Fix permissions on opencontrail config files.
Permissions were set to 640 to some configuration files.
Closes-bug: PROD-36062
Change-Id: I56bc5ea5b4ef821ccd52f800ee7d6520a0415247
diff --git a/opencontrail/client.sls b/opencontrail/client.sls
index 4169ef8..0abeb0f 100644
--- a/opencontrail/client.sls
+++ b/opencontrail/client.sls
@@ -9,6 +9,7 @@
/etc/contrail/vnc_api_lib.ini:
file.managed:
- source: salt://opencontrail/files/{{ client.version }}/client_vnc_api_lib.ini
+ - mode: 640
- template: jinja
- require:
- pkg: opencontrail_client_packages
diff --git a/opencontrail/collector.sls b/opencontrail/collector.sls
index 88f1cb5..f5ced8b 100644
--- a/opencontrail/collector.sls
+++ b/opencontrail/collector.sls
@@ -32,6 +32,7 @@
/etc/contrail/contrail-alarm-gen.conf:
file.managed:
- source: salt://opencontrail/files/{{ collector.version }}/contrail-alarm-gen.conf
+ - mode: 640
- template: jinja
/etc/contrail/contrail-snmp-collector.conf:
diff --git a/opencontrail/config.sls b/opencontrail/config.sls
index d78cfed..258c42f 100644
--- a/opencontrail/config.sls
+++ b/opencontrail/config.sls
@@ -131,37 +131,44 @@
/etc/contrail/contrail-api.conf:
file.managed:
- source: salt://opencontrail/files/{{ config.version }}/contrail-api.conf
+ - mode: 640
- template: jinja
/etc/contrail/vnc_api_lib.ini:
file.managed:
- source: salt://opencontrail/files/{{ config.version }}/vnc_api_lib.ini
+ - mode: 640
- template: jinja
/etc/contrail/contrail-device-manager.conf:
file.managed:
- source: salt://opencontrail/files/{{ config.version }}/contrail-device-manager.conf
+ - mode: 640
- template: jinja
/etc/contrail/contrail-config-nodemgr.conf:
file.managed:
- source: salt://opencontrail/files/{{ config.version }}/contrail-config-nodemgr.conf
+ - mode: 640
- template: jinja
/etc/contrail/contrail-keystone-auth.conf:
file.managed:
- source: salt://opencontrail/files/{{ config.version }}/contrail-keystone-auth.conf
+ - mode: 640
- template: jinja
/etc/contrail/contrail-schema.conf:
file.managed:
- source: salt://opencontrail/files/{{ config.version }}/contrail-schema.conf
+ - mode: 640
- template: jinja
/etc/contrail/contrail-svc-monitor.conf:
file.managed:
- source: salt://opencontrail/files/{{ config.version }}/contrail-svc-monitor.conf
+ - mode: 640
- template: jinja
{%- if config.get('config_only', False) %}
diff --git a/opencontrail/control.sls b/opencontrail/control.sls
index 36c1a9f..4f833b7 100644
--- a/opencontrail/control.sls
+++ b/opencontrail/control.sls
@@ -29,11 +29,13 @@
/etc/contrail/contrail-control.conf:
file.managed:
- source: salt://opencontrail/files/{{ control.version }}/contrail-control.conf
+ - mode: 640
- template: jinja
/etc/contrail/contrail-dns.conf:
file.managed:
- source: salt://opencontrail/files/{{ control.version }}/contrail-dns.conf
+ - mode: 640
- template: jinja
{%- if control.get('config_only', False) %}
@@ -62,6 +64,7 @@
/etc/contrail/dns/contrail-rndc.conf:
file.managed:
- source: salt://opencontrail/files/{{ control.version }}/control/contrail-rndc.conf
+ - mode: 640
- makedirs: True
{%- if control.version >= 4.0 %}
diff --git a/opencontrail/web.sls b/opencontrail/web.sls
index 4b65d35..fae38a9 100644
--- a/opencontrail/web.sls
+++ b/opencontrail/web.sls
@@ -20,6 +20,7 @@
/etc/contrail/contrail-webui-userauth.js:
file.managed:
- source: salt://opencontrail/files/{{ web.version }}/contrail-webui-userauth.js
+ - mode: 640
- template: jinja
{{ web.redis_config_dir }}/redis_webui.conf: