Fix files permissions
Fixes-bug: PROD-36507
Change-Id: Ie239dab2832d17ebb6dd144cd10ebe733e835f1d
diff --git a/metadata/service/client/init.yml b/metadata/service/client/init.yml
index b89c0ea..9134434 100644
--- a/metadata/service/client/init.yml
+++ b/metadata/service/client/init.yml
@@ -1,2 +1,3 @@
classes:
- service.keystone.support
+- service.keystone.file_permissions
diff --git a/metadata/service/file_permissions.yml b/metadata/service/file_permissions.yml
new file mode 100644
index 0000000..e2733c9
--- /dev/null
+++ b/metadata/service/file_permissions.yml
@@ -0,0 +1,14 @@
+parameters:
+ keystone:
+ directories:
+ /etc/keystone:
+ mode: '0750'
+ user: 'keystone'
+ files:
+ /etc/keystone/keystone-paste.ini:
+ user: 'keystone'
+ /etc/keystone/logging.conf:
+ user: 'keystone'
+ /etc/keystone/policy.json:
+ user: 'keystone'
+
diff --git a/metadata/service/server/cluster.yml b/metadata/service/server/cluster.yml
index 9407cb6..386d49a 100644
--- a/metadata/service/server/cluster.yml
+++ b/metadata/service/server/cluster.yml
@@ -2,6 +2,7 @@
- keystone
classes:
- service.keystone.support
+- service.keystone.file_permissions
parameters:
_param:
openstack_log_appender: false
diff --git a/metadata/service/server/single.yml b/metadata/service/server/single.yml
index e639b00..5872e10 100644
--- a/metadata/service/server/single.yml
+++ b/metadata/service/server/single.yml
@@ -2,6 +2,7 @@
- keystone
classes:
- service.keystone.support
+- service.keystone.file_permissions
parameters:
_param:
openstack_log_appender: false