Fix files permissions Fixes-bug: PROD-36506 Change-Id: Ia50bd3de91dc50cda36cc07ae7b362ecbef08604

commit: 860129b053e9231a0be2c2af8cd30879ad0f6911 [log] [tgz]
author: Taras Khlivnyak <tkhlivnyak@mirantis.com> Thu Aug 19 10:03:04 2021 +0300
committer: Taras Khlivnyak <tkhlivnyak@mirantis.com> Wed Aug 25 13:11:50 2021 +0300
tree: 2444b81d2b1c0073b4f6f6920b6c9ab8bd2a31c3
parent: 1ad7f4e6813ed7d23a66c1db2d547d88a229f130 [diff]
diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index 1c3bcf5..e5c2d83 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml

@@ -2,6 +2,7 @@
 - cinder
 classes:
 - service.cinder.support
+- service.cinder.file_permissions
 parameters:
   _param:
     keystone_cinder_endpoint_type: internalURL

diff --git a/metadata/service/control/cluster_control.yml b/metadata/service/control/cluster_control.yml
index 1c3bcf5..e5c2d83 100644
--- a/metadata/service/control/cluster_control.yml
+++ b/metadata/service/control/cluster_control.yml

@@ -2,6 +2,7 @@
 - cinder
 classes:
 - service.cinder.support
+- service.cinder.file_permissions
 parameters:
   _param:
     keystone_cinder_endpoint_type: internalURL

diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index 0e87b00..bcf1fda 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml

@@ -2,6 +2,7 @@
 - cinder
 classes:
 - service.cinder.support
+- service.cinder.file_permissions
 parameters:
   _param:
     keystone_cinder_endpoint_type: internalURL

diff --git a/metadata/service/file_permissions.yml b/metadata/service/file_permissions.yml
new file mode 100644
index 0000000..4cecced
--- /dev/null
+++ b/metadata/service/file_permissions.yml

@@ -0,0 +1,11 @@
+parameters:
+  cinder:
+    directories:
+      /etc/cinder:
+        user: 'root'
+    files:
+      /etc/cinder/rootwrap.conf:
+        mode: '0640'
+        group: 'cinder'
+      /etc/cinder/api-paste.ini:
+        user: 'root'

diff --git a/metadata/service/volume/local.yml b/metadata/service/volume/local.yml
index 416e366..5d43416 100644
--- a/metadata/service/volume/local.yml
+++ b/metadata/service/volume/local.yml

@@ -2,6 +2,7 @@
 - cinder
 classes:
 - service.cinder.support
+- service.cinder.file_permissions
 parameters:
   _param:
     keystone_cinder_endpoint_type: internalURL

diff --git a/metadata/service/volume/single.yml b/metadata/service/volume/single.yml
index 145ff93..f995f2d 100644
--- a/metadata/service/volume/single.yml
+++ b/metadata/service/volume/single.yml

@@ -2,6 +2,7 @@
 - cinder
 classes:
 - service.cinder.support
+- service.cinder.file_permissions
 parameters:
   _param:
     keystone_cinder_endpoint_type: internalURL
commit	860129b053e9231a0be2c2af8cd30879ad0f6911	[log] [tgz]
author	Taras Khlivnyak <tkhlivnyak@mirantis.com>	Thu Aug 19 10:03:04 2021 +0300
committer	Taras Khlivnyak <tkhlivnyak@mirantis.com>	Wed Aug 25 13:11:50 2021 +0300
tree	2444b81d2b1c0073b4f6f6920b6c9ab8bd2a31c3
parent	1ad7f4e6813ed7d23a66c1db2d547d88a229f130 [diff]