openstack
/
puppet-tripleo
Code Issues Proposed changes
puppet-tripleo/spec/classes
History
Juan Antonio Osorio Robles 035c834e02 Explicitly set certmonger's CA cert's permissions 
We were relying on the default permissions that were being set by the
command that extracts the certificate into a PEM file. This wasn't the
right approach, as it could be too restrictive in some setups.

Here, we explicitly tell puppet to set the appropriate permissions
instead.

Given this is a certificate file, and there's no private key involved,
we can set it as world readable (0644). As folks in the system need to
access the file.

Change-Id: I4b2cb1071e3fd5a1277d54b86822e8fef2df0d78
Closes-bug: #1788257
(cherry picked from commit 5d6201f9fc)
 		2019-01-17 14:20:35 +00:00
..
tripleo_certmonger_ca_crl_spec.rb Use exec for CA CRL instead of file resource 2018-08-21 11:33:52 +00:00
tripleo_certmonger_ca_local_spec.rb Explicitly set certmonger's CA cert's permissions 2019-01-17 14:20:35 +00:00
tripleo_certmonger_etcd_spec.rb Add _spec suffix to class spec tests 2017-06-08 09:33:03 +03:00
tripleo_certmonger_mysql_spec.rb Add _spec suffix to class spec tests 2017-06-08 09:33:03 +03:00
tripleo_certmonger_opendaylight_spec.rb Fixes incorrect ownership of ODL TLS cert/key 2018-03-20 12:47:07 -04:00
tripleo_certmonger_openvswitch_spec.rb Adds TLS support for OpenDaylight 2018-01-19 17:11:07 -05:00
tripleo_certmonger_rabbitmq_spec.rb Add _spec suffix to class spec tests 2017-06-08 09:33:03 +03:00
tripleo_firewall_spec.rb firewall/rule: add 'table' support 2018-03-16 17:25:57 +00:00
tripleo_haproxy_spec.rb Give horizon's stanza in haproxy a per-server cookie 2017-12-22 19:41:55 +00:00
tripleo_haproxy_stats_spec.rb Enable TLS for the HAProxy stats interface 2017-07-31 13:30:14 +00:00
tripleo_host_sriov_spec.rb Repair immediate VF configuration for PCI SR-IOV 2017-08-25 18:17:33 -02:30
tripleo_init_spec.rb Implement firewalling in tripleo::firewall 2015-07-15 11:58:46 +02:00
tripleo_keepalive_spec.rb Correct vrrp script for haproxy status 2018-07-23 17:06:29 +02:00
tripleo_masquerade_networks_spec.rb Fix Undercloud masquerading firewall rules 2018-11-02 10:39:28 +00:00
tripleo_packages_spec.rb packages: run upgrade at 'setup' stage 2016-10-14 18:17:30 -04:00
tripleo_profile_base_aide_spec.rb Implements AIDE Intrusion Detection System 2017-12-13 16:08:34 +00:00
tripleo_profile_base_aodh_api_spec.rb Always start httpd at the same time 2017-06-27 14:38:45 +03:00
tripleo_profile_base_aodh_evaluator_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_aodh_listener_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_aodh_notifier_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_aodh_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_apache_spec.rb Create dedicated "apache" base profile 2017-11-10 09:17:07 +01:00
tripleo_profile_base_barbican_api_spec.rb Move barbican's database creation to mysql profile 2017-08-17 05:24:49 +00:00
tripleo_profile_base_barbican_backends_spec.rb Add multiple backends for barbican 2017-12-05 02:28:14 -05:00
tripleo_profile_base_barbican_spec.rb Add barbican profile rspec testing 2016-10-19 08:45:03 +03:00
tripleo_profile_base_ceilometer_agent_polling_spec.rb Add ceilometer polling agent profile 2017-02-25 12:19:31 -05:00
tripleo_profile_base_ceilometer_expirer_spec.rb ceilometer: escape % in crontab 2018-10-17 19:54:04 +00:00
tripleo_profile_base_ceilometer_spec.rb Move ceilometer upgrade step out of base 2017-05-24 16:44:41 -04:00
tripleo_profile_base_cinder_api_spec.rb Configure cinder's default volume type 2018-08-06 12:01:17 -04:00
tripleo_profile_base_cinder_backup_ceph_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_cinder_backup_nfs_spec.rb Add NFS backend for cinder-backup service 2018-03-15 19:33:51 -04:00
tripleo_profile_base_cinder_backup_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_cinder_backup_swift_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_cinder_scaleio_spec.rb Add module to support ScaleIO backend in Cinder 2017-02-09 13:46:50 -06:00
tripleo_profile_base_cinder_scheduler_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_cinder_spec.rb Include ::cinder::nova in cinder's configuration 2018-11-15 16:54:00 -05:00
tripleo_profile_base_cinder_unity_spec.rb Support for Dell EMC Unity Cinder Driver 2017-07-28 19:57:10 -05:00
tripleo_profile_base_cinder_veritas_hyperscale_spec.rb Add new profile for the Veritas HyperScale's cinder backend. 2017-07-14 12:45:59 +05:30
tripleo_profile_base_cinder_vmax_spec.rb Support for Dell EMC VMAX ISCSI Cinder Driver 2017-08-14 10:06:49 -05:00
tripleo_profile_base_cinder_vnx_spec.rb Add support for Dell EMC VNX Cinder Backend 2018-01-22 16:01:35 -06:00
tripleo_profile_base_cinder_volume_dellps_spec.rb Rebranding of Eqlx to Dell EMC PS Series 2017-02-09 13:44:05 -06:00
tripleo_profile_base_cinder_volume_dellsc_spec.rb Add cinder profile spec tests 2016-12-05 08:26:55 -07:00
tripleo_profile_base_cinder_volume_iscsi_spec.rb Add cinder profile spec tests 2016-12-05 08:26:55 -07:00
tripleo_profile_base_cinder_volume_netapp_spec.rb Add cinder profile spec tests 2016-12-05 08:26:55 -07:00
tripleo_profile_base_cinder_volume_nfs_spec.rb Add cinder profile spec tests 2016-12-05 08:26:55 -07:00
tripleo_profile_base_cinder_volume_nvmeof_spec.rb Add NVMeOF support to configure cinder backend 2018-04-24 06:57:53 +00:00
tripleo_profile_base_cinder_volume_pure_spec.rb Composable services support for Cinder Pure Storage FlashArray 2017-04-03 17:41:04 -04:00
tripleo_profile_base_cinder_volume_rbd_spec.rb Allow for customization of the Ceph cluster name for Cinder 2018-02-12 14:34:16 +00:00
tripleo_profile_base_cinder_volume_spec.rb Ensure appropriate ACL mask is set on CephX keyrings 2018-06-13 19:09:18 +02:00
tripleo_profile_base_cinder_xtremio_iscsi_spec.rb Add support for Dell EMC XtremIO Cinder ISCSI Backend 2018-02-14 10:15:58 -06:00
tripleo_profile_base_database_mysql_client_spec.rb adding deployment_type fact in support 2018-10-03 16:23:57 +00:00
tripleo_profile_base_database_mysql_spec.rb Fixes issues with raising mysql file limit 2017-03-13 23:01:20 +00:00
tripleo_profile_base_database_redis_spec.rb Fix redis when hostname has capital letters 2017-06-15 13:17:08 -06:00
tripleo_profile_base_docker_spec.rb Adding wrapper scripts for neutron agent subprocesses 2018-04-30 21:58:29 -02:30
tripleo_profile_base_gnocchi_api_spec.rb Ensure appropriate ACL mask is set on CephX keyrings 2018-06-13 19:09:18 +02:00
tripleo_profile_base_horizon_spec.rb Always start httpd at the same time 2017-06-27 14:38:45 +03:00
tripleo_profile_base_iscsid_spec.rb Refactor iscsi initiator-name reset into separate profile 2017-07-11 20:38:35 +01:00
tripleo_profile_base_kernel_spec.rb Ignore failures when loading nf_conntrack_proto_sctp kernel module 2017-06-20 18:47:56 +00:00
tripleo_profile_base_logging_fluentd_spec.rb Fix fluentd multifile problem. 2018-10-02 23:25:44 +02:00
tripleo_profile_base_logging_logrotate_spec.rb Add logrotate-crond configuration 2017-08-16 09:42:54 +02:00
tripleo_profile_base_login_defs_spec.rb Introduces puppet module for `/etc/login.defs` 2017-11-22 11:09:08 +00:00
tripleo_profile_base_lvm_spec.rb Allow disabling udev usage by LVM 2017-06-27 15:34:59 +02:00
tripleo_profile_base_metrics_collectd_spec.rb Collectd QDR connection 2018-07-23 13:36:19 +02:00
tripleo_profile_base_monitoring_sensu_spec.rb Sensu unit tests 2017-11-21 10:27:47 +01:00
tripleo_profile_base_neutron_agents_bigswitch_spec.rb Create bigswitch agent profile 2017-03-21 12:55:17 -06:00
tripleo_profile_base_neutron_dhcp_spec.rb Adding wrapper scripts for neutron agent subprocesses 2018-04-30 21:58:29 -02:30
tripleo_profile_base_neutron_l3_spec.rb Adding wrapper scripts for neutron agent subprocesses 2018-04-30 21:58:29 -02:30
tripleo_profile_base_neutron_ml2_opendaylight_spec.rb Adds TLS support for OpenDaylight 2018-01-19 17:11:07 -05:00
tripleo_profile_base_neutron_ml2_vts_spec.rb Treat IP address as optional in Cisco VTS ML2 configuration 2018-04-26 06:59:57 -07:00
tripleo_profile_base_neutron_opendaylight_spec.rb Adds TLS support for OpenDaylight 2018-01-19 17:11:07 -05:00
tripleo_profile_base_neutron_ovs_opendaylight_spec.rb Pass variable from puppet-tripleo to puppet-neutron 2018-11-28 17:38:22 +00:00
tripleo_profile_base_neutron_ovs_spec.rb Create vhost_socket_dir with proper permissions 2018-03-07 15:38:16 -05:00
tripleo_profile_base_neutron_spec.rb Default neutron dhcp_agents_per_network to number of agents 2017-02-27 11:46:45 -03:30
tripleo_profile_base_nova_api_spec.rb Configure authtoken in Nova Placement 2017-02-21 14:40:43 -07:00
tripleo_profile_base_nova_authtoken_spec.rb Remove dependency on memcached_node_ips_v6 2017-07-13 09:17:54 +01:00
tripleo_profile_base_nova_compute_ironic_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_nova_compute_libvirt_spec.rb Fix nova and selinux unit tests 2017-07-27 12:54:30 -06:00
tripleo_profile_base_nova_compute_spec.rb Allow configuration of NFS backend for Nova 2018-04-25 20:01:49 +05:30
tripleo_profile_base_nova_conductor_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_nova_consoleauth_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_nova_libvirt_spec.rb Make sure we apply qemu config changes 2018-07-03 11:00:26 +02:00
tripleo_profile_base_nova_metadata_spec.rb Move nova-metadata api to httpd wsgi 2018-07-31 09:59:46 +02:00
tripleo_profile_base_nova_migration_client_spec.rb Configure libvirt SASL SCRAM-SHA1 when TLS is enabled 2017-11-20 17:28:49 +00:00
tripleo_profile_base_nova_migration_proxy_spec.rb Support for Ocata-Pike live-migration over ssh 2017-09-07 12:19:46 +01:00
tripleo_profile_base_nova_migration_spec.rb Refactor nova migration config into client & target profiles 2017-07-03 14:34:08 +01:00
tripleo_profile_base_nova_migration_target_spec.rb Support for Ocata-Pike live-migration over ssh 2017-09-07 12:19:46 +01:00
tripleo_profile_base_nova_placement_spec.rb Always start httpd at the same time 2017-06-27 14:38:45 +03:00
tripleo_profile_base_nova_scheduler_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_nova_spec.rb Refactor nova migration config into client & target profiles 2017-07-03 14:34:08 +01:00
tripleo_profile_base_nova_vncproxy_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_novajoin_spec.rb Add novajoin profile 2017-06-05 13:10:26 +03:00
tripleo_profile_base_octavia_api_spec.rb Enable TLS in the internal network for Octavia API 2018-10-02 16:59:10 +00:00
tripleo_profile_base_octavia_spec.rb Use rpc and notify transport_url for oslo_messaging backends 2017-02-17 10:08:38 -05:00
tripleo_profile_base_pacemaker_spec.rb Move unfencing to meta_params 2018-05-29 11:27:22 +02:00
tripleo_profile_base_qdr_spec.rb Support both rabbitmq and oslo.messaging service nodes 2018-03-16 18:16:42 -04:00
tripleo_profile_base_securetty_spec.rb Adds service for managing securetty 2017-03-29 20:25:21 +01:00
tripleo_profile_base_snmp_spec.rb Allow to configure snmpd_config 2017-10-04 16:01:44 +00:00
tripleo_profile_base_sshd_spec.rb ssh: allow to configure PasswordAuthentication 2018-06-01 20:39:02 -07:00
tripleo_profile_base_swift_proxy_spec.rb Update swift-proxy unit tests for puppet5 2017-08-06 20:36:40 -07:00
tripleo_profile_base_swift_ringbuilder_spec.rb Add _spec suffix to class spec tests 2017-06-08 09:33:03 +03:00
tripleo_profile_base_time_ntp_spec.rb Stop the chronyd service 2017-03-06 12:33:53 -07:00
tripleo_profile_base_tuned_spec.rb Allow user to define a custom tuned profile 2018-12-13 20:56:35 +00:00
tripleo_profile_pacemaker_cinder_backup_bundle_spec.rb Force cinder properties to be set on ly on nodes with pcmk on it 2018-08-10 09:41:09 +02:00
tripleo_profile_pacemaker_cinder_volume_bundle_spec.rb Force cinder properties to be set on ly on nodes with pcmk on it 2018-08-10 09:41:09 +02:00
tripleo_profile_pacemaker_manila_share_bundle_spec.rb Avoid hard-coded settings in Manila HA containers 2018-07-05 09:31:53 -04:00
tripleo_selinux_spec.rb Fix nova and selinux unit tests 2017-07-27 12:54:30 -06:00
tripleo_ui_spec.rb Make quotes consistent to match the sample config 2017-02-14 16:42:14 +00:00