summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorZuul <zuul@review.openstack.org>2018-10-25 18:43:27 +0000
committerGerrit Code Review <review@openstack.org>2018-10-25 18:43:27 +0000
commitee881f897074afc99b090fa196b8988b6dbf172f (patch)
tree408cb6c643408118c94c4807cbfacbceef143ea2
parentef26b1dcc879bb060a23c03bd32faa1df92625e8 (diff)
parent8b45a3641969e3b5658dde9fc41923a525db539b (diff)
Merge "Secure host file permissions"
-rw-r--r--charts/apiserver/templates/bin/_anchor.tpl1
-rw-r--r--charts/controller_manager/templates/bin/_anchor.tpl1
-rw-r--r--charts/etcd/templates/bin/_etcdctl_anchor.tpl1
-rw-r--r--charts/haproxy/templates/bin/_anchor.tpl2
-rw-r--r--charts/scheduler/templates/bin/_anchor.tpl1
-rw-r--r--promenade/templates/include/up.sh2
6 files changed, 7 insertions, 1 deletions
diff --git a/charts/apiserver/templates/bin/_anchor.tpl b/charts/apiserver/templates/bin/_anchor.tpl
index 6af65c0..c311ffa 100644
--- a/charts/apiserver/templates/bin/_anchor.tpl
+++ b/charts/apiserver/templates/bin/_anchor.tpl
@@ -21,6 +21,7 @@ compare_copy_files() {
21 if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then 21 if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
22 mkdir -p $(dirname /host{{ .dest }}) 22 mkdir -p $(dirname /host{{ .dest }})
23 cp {{ .source }} /host{{ .dest }} 23 cp {{ .source }} /host{{ .dest }}
24 chmod go-rwx /host{{ .dest }}
24 fi 25 fi
25 {{end}} 26 {{end}}
26} 27}
diff --git a/charts/controller_manager/templates/bin/_anchor.tpl b/charts/controller_manager/templates/bin/_anchor.tpl
index 6af65c0..c311ffa 100644
--- a/charts/controller_manager/templates/bin/_anchor.tpl
+++ b/charts/controller_manager/templates/bin/_anchor.tpl
@@ -21,6 +21,7 @@ compare_copy_files() {
21 if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then 21 if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
22 mkdir -p $(dirname /host{{ .dest }}) 22 mkdir -p $(dirname /host{{ .dest }})
23 cp {{ .source }} /host{{ .dest }} 23 cp {{ .source }} /host{{ .dest }}
24 chmod go-rwx /host{{ .dest }}
24 fi 25 fi
25 {{end}} 26 {{end}}
26} 27}
diff --git a/charts/etcd/templates/bin/_etcdctl_anchor.tpl b/charts/etcd/templates/bin/_etcdctl_anchor.tpl
index c17fca3..6f458d7 100644
--- a/charts/etcd/templates/bin/_etcdctl_anchor.tpl
+++ b/charts/etcd/templates/bin/_etcdctl_anchor.tpl
@@ -44,6 +44,7 @@ function sync_configuration {
44 ETCD_INITIAL_CLUSTER_STATE=existing 44 ETCD_INITIAL_CLUSTER_STATE=existing
45 create_manifest "$ETCD_INITIAL_CLUSTER" "$ETCD_INITIAL_CLUSTER_STATE" "$TEMP_MANIFEST" 45 create_manifest "$ETCD_INITIAL_CLUSTER" "$ETCD_INITIAL_CLUSTER_STATE" "$TEMP_MANIFEST"
46 sync_file "${TEMP_MANIFEST}" "${MANIFEST_PATH}" 46 sync_file "${TEMP_MANIFEST}" "${MANIFEST_PATH}"
47 chmod go-rwx "${MANIFEST_PATH}"
47} 48}
48firstrun=true 49firstrun=true
49while true; do 50while true; do
diff --git a/charts/haproxy/templates/bin/_anchor.tpl b/charts/haproxy/templates/bin/_anchor.tpl
index a910c46..6e3ddd5 100644
--- a/charts/haproxy/templates/bin/_anchor.tpl
+++ b/charts/haproxy/templates/bin/_anchor.tpl
@@ -24,6 +24,7 @@ compare_copy_files() {
24 if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then 24 if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
25 mkdir -p $(dirname /host{{ .dest }}) 25 mkdir -p $(dirname /host{{ .dest }})
26 cp {{ .source }} /host{{ .dest }} 26 cp {{ .source }} /host{{ .dest }}
27 chmod go-rwx /host{{ .dest }}
27 fi 28 fi
28 {{- end }} 29 {{- end }}
29} 30}
@@ -104,6 +105,7 @@ install_config() {
104 else 105 else
105 echo HAProxy config file unchanged. 106 echo HAProxy config file unchanged.
106 fi 107 fi
108 chmod -R go-rwx $(dirname "$HAPROXY_CONF")
107 fi 109 fi
108} 110}
109 111
diff --git a/charts/scheduler/templates/bin/_anchor.tpl b/charts/scheduler/templates/bin/_anchor.tpl
index 90f5def..1ae2244 100644
--- a/charts/scheduler/templates/bin/_anchor.tpl
+++ b/charts/scheduler/templates/bin/_anchor.tpl
@@ -22,6 +22,7 @@ compare_copy_files() {
22 if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then 22 if [ ! -e /host{{ .dest }} ] || ! cmp -s {{ .source }} /host{{ .dest }}; then
23 mkdir -p $(dirname /host{{ .dest }}) 23 mkdir -p $(dirname /host{{ .dest }})
24 cp {{ .source }} /host{{ .dest }} 24 cp {{ .source }} /host{{ .dest }}
25 chmod go-rwx /host{{ .dest }}
25 fi 26 fi
26 {{- end }} 27 {{- end }}
27} 28}
diff --git a/promenade/templates/include/up.sh b/promenade/templates/include/up.sh
index 1c47fa2..b0eb229 100644
--- a/promenade/templates/include/up.sh
+++ b/promenade/templates/include/up.sh
@@ -23,7 +23,7 @@ echo "{{ encrypted_tarball | b64enc }}" | base64 -d | {{ decrypt_command }} | ta
23set -x 23set -x
24 24
25for DIR in "${CURATED_DIRS[@]}"; do 25for DIR in "${CURATED_DIRS[@]}"; do
26 chmod go-rwx "${DIR}" 26 chmod -R go-rwx "${DIR}"
27done 27done
28 28
29# Adding apt repositories 29# Adding apt repositories