Skip to content
Snippets Groups Projects
Commit 63497598 authored by Bo-Chun Chen's avatar Bo-Chun Chen
Browse files

feat: ensure file permission of cert and key file

parent dcd97881
No related branches found
No related tags found
2 merge requests!147Fix http proxy cert,!117This MR merges the feat-hpc-factory branch, which was focused on building and deploying proxy images for the COD cluster.
Hide whitespace changes
Inline Side-by-side
ansible/roles/ssl_cert/tasks/main.yaml
+ 19
0
View file @ 63497598
...@@ -15,6 +15,17 @@ ...@@ -15,6 +15,17 @@
- "{{ ssl_cert_file }}" - "{{ ssl_cert_file }}"
- "{{ ssl_cert_chain_file }}" - "{{ ssl_cert_chain_file }}"
- name: Change cert files permissions
ansible.builtin.file:
path: "{{ ssl_cert_file_location }}/{{ item }}"
owner: root
group: root
mode: '0600'
when: ssl_cert_s3_bucket | length > 0 and item | length > 0
loop:
- "{{ ssl_cert_file }}"
- "{{ ssl_cert_chain_file }}"
- name: Download SSL key from S3 - name: Download SSL key from S3
aws_s3: aws_s3:
mode: get mode: get
...@@ -28,6 +39,14 @@ ...@@ -28,6 +39,14 @@
ansible_python_interpreter: /usr/bin/python3 ansible_python_interpreter: /usr/bin/python3
when: ssl_cert_s3_bucket | length > 0 and ssl_cert_key | length > 0 when: ssl_cert_s3_bucket | length > 0 and ssl_cert_key | length > 0
- name: Change key file permissions
ansible.builtin.file:
path: "{{ ssl_cert_key_location }}/{{ ssl_cert_key }}"
owner: root
group: root
mode: '0400'
when: ssl_cert_s3_bucket | length > 0 and ssl_cert_key | length > 0
- name: Update SSL in Apache config - name: Update SSL in Apache config
ansible.builtin.replace: ansible.builtin.replace:
path: "{{ ssl_apache_config }}" path: "{{ ssl_apache_config }}"
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment