summaryrefslogtreecommitdiffstats
path: root/common/deploy-steps-tasks.yaml
diff options
context:
space:
mode:
authorSteven Hardy <shardy@redhat.com>2017-09-04 13:53:04 +0100
committerEmilien Macchi <emilien@redhat.com>2017-09-05 15:23:48 +0000
commit41d599cb37fbc082a4869e32b520d7017085c4f7 (patch)
tree699ac5e76a621d93921c4cc10ff62977d8e03f74 /common/deploy-steps-tasks.yaml
parent9f408dbe8bc8371424ecb816877b1cfe62498f8d (diff)
Set mode for ansible written files
Use a more restrictive mode for these files, as some may contain sensitive data which shouldn't be world readable Closes-Bug: #1714986 Change-Id: Ib1e79b1d4e25d6e329938402b1ca776bdab81bdd (cherry picked from commit 94c7752cfae64d96124a32bc36ccd6ec7b4df4a7)
Diffstat (limited to 'common/deploy-steps-tasks.yaml')
-rw-r--r--common/deploy-steps-tasks.yaml2
1 files changed, 1 insertions, 1 deletions
diff --git a/common/deploy-steps-tasks.yaml b/common/deploy-steps-tasks.yaml
index f0729425..73d3036c 100644
--- a/common/deploy-steps-tasks.yaml
+++ b/common/deploy-steps-tasks.yaml
@@ -5,7 +5,7 @@
# Per step puppet configuration of the baremetal host
#####################################################
- name: Write the config_step hieradata
- copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true
+ copy: content="{{dict(step=step|int)|to_json}}" dest=/etc/puppet/hieradata/config_step.json force=true mode=0600
- name: Run puppet host configuration for step {{step}}
command: >-
puppet apply