[tls] Enforce right file permissions for certs/keys
If no rabbitmq-server package installed, then salt.minion.cert
state set as owner of the generated certs/keys files the root:root
because of there is no rabbitmq user at this moment.
So, rabbitmq-server fails during files reading after installation.
Steps to reproduce:
1. Enable RabbitMQ TLS in your reclass model
classes:
- service.rabbitmq.server.ssl
- system.salt.minion.cert.rabbitmq_server
2. Generate certificates and keys using the following state before
rabbitmq state applying:
salt -I 'rabbitmq:server' state.sls salt.minion.cert
3. Apply rabbitmq server salt state:
salt -I 'rabbitmq:server' state.sls rabbitmq.server
Expected result:
During rabbitmq server state applying the file permission will be set
in properly way.
Actual result:
File permission of generated keys and certs is root:root
Change-Id: I80b4432210c19edc4364405d3729d14860e54047
PROD-14372
3 files changed