Merge pull request #461 from edx/jarv/gpg-perms

Jarv/gpg perms

Merge pull request #461 from edx/jarv/gpg-perms
Jarv/gpg perms
cfd5156b · John Jarvis · 63be9c88 · 5f6af054 · cfd5156b · cfd5156b
Commit cfd5156b authored Nov 15, 2013 by John Jarvis
Hide whitespace changes
Inline Side-by-side

Showing with 11 additions and 1 deletions

playbooks/roles/certs/tasks/main.yml
+10 -1

util/jenkins/ansible-provision.sh
+1 -0

No files found.
--- a/playbooks/roles/certs/tasks/main.yml
+++ b/playbooks/roles/certs/tasks/main.yml
@@ -65,7 +65,7 @@
  copy: >
    src={{ CERTS_LOCAL_PRIVATE_KEY }}
    dest={{ certs_app_dir }}/{{ CERTS_LOCAL_PRIVATE_KEY|basename }}
-    owner={{ certs_user }} group={{ common_web_user }} mode=0640
+    owner={{ certs_user }} mode=0600
  notify: certs | restart certs
  register: certs_gpg_key

@@ -77,6 +77,15 @@
  when: certs_gpg_key.changed
  notify: certs | restart certs

+- name: certs | set permission to the certs_gpg_dir so that it can be read by the web user
+  file: >
+    path={{ certs_gpg_dir }}
+    owner={{ certs_user }}
+    group={{ common_web_user }}
+    mode=0640 recurse=yes
+    state=directory
+  notify: certs | restart certs
+
 - include: deploy.yml

 - name: certs | create a symlink for venv python

--- a/util/jenkins/ansible-provision.sh
+++ b/util/jenkins/ansible-provision.sh
@@ -18,6 +18,7 @@
 # - environment
 # - name_tag

+export PYTHONUNBUFFERED=1
 export BOTO_CONFIG=/var/lib/jenkins/${aws_account}.boto

 if [[ -z $WORKSPACE ]]; then