From c5f0cb4b32903a89758ad05fbac4deb79e4f48ce Mon Sep 17 00:00:00 2001
From: "James E. Blair" <jeblair@linux.vnet.ibm.com>
Date: Tue, 23 Feb 2016 13:58:41 -0800
Subject: [PATCH] Make all-clouds.yaml admin readable

And also the certs and the other clouds.yaml file.
So that admins can run openstackclient, etc, without sudo.

Change-Id: Ib8be3cd0601531284ec5d33cb5024b8363d924ca
---
 modules/openstack_project/manifests/puppetmaster.pp | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/modules/openstack_project/manifests/puppetmaster.pp b/modules/openstack_project/manifests/puppetmaster.pp
index 7d5a663b65..cce3dcddbe 100644
--- a/modules/openstack_project/manifests/puppetmaster.pp
+++ b/modules/openstack_project/manifests/puppetmaster.pp
@@ -123,24 +123,24 @@ class openstack_project::puppetmaster (
   file { '/etc/openstack/clouds.yaml':
     ensure  => present,
     owner   => 'root',
-    group   => 'root',
-    mode    => '0600',
+    group   => 'admin',
+    mode    => '0660',
     content => template('openstack_project/puppetmaster/ansible-clouds.yaml.erb'),
   }
 
   file { '/etc/openstack/all-clouds.yaml':
     ensure  => present,
     owner   => 'root',
-    group   => 'root',
-    mode    => '0600',
+    group   => 'admin',
+    mode    => '0660',
     content => template('openstack_project/puppetmaster/all-clouds.yaml.erb'),
   }
 
   file { '/etc/openstack/infracloud_west_cacert.pem':
     ensure  => present,
     owner   => 'root',
-    group   => 'root',
-    mode    => '0600',
+    group   => 'admin',
+    mode    => '0660',
     content => $infracloud_hpuswest_ssl_cert_file_contents,
   }