commit db4aa58d7d34b286daa7de4ad0fc73851d470aa3
author Taras Khlivnyak <tkhlivnyak@mirantis.com> Thu Aug 19 09:48:56 2021 +0300
committer Taras Khlivnyak <tkhlivnyak@mirantis.com> Wed Aug 25 10:04:17 2021 +0000
tree 6cb73e54757c5eaf3b27e1a54d27588dbc174dc8
parent 2af6abf7bca6290cc492909ae5edd1c866e306c3

Fix file permissions.

Fixes-bug: PROD-36505
Change-Id: I20bcf7968b9bfafbd89e9cd8ae6bef65faecf9be

metadata/service/compute/cluster.yml

diff --git a/metadata/service/compute/cluster.yml b/metadata/service/compute/cluster.yml
index b9bdfd3..d154d2c 100644
--- a/metadata/service/compute/cluster.yml
+++ b/metadata/service/compute/cluster.yml
@@ -2,6 +2,7 @@
 - nova
 classes:
 - service.nova.support
+- service.nova.file_permissions
 parameters:
   _param:
     openstack_log_appender: false

metadata/service/compute/ironic.yml

diff --git a/metadata/service/compute/ironic.yml b/metadata/service/compute/ironic.yml
index 0612e9f..c80253c 100644
--- a/metadata/service/compute/ironic.yml
+++ b/metadata/service/compute/ironic.yml
@@ -2,6 +2,7 @@
 - nova
 classes:
 - service.nova.support
+- service.nova.file_permissions
 parameters:
   _param:
     openstack_log_appender: false

metadata/service/compute/kvm.yml

diff --git a/metadata/service/compute/kvm.yml b/metadata/service/compute/kvm.yml
index 0352323..56d9318 100644
--- a/metadata/service/compute/kvm.yml
+++ b/metadata/service/compute/kvm.yml
@@ -2,6 +2,7 @@
 - nova
 classes:
 - service.nova.support
+- service.nova.file_permissions
 parameters:
   _param:
     openstack_log_appender: false

metadata/service/control/cluster.yml

diff --git a/metadata/service/control/cluster.yml b/metadata/service/control/cluster.yml
index 232c7d5..24dde8f 100644
--- a/metadata/service/control/cluster.yml
+++ b/metadata/service/control/cluster.yml
@@ -2,6 +2,7 @@
 - nova
 classes:
 - service.nova.support
+- service.nova.file_permissions
 parameters:
   _param:
     nova_vncproxy_url: http://${_param:single_address}:6080

metadata/service/control/single.yml

diff --git a/metadata/service/control/single.yml b/metadata/service/control/single.yml
index 27c2527..8d88ba9 100644
--- a/metadata/service/control/single.yml
+++ b/metadata/service/control/single.yml
@@ -2,6 +2,7 @@
 - nova
 classes:
 - service.nova.support
+- service.nova.file_permissions
 parameters:
   _param:
     nova_vncproxy_url: http://${_param:single_address}:6080

metadata/service/file_permissions.yml

diff --git a/metadata/service/file_permissions.yml b/metadata/service/file_permissions.yml
new file mode 100644
index 0000000..da953ce
--- /dev/null
+++ b/metadata/service/file_permissions.yml
@@ -0,0 +1,13 @@
+parameters:
+  nova:
+    directories:
+      /etc/nova:
+        user: 'root'
+    files:
+      /etc/nova/nova.conf:
+        user: 'root'
+      /etc/nova/rootwrap.conf:
+        mode: '0640'
+        group: 'nova'
+      /etc/nova/api-paste.ini:
+        user: 'root'