Skip to content

C
configuration
Commit ae6b9b25 by John Jarvis
Options

Merge pull request #462 from edx/jarv/gpg-perms 

gnupg dir needs to be owned by the web user
parents cfd5156b 0a11ab74
Showing with 3 additions and 12 deletions
playbooks/roles/certs/tasks/main.yml
......@@ -57,7 +57,7 @@
- name: certs | create certs gpg dir
file: >
path="{{ certs_gpg_dir }}" state=directory
owner="{{ certs_user }}" group="{{ certs_user }}"
owner="{{ common_web_user }}"
mode=0700
notify: certs | restart certs
......@@ -65,7 +65,7 @@
copy: >
src={{ CERTS_LOCAL_PRIVATE_KEY }}
dest={{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
owner={{ certs_user }} mode=0600
owner={{ common_web_user }} mode=0600
notify: certs | restart certs
register: certs_gpg_key
......@@ -73,19 +73,10 @@
- name: certs | load the gpg key
shell: >
/usr/bin/gpg --homedir {{ certs_gpg_dir }} --import {{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
sudo_user: "{{ certs_user }}"
sudo_user: "{{ common_web_user }}"
when: certs_gpg_key.changed
notify: certs | restart certs
- name: certs | set permission to the certs_gpg_dir so that it can be read by the web user
file: >
path={{ certs_gpg_dir }}
owner={{ certs_user }}
group={{ common_web_user }}
mode=0640 recurse=yes
state=directory
notify: certs | restart certs
- include: deploy.yml
- name: certs | create a symlink for venv python
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment