From 90d263941aeed6e3c23b6be2723913904ae4aa8c Mon Sep 17 00:00:00 2001 From: Sorin Sbarnea Date: Wed, 4 Nov 2020 08:19:35 +0000 Subject: [PATCH] More E208 Change-Id: I8c3d224682d7d6780d6ad7823e390c47114e702b --- roles/pull-from-intermediate-registry/tasks/main.yaml | 2 ++ roles/push-to-intermediate-registry/tasks/push.yaml | 2 ++ roles/run-buildset-registry/tasks/main.yaml | 2 ++ roles/stage-output/tasks/main.yaml | 1 + roles/upload-logs/tasks/main.yaml | 1 + 5 files changed, 8 insertions(+) diff --git a/roles/pull-from-intermediate-registry/tasks/main.yaml b/roles/pull-from-intermediate-registry/tasks/main.yaml index 2bb9650b1..c6daf8890 100644 --- a/roles/pull-from-intermediate-registry/tasks/main.yaml +++ b/roles/pull-from-intermediate-registry/tasks/main.yaml @@ -25,10 +25,12 @@ file: path: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/" state: directory + mode: 0755 - name: Write registry TLS certificate copy: content: "{{ buildset_registry.cert }}" dest: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/ca.crt" + mode: 0644 # Update user config for intermediate and buildset registries - name: Ensure docker user directory exists diff --git a/roles/push-to-intermediate-registry/tasks/push.yaml b/roles/push-to-intermediate-registry/tasks/push.yaml index a85a3b3ce..26b124e8a 100644 --- a/roles/push-to-intermediate-registry/tasks/push.yaml +++ b/roles/push-to-intermediate-registry/tasks/push.yaml @@ -25,10 +25,12 @@ file: path: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/" state: directory + mode: 0755 - name: Write registry TLS certificate copy: content: "{{ buildset_registry.cert }}" dest: "/etc/docker/certs.d/127.0.0.1:{{ socat_port }}/ca.crt" + mode: 0644 # Update user config for intermediate and buildset registries - name: Ensure docker user directory exists diff --git a/roles/run-buildset-registry/tasks/main.yaml b/roles/run-buildset-registry/tasks/main.yaml index bae986e37..548c1f91e 100644 --- a/roles/run-buildset-registry/tasks/main.yaml +++ b/roles/run-buildset-registry/tasks/main.yaml @@ -20,6 +20,7 @@ file: state: directory path: "{{ buildset_registry_root }}/{{ zj_dir }}" + mode: 0755 loop: - tls - conf @@ -33,6 +34,7 @@ template: src: registry.yaml.j2 dest: "{{ buildset_registry_root }}/conf/registry.yaml" + mode: 0600 - name: Generate a TLS key for the registry command: "openssl req -x509 -newkey rsa:2048 -keyout {{ buildset_registry_root }}/tls/cert.key -out {{ buildset_registry_root }}/tls/cert.pem -days 365 -nodes -subj '/C=US/ST=California/L=Oakland/O=Company Name/OU=Org/CN={{ ansible_host }}' -addext 'subjectAltName = DNS:zuul-jobs.buildset-registry,DNS:{{ ansible_host }},IP:{{ ansible_host }},IP:127.0.0.1'" - name: Read TLS certificate diff --git a/roles/stage-output/tasks/main.yaml b/roles/stage-output/tasks/main.yaml index 8153b5581..e0d5f94f1 100644 --- a/roles/stage-output/tasks/main.yaml +++ b/roles/stage-output/tasks/main.yaml @@ -55,6 +55,7 @@ path: "{{ stage_dir }}/{{ zj_output_dirs }}" state: directory owner: "{{ ansible_user }}" + mode: 0755 with_items: - docs - artifacts diff --git a/roles/upload-logs/tasks/main.yaml b/roles/upload-logs/tasks/main.yaml index a04dd9c00..dbb888d18 100644 --- a/roles/upload-logs/tasks/main.yaml +++ b/roles/upload-logs/tasks/main.yaml @@ -39,6 +39,7 @@ delegate_to: localhost archive: path: "{{ zuul.executor.log_root }}/{{ zj_log }}" + mode: 0644 with_items: - job-output.txt - job-output.json