[tls] Enforce right file permissions for certs/keys
If no rabbitmq-server package installed, then salt.minion.cert
state set as owner of the generated certs/keys files the root:root
because of there is no rabbitmq user at this moment.
So, rabbitmq-server fails during files reading after installation.
Steps to reproduce:
1. Enable RabbitMQ TLS in your reclass model
classes:
- service.rabbitmq.server.ssl
- system.salt.minion.cert.rabbitmq_server
2. Generate certificates and keys using the following state before
rabbitmq state applying:
salt -I 'rabbitmq:server' state.sls salt.minion.cert
3. Apply rabbitmq server salt state:
salt -I 'rabbitmq:server' state.sls rabbitmq.server
Expected result:
During rabbitmq server state applying the file permission will be set
in properly way.
Actual result:
File permission of generated keys and certs is root:root
Change-Id: I80b4432210c19edc4364405d3729d14860e54047
PROD-14372
diff --git a/.kitchen.yml b/.kitchen.yml
index 48d3a50..e8e4015 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -40,4 +40,10 @@
provisioner:
pillars-from-files:
rabbitmq.sls: tests/pillar/rabbitmq_server.sls
+
+ - name: rabbitmq_server_ssl
+ provisioner:
+ pillars-from-files:
+ rabbitmq.sls: tests/pillar/rabbitmq_server_ssl.sls
+
# vim: ft=yaml sw=2 ts=2 sts=2 tw=125