git a/ansible/roles/grafana/tasks/config.yml b/ansible/roles/grafana/tasks/config.yml index 4dd302822d..6e90192029 100644 --- a/ansible/roles/grafana/tasks/config.yml +++ b/ansible/roles/grafana/tasks/config.yml @@ -73,6 +73,7 @@ template: src: "{{ node_custom_config }}/grafana/grafana_home_dashboard.json" dest: "{{ node_config_directory }}/grafana/grafana_home_dashboard.json" + mode: "0660" register: grafana_home_dashboard when: grafana_custom_dashboard_file.stat.exists notify: diff --git a/ansible/roles/ironic/tasks/config.yml b/ansible/roles/ironic/tasks/config.yml index 10d68d1372..552f8adc9b 100644 --- a/ansible/roles/ironic/tasks/config.yml +++ b/ansible/roles/ironic/tasks/config.yml @@ -245,7 +245,7 @@ template: src: "{{ ironic_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ ironic_policy_file }}" - mode: "0770" + mode: "0660" become: true register: ironic_policy_jsons when: diff --git a/ansible/roles/keystone/tasks/config.yml b/ansible/roles/keystone/tasks/config.yml index bb7955c42a..7175eb831b 100644 --- a/ansible/roles/keystone/tasks/config.yml +++ b/ansible/roles/keystone/tasks/config.yml @@ -91,6 +91,7 @@ file: dest: "{{ node_config_directory }}/keystone/domains/" state: "directory" + mode: "0770" become: true when: - inventory_hostname in groups[keystone.group] diff --git a/ansible/roles/manila/tasks/config.yml b/ansible/roles/manila/tasks/config.yml index 15da1faf84..dc22c9a8b4 100644 --- a/ansible/roles/manila/tasks/config.yml +++ b/ansible/roles/manila/tasks/config.yml @@ -110,6 +110,7 @@ template: src: "{{ manila_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ manila_policy_file }}" + mode: "0660" register: manila_policy_overwriting when: - manila_policy_file is defined diff --git a/ansible/roles/mariadb/tasks/recover_cluster.yml b/ansible/roles/mariadb/tasks/recover_cluster.yml index 52847ad630..1d1c340feb 100644 --- a/ansible/roles/mariadb/tasks/recover_cluster.yml +++ b/ansible/roles/mariadb/tasks/recover_cluster.yml @@ -4,12 +4,17 @@ when: not has_cluster | bool - name: Cleaning up temp file on mariadb hosts - file: path=/tmp/kolla_mariadb_grastate.dat state=absent + file: + path: /tmp/kolla_mariadb_grastate.dat + state: absent changed_when: false check_mode: no - name: Cleaning up temp file on localhost - local_action: file path=/tmp/kolla_mariadb_recover_inventory_name state=absent + local_action: + module: file + path: /tmp/kolla_mariadb_recover_inventory_name + state: absent changed_when: false check_mode: no run_once: true @@ -50,7 +55,9 @@ register: wsrep_recovery_seqno - name: Removing MariaDB log file from /tmp - file: path=/tmp/mariadb_tmp.log state=absent + file: + path: /tmp/mariadb_tmp.log + state: absent changed_when: false check_mode: no diff --git a/ansible/roles/mistral/tasks/config.yml b/ansible/roles/mistral/tasks/config.yml index 9345237a83..42dc00c410 100644 --- a/ansible/roles/mistral/tasks/config.yml +++ b/ansible/roles/mistral/tasks/config.yml @@ -86,6 +86,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/mistral-event-engine/event_definitions.yaml" + mode: "0660" register: mistral_event_definitions_confs when: - inventory_hostname in groups[service.group] diff --git a/ansible/roles/neutron/tasks/config.yml b/ansible/roles/neutron/tasks/config.yml index 18d83980f9..4e02f478f5 100644 --- a/ansible/roles/neutron/tasks/config.yml +++ b/ansible/roles/neutron/tasks/config.yml @@ -36,7 +36,7 @@ template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" - mode: "0770" + mode: "0660" register: neutron_config_jsons when: - item.value.enabled | bool @@ -94,6 +94,7 @@ - "{{ node_custom_config }}/neutron/neutron_lbaas.conf" - "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron_lbaas.conf" dest: "{{ node_config_directory }}/{{ item.key }}/neutron_lbaas.conf" + mode: "0660" register: neutron_lbaas_confs when: - item.value.enabled | bool @@ -116,6 +117,7 @@ - "{{ node_custom_config }}/neutron/neutron_vpnaas.conf" - "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/neutron_vpnaas.conf" dest: "{{ node_config_directory }}/{{ item.key }}/neutron_vpnaas.conf" + mode: "0660" register: neutron_vpnaas_confs when: - item.value.enabled | bool @@ -185,6 +187,7 @@ - "{{ node_custom_config }}/neutron/sriov_agent.ini" - "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/sriov_agent.ini" dest: "{{ node_config_directory }}/{{ service_name }}/sriov_agent.ini" + mode: "0660" register: neutron_sriov_agent_ini when: - neutron_sriov_agent.enabled | bool @@ -353,6 +356,7 @@ - "{{ role_path }}/templates/bgp_dragent.ini.j2" - "{{ node_custom_config }}/neutron/bgp_dragent.ini" dest: "{{ node_config_directory }}/{{ service_name }}/bgp_dragent.ini" + mode: "0660" register: neutron_bgp_dragent_ini when: - neutron_bgp_dragent.enabled | bool @@ -375,6 +379,7 @@ - "{{ node_custom_config }}/neutron/nsx.ini" - "{{ node_custom_config }}/neutron/{{ inventory_hostname }}/nsx.ini" dest: "{{ node_config_directory }}/{{ service_name }}/nsx.ini" + mode: "0660" register: nsx_ini when: - neutron_server.enabled | bool @@ -420,6 +425,7 @@ template: src: neutron-l3-agent-wrapper.sh.j2 dest: "{{ node_config_directory }}/{{ service_name }}/neutron-l3-agent-wrapper.sh" + mode: "0770" register: neutron_l3_agent_wrapper when: - service.enabled | bool diff --git a/ansible/roles/nova/tasks/config-nova-fake.yml b/ansible/roles/nova/tasks/config-nova-fake.yml index c5cae852e2..ba137fb2d3 100644 --- a/ansible/roles/nova/tasks/config-nova-fake.yml +++ b/ansible/roles/nova/tasks/config-nova-fake.yml @@ -4,7 +4,7 @@ file: path: "{{ node_config_directory }}/nova-compute-fake-{{ item }}" state: "directory" - recurse: yes + mode: "0770" with_sequence: start=1 end={{ num_nova_fake_per_node }} notify: - Restart nova-compute-fake containers diff --git a/ansible/roles/nova/tasks/config.yml b/ansible/roles/nova/tasks/config.yml index 6c0349e2dc..8491e480bc 100644 --- a/ansible/roles/nova/tasks/config.yml +++ b/ansible/roles/nova/tasks/config.yml @@ -62,7 +62,7 @@ template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" - mode: "0770" + mode: "0660" register: config_jsons when: - inventory_hostname in groups[item.value.group] @@ -144,6 +144,7 @@ copy: src: "{{ node_custom_config }}/vmware_ca" dest: "{{ node_config_directory }}/nova-compute/vmware_ca" + mode: "0660" register: vcenter_ca_file when: - nova_compute_virt_type == "vmware" @@ -159,6 +160,7 @@ copy: src: "{{ item }}" dest: "{{ node_config_directory }}/nova-compute/release" + mode: "0660" with_first_found: - files: - "{{ node_custom_config }}/nova_compute/{{ inventory_hostname }}/release" @@ -188,6 +190,7 @@ template: src: "{{ nova_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ nova_policy_file }}" + mode: "0660" register: nova_policy_overwriting when: - inventory_hostname in groups[item.value.group] diff --git a/ansible/roles/octavia/tasks/config.yml b/ansible/roles/octavia/tasks/config.yml index 43af6962e5..b2b42a26fc 100644 --- a/ansible/roles/octavia/tasks/config.yml +++ b/ansible/roles/octavia/tasks/config.yml @@ -104,6 +104,7 @@ copy: src: "{{ node_custom_config }}/octavia/{{ item }}" dest: "{{ node_config_directory }}/octavia-housekeeping/{{ item }}" + mode: "0660" become: true register: octavia_housekeeping_certificate when: @@ -122,6 +123,7 @@ copy: src: "{{ node_custom_config }}/octavia/{{ item }}" dest: "{{ node_config_directory }}/octavia-health-manager/{{ item }}" + mode: "0660" become: true register: octavia_health_manager_certificate when: diff --git a/ansible/roles/opendaylight/tasks/config.yml b/ansible/roles/opendaylight/tasks/config.yml index d41dd3d2e7..a5147c1e71 100644 --- a/ansible/roles/opendaylight/tasks/config.yml +++ b/ansible/roles/opendaylight/tasks/config.yml @@ -198,6 +198,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/opendaylight/10-rest-connector.xml" + mode: "0660" become: true with_first_found: - "{{ node_custom_config }}/opendaylight/{{ inventory_hostname }}/10-rest-connector.xml" diff --git a/ansible/roles/openvswitch/tasks/config.yml b/ansible/roles/openvswitch/tasks/config.yml index 2d938c87f0..b1c9b705da 100644 --- a/ansible/roles/openvswitch/tasks/config.yml +++ b/ansible/roles/openvswitch/tasks/config.yml @@ -24,7 +24,7 @@ template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" - mode: "0770" + mode: "0660" register: openvswitch_config_jsons when: - item.value.enabled | bool @@ -40,6 +40,7 @@ template: src: "{{ role_path }}/templates/start-ovs.j2" dest: "{{ node_config_directory }}/openvswitch-vswitchd/start-ovs" + mode: "0770" register: openvswitch_start_ovs when: - inventory_hostname in groups[service.group] @@ -54,6 +55,7 @@ template: src: "{{ role_path }}/templates/start-ovsdb-server.j2" dest: "{{ node_config_directory }}/openvswitch-db-server/start-ovsdb-server" + mode: "0770" register: openvswitch_start_ovsdb_server when: - inventory_hostname in groups[service.group] diff --git a/ansible/roles/ovs-dpdk/tasks/config.yml b/ansible/roles/ovs-dpdk/tasks/config.yml index 1115019d53..d113f0ee06 100644 --- a/ansible/roles/ovs-dpdk/tasks/config.yml +++ b/ansible/roles/ovs-dpdk/tasks/config.yml @@ -15,6 +15,7 @@ template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + mode: "0660" register: ovsdpdk_config_jsons when: - item.value.enabled | bool @@ -27,7 +28,7 @@ copy: src: ../tools/ovs-dpdkctl.sh dest: "{{ node_config_directory }}/ovsdpdk-db/ovs-dpdkctl.sh" - mode: 0777 + mode: "0770" - name: Install ovs-dpdkctl service and config become: True diff --git a/ansible/roles/placement/tasks/config.yml b/ansible/roles/placement/tasks/config.yml index f8863f5af5..7f1cf33dcf 100644 --- a/ansible/roles/placement/tasks/config.yml +++ b/ansible/roles/placement/tasks/config.yml @@ -34,7 +34,7 @@ template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" - mode: "0770" + mode: "0660" when: - inventory_hostname in groups[item.value.group] - item.value.enabled | bool @@ -69,6 +69,7 @@ template: src: "placement-api-wsgi.conf.j2" dest: "{{ node_config_directory }}/placement-api/placement-api-wsgi.conf" + mode: "0660" when: - inventory_hostname in groups[service.group] - service.enabled | bool @@ -82,6 +83,7 @@ template: src: "migrate-db.rc.j2" dest: "{{ node_config_directory }}/placement-api/migrate-db.rc" + mode: "0660" when: - inventory_hostname in groups[service.group] - service.enabled | bool @@ -93,6 +95,7 @@ template: src: "{{ placement_policy_file_path }}" dest: "{{ placement_config_directory }}/{{ item.key }}/{{ placement_policy_file }}" + mode: "0660" when: - inventory_hostname in groups[item.value.group] - item.value.enabled | bool diff --git a/ansible/roles/prometheus/tasks/config.yml b/ansible/roles/prometheus/tasks/config.yml index 1446052061..f5bba6217d 100644 --- a/ansible/roles/prometheus/tasks/config.yml +++ b/ansible/roles/prometheus/tasks/config.yml @@ -17,6 +17,7 @@ template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ item.key }}/config.json" + mode: "0660" register: prometheus_config_jsons when: - inventory_hostname in groups[item.value.group] @@ -60,6 +61,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/prometheus-server/prometheus.yml" + mode: "0660" register: prometheus_confs when: - inventory_hostname in groups[service.group] @@ -78,6 +80,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/prometheus-alertmanager/prometheus-alertmanager.yml" + mode: "0660" register: prometheus_alertmanager_confs when: - inventory_hostname in groups[service.group] @@ -99,6 +102,7 @@ - "{{ node_custom_config }}/prometheus-mysqld-exporter/my.cnf" - "{{ role_path }}/templates/my.cnf.j2" dest: "{{ node_config_directory }}/prometheus-mysqld-exporter/my.cnf" + mode: "0660" register: prometheus_conf_mycnf when: - inventory_hostname in groups[service.group] @@ -112,6 +116,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/prometheus-openstack-exporter/clouds.yml" + mode: "0660" register: prometheus_openstack_exporter_confs when: - inventory_hostname in groups[service.group] diff --git a/ansible/roles/rabbitmq/tasks/config.yml b/ansible/roles/rabbitmq/tasks/config.yml index be27a9d32b..37537140c4 100644 --- a/ansible/roles/rabbitmq/tasks/config.yml +++ b/ansible/roles/rabbitmq/tasks/config.yml @@ -16,7 +16,7 @@ template: src: "{{ item.key }}.json.j2" dest: "{{ node_config_directory }}/{{ project_name }}/config.json" - mode: "0770" + mode: "0660" become: true when: - inventory_hostname in groups[item.value.group] @@ -33,7 +33,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/{{ project_name }}/rabbitmq-env.conf" - mode: "0770" + mode: "0660" with_first_found: - "{{ node_custom_config }}/rabbitmq/{{ inventory_hostname }}/rabbitmq-env.conf" - "{{ node_custom_config }}/rabbitmq/rabbitmq-env.conf" @@ -53,7 +53,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/{{ project_name }}/rabbitmq.conf" - mode: "0770" + mode: "0660" with_first_found: - "{{ node_custom_config }}/rabbitmq/{{ inventory_hostname }}/rabbitmq.conf" - "{{ node_custom_config }}/rabbitmq/rabbitmq.conf" @@ -72,7 +72,7 @@ template: src: "{{ item }}" dest: "{{ node_config_directory }}/{{ project_name }}/definitions.json" - mode: "0770" + mode: "0660" with_first_found: - "{{ node_custom_config }}/rabbitmq/{{ inventory_hostname }}/definitions.json" - "{{ node_custom_config }}/rabbitmq/definitions.json" diff --git a/ansible/roles/swift/tasks/config.yml b/ansible/roles/swift/tasks/config.yml index a2dbae52e3..81626b6876 100644 --- a/ansible/roles/swift/tasks/config.yml +++ b/ansible/roles/swift/tasks/config.yml @@ -193,6 +193,7 @@ template: src: "{{ node_custom_config }}/swift/policy.json" dest: "{{ node_config_directory }}/{{ item }}/policy.json" + mode: "0660" with_items: - "swift-account-auditor" - "swift-account-reaper" diff --git a/ansible/roles/trove/tasks/config.yml b/ansible/roles/trove/tasks/config.yml index 99b845b78b..34f4944807 100644 --- a/ansible/roles/trove/tasks/config.yml +++ b/ansible/roles/trove/tasks/config.yml @@ -92,6 +92,7 @@ template: src: "{{ trove_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ trove_policy_file }}" + mode: "0660" register: trove_policy_overwriting when: - trove_policy_file is defined diff --git a/ansible/roles/watcher/tasks/config.yml b/ansible/roles/watcher/tasks/config.yml index 401cb7ec2f..41bfd7169d 100644 --- a/ansible/roles/watcher/tasks/config.yml +++ b/ansible/roles/watcher/tasks/config.yml @@ -70,6 +70,7 @@ template: src: "{{ watcher_policy_file_path }}" dest: "{{ node_config_directory }}/{{ item.key }}/{{ watcher_policy_file }}" + mode: "0660" register: watcher_policy_overwriting when: - watcher_policy_file is defined