Add possibility to manage file permissions of config files
Fixes-bug: PROD-36557
Change-Id: Ic00d413ff2523de8cda5bc61b24287faf4b27b98
diff --git a/README.rst b/README.rst
index 649b9a2..156c471 100644
--- a/README.rst
+++ b/README.rst
@@ -150,6 +150,38 @@
load-balancer:read-quota-global: 'is_admin:True'
load-balancer:write-quota: 'is_admin:True'
+
+Change files/directories permissions for octavia service:
+=======================================
+In order to change file permissions the following should be set:
+
+'files' - block to set permissions for files.
+- full path to file
+- user ( default value is 'root' ) this parameter is optional.
+- group ( default value is 'octavia' ) this parameter is optional
+- mode ( default value is '0640' ) this parameter is optional
+
+'directories' - block to set permissions for directories.
+- full path to directory
+- user ( default value is 'root' ) this parameter is optional
+- group ( default value is 'octavia' ) this parameter is optional
+- mode ( default value is '0750' ) this parameter is optional
+
+.. code-block:: yaml
+
+ octavia:
+ files:
+ /etc/octavia/octavia.conf:
+ user: 'root'
+ group: 'octavia'
+ mode: '0750'
+ directories:
+ /etc/octavia:
+ user: 'root'
+ group: 'octavia'
+ mode: '0750'
+
+
Upgrades
========
Each openstack formula provide set of phases (logical bloks) that will help to
diff --git a/metadata/service/api/cluster.yml b/metadata/service/api/cluster.yml
index f907f09..c5d12a0 100644
--- a/metadata/service/api/cluster.yml
+++ b/metadata/service/api/cluster.yml
@@ -2,6 +2,7 @@
- octavia
classes:
- service.octavia.support
+- service.octavia.file_permissions
parameters:
_param:
keystone_octavia_endpoint_type: internal
diff --git a/metadata/service/api/single.yml b/metadata/service/api/single.yml
index 57bcdfa..e729c47 100644
--- a/metadata/service/api/single.yml
+++ b/metadata/service/api/single.yml
@@ -2,6 +2,7 @@
- octavia
classes:
- service.octavia.support
+- service.octavia.file_permissions
parameters:
_param:
keystone_octavia_endpoint_type: internal
diff --git a/metadata/service/file_permissions.yml b/metadata/service/file_permissions.yml
new file mode 100644
index 0000000..6207bcc
--- /dev/null
+++ b/metadata/service/file_permissions.yml
@@ -0,0 +1,5 @@
+parameters:
+ octavia:
+ directories:
+ /etc/octavia:
+ mode: '0750'
\ No newline at end of file
diff --git a/metadata/service/manager/cluster.yml b/metadata/service/manager/cluster.yml
index 8e1d832..47fd4c2 100644
--- a/metadata/service/manager/cluster.yml
+++ b/metadata/service/manager/cluster.yml
@@ -2,6 +2,7 @@
- octavia
classes:
- service.octavia.support
+- service.octavia.file_permissions
parameters:
_param:
keystone_octavia_endpoint_type: internal
diff --git a/metadata/service/manager/single.yml b/metadata/service/manager/single.yml
index c8bd022..a391d60 100644
--- a/metadata/service/manager/single.yml
+++ b/metadata/service/manager/single.yml
@@ -2,6 +2,7 @@
- octavia
classes:
- service.octavia.support
+- service.octavia.file_permissions
parameters:
_param:
keystone_octavia_endpoint_type: internal
diff --git a/octavia/file_permissions.sls b/octavia/file_permissions.sls
new file mode 100644
index 0000000..5470b9d
--- /dev/null
+++ b/octavia/file_permissions.sls
@@ -0,0 +1,22 @@
+{% if pillar.octavia.files is defined %}
+{%- for file_full_path, file_mode in pillar.octavia.files.iteritems() %}
+{{ file_full_path }}_permissions:
+ file.managed:
+ - name: {{ file_full_path }}
+ - mode: {{ file_mode.get('mode', '0640') }}
+ - user: {{ file_mode.get('user', 'root') }}
+ - group: {{ file_mode.get('group', 'octavia') }}
+ - replace: false
+{%- endfor %}
+{% endif %}
+
+{% if pillar.octavia.directories is defined %}
+{%- for directory_path, directory_mode in pillar.octavia.directories.iteritems() %}
+{{ directory_path }}_permissions:
+ file.directory:
+ - name: {{ directory_path }}
+ - mode: {{ directory_mode.get('mode', '0750') }}
+ - user: {{ directory_mode.get('user', 'root') }}
+ - group: {{ directory_mode.get('group', 'octavia') }}
+{%- endfor %}
+{% endif %}
diff --git a/octavia/init.sls b/octavia/init.sls
index f4401c5..4e37c05 100644
--- a/octavia/init.sls
+++ b/octavia/init.sls
@@ -8,3 +8,4 @@
{% if pillar.octavia.client is defined %}
- octavia.client
{% endif %}
+- octavia.file_permissions
\ No newline at end of file