Merge pull request #1432 from sdodson/bz1302513

Don't make config files world readable

2 files changed, 9 insertions, 0 deletions

diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 23dfacf79..dd66eeebb 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -221,6 +221,9 @@
   template:
     dest: "{{ openshift.master.session_secrets_file }}"
     src: sessionSecretsFile.yaml.v1.j2
+    owner: root
+    group: root
+    mode: 0600
   when: openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined
   notify:
   - restart master
@@ -235,6 +238,9 @@
     dest: "{{ openshift_master_config_file }}"
     src: master.yaml.v1.j2
     backup: true
+    owner: root
+    group: root
+    mode: 0600
   notify:
   - restart master
   - restart master api
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index acf2f74e3..43253d72b 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -84,6 +84,9 @@
     dest: "{{ openshift_node_config_file }}"
     src: node.yaml.v1.j2
     backup: true
+    owner: root
+    group: root
+    mode: 0600
   notify:
   - restart node