scylla-ansible-roles icon indicating copy to clipboard operation
scylla-ansible-roles copied to clipboard

Published 20 hours ago verified publisher icon scylladb

Ansible Node - Enforce private key permission and bind permissions to scylla user

Open fee-mendes opened this issue 2 years ago • 0 comments

When the source playbook is executed with become: True its relevant TLS certificates will be owned by root. This causes a problem, because later on when trying to copy we are unable to read the resulting private key file, as it is (correctly) created by default with mode 0600.

This commit let Ansible generate each PKI component with mode 0644. Then, ensure these are copied to the remote machine's with strict permissions to scylla user/group. Finally, ensure that the private key is only readable by its target user - both locally and remotely.

Fixes #139

fee-mendes avatar Jul 04 '22 02:07 fee-mendes