From 9f147645bbb1e981a0be66af3b81d4b9645052f3 Mon Sep 17 00:00:00 2001
From: mb <mb@citynetwork.se>
Date: Mon, 11 Mar 2019 00:27:16 +0100
Subject: [PATCH] Fix permissions for galera role ca cert

Previous permissions prevented clustercheck from accessing the galera ca
certificate as it's run as user nobody.

Change-Id: I87e15a0c7b7344014f42cced22ffc1e8d3cee487
Closes-Bug: #1819384
---
 tasks/galera_ssl.yml             | 3 ++-
 tasks/galera_ssl_self_signed.yml | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/tasks/galera_ssl.yml b/tasks/galera_ssl.yml
index 341101e4..ec261e97 100644
--- a/tasks/galera_ssl.yml
+++ b/tasks/galera_ssl.yml
@@ -19,7 +19,7 @@
     state: "directory"
     owner: "mysql"
     group: "mysql"
-    mode: "0750"
+    mode: "0755"
 
 - include_tasks: galera_ssl_self_signed.yml
   when:
@@ -37,6 +37,7 @@
   with_items:
     - src: "{{ galera_user_ssl_ca_cert }}"
       dest: "{{ galera_ssl_ca_cert }}"
+      mode: "0644"
     - src: "{{ galera_user_ssl_cert }}"
       dest: "{{ galera_ssl_cert }}"
     - src: "{{ galera_user_ssl_key }}"
diff --git a/tasks/galera_ssl_self_signed.yml b/tasks/galera_ssl_self_signed.yml
index e1a61622..164df87e 100644
--- a/tasks/galera_ssl_self_signed.yml
+++ b/tasks/galera_ssl_self_signed.yml
@@ -128,6 +128,7 @@
   with_items:
     - key: "galera_server_ca_cert"
       dest: "{{ galera_ssl_ca_cert }}"
+      mode: "0644"
     - key: "galera_server_private_key"
       dest: "{{ galera_ssl_key }}"
     - key: "galera_server_cert"