backend: mysql
+Change files/directories permissions for cinder service:
+=======================================
+In order to change file permissions the following should be set:
+
+'files' - block to set permissions for files.
+- full path to file
+- user ( default value is 'root' ) this parameter is optional.
+- group ( default value is 'cinder' ) this parameter is optional
+- mode ( default value is '0640' ) this parameter is optional
+
+'directories' - block to set permissions for directories.
+- full path to directory
+- user ( default value is 'root' ) this parameter is optional
+- group ( default value is 'cinder' ) this parameter is optional
+- mode ( default value is '0750' ) this parameter is optional
+
+.. code-block:: yaml
+
+ cinder:
+ files:
+ /etc/cinder/cinder.conf:
+ user: 'root'
+ group: 'cinder'
+ mode: '0750'
+ directories:
+ /etc/cinder:
+ user: 'root'
+ group: 'cinder'
+ mode: '0750'
+
+
Upgrades
========
--- /dev/null
+{% if pillar.cinder.files is defined %}
+{%- for file_full_path, file_mode in pillar.cinder.files.iteritems() %}
+{{ file_full_path }}_permissions:
+ file.managed:
+ - name: {{ file_full_path }}
+ - mode: {{ file_mode.get('mode', '0640') }}
+ - user: {{ file_mode.get('user', 'root') }}
+ - group: {{ file_mode.get('group', 'cinder') }}
+ - replace: false
+{%- endfor %}
+{% endif %}
+
+{% if pillar.cinder.directories is defined %}
+{%- for directory_path, directory_mode in pillar.cinder.directories.iteritems() %}
+{{ directory_path }}_permissions:
+ file.directory:
+ - name: {{ directory_path }}
+ - mode: {{ directory_mode.get('mode', '0750') }}
+ - user: {{ directory_mode.get('user', 'root') }}
+ - group: {{ directory_mode.get('group', 'cinder') }}
+{%- endfor %}
+{% endif %}
{% if pillar.cinder.client is defined %}
- cinder.client
{% endif %}
+- cinder.file_permissions
\ No newline at end of file
- cinder
classes:
- service.cinder.support
+- service.cinder.file_permissions
parameters:
_param:
keystone_cinder_endpoint_type: internalURL
- cinder
classes:
- service.cinder.support
+- service.cinder.file_permissions
parameters:
_param:
keystone_cinder_endpoint_type: internalURL
- cinder
classes:
- service.cinder.support
+- service.cinder.file_permissions
parameters:
_param:
keystone_cinder_endpoint_type: internalURL
--- /dev/null
+parameters:
+ cinder:
+ directories:
+ /etc/cinder:
+ user: 'root'
+ files:
+ /etc/cinder/rootwrap.conf:
+ mode: '0640'
+ group: 'cinder'
+ /etc/cinder/api-paste.ini:
+ user: 'root'
- cinder
classes:
- service.cinder.support
+- service.cinder.file_permissions
parameters:
_param:
keystone_cinder_endpoint_type: internalURL
- cinder
classes:
- service.cinder.support
+- service.cinder.file_permissions
parameters:
_param:
keystone_cinder_endpoint_type: internalURL