tree 760392cf4a534f94c11415b82b9faf7713a2ec02
parent b88c84c842b593f8aa34c8fa5595e5bc93944b17
author Kirill Bespalov <kbespalov@mirantis.com> 1502398977 +0300
committer Kirill Bespalov <kbespalov@mirantis.com> 1504271685 +0000

[tls] Enforce right file permissions for certs/keys

If no rabbitmq-server package installed, then salt.minion.cert
state set as owner of the generated certs/keys files the root:root
because of there is no rabbitmq user at this moment.

So, rabbitmq-server fails during files reading after installation.

Steps to reproduce:

1. Enable RabbitMQ TLS in your reclass model

  classes:
   - service.rabbitmq.server.ssl
   - system.salt.minion.cert.rabbitmq_server

2.  Generate certificates and keys using the following state before
rabbitmq state applying:

  salt -I 'rabbitmq:server' state.sls salt.minion.cert

3. Apply rabbitmq server salt state:

 salt -I 'rabbitmq:server' state.sls rabbitmq.server

Expected result:

During rabbitmq server state applying the file permission will be set
in properly way.

Actual result:

File permission of generated keys and certs is root:root


Change-Id: I80b4432210c19edc4364405d3729d14860e54047
PROD-14372