From f28c90fad8cab8025ca60cc1daba499d3f4fdadc Mon Sep 17 00:00:00 2001
From: David Moreau Simard <dmsimard@redhat.com>
Date: Sat, 24 Mar 2018 21:31:23 -0400
Subject: [PATCH] Fix permissions for certificate files in nodepool's home
 directory

It worked the way things were before but it's cleaner to have them
nodepool/nodepool and 0600.

Change-Id: Ieebbd9d6fdc65c04263294c680e64fc5e561d82d
---
 manifests/site.pp | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/manifests/site.pp b/manifests/site.pp
index ef849d6751..bed84b3106 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1057,9 +1057,9 @@ node 'nodepool.openstack.org' {
   }
   file { '/home/nodepool/.config/openstack/limestone_cacert.pem':
     ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0444',
+    owner   => 'nodepool',
+    group   => 'nodepool',
+    mode    => '0600',
     content => hiera('limestone_ssl_cert_file_contents'),
     require => Class['::openstackci::nodepool'],
   }
@@ -1149,9 +1149,9 @@ node /^nl\d+\.openstack\.org$/ {
   }
   file { '/home/nodepool/.config/openstack/limestone_cacert.pem':
     ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0444',
+    owner   => 'nodepool',
+    group   => 'nodepool',
+    mode    => '0600',
     content => hiera('limestone_ssl_cert_file_contents'),
     require => Class['::openstackci::nodepool_launcher'],
   }
@@ -1236,9 +1236,9 @@ node /^nb\d+\.openstack\.org$/ {
   }
   file { '/home/nodepool/.config/openstack/limestone_cacert.pem':
     ensure  => present,
-    owner   => 'root',
-    group   => 'root',
-    mode    => '0444',
+    owner   => 'nodepool',
+    group   => 'nodepool',
+    mode    => '0600',
     content => hiera('limestone_ssl_cert_file_contents'),
     require => Class['::openstackci::nodepool_builder'],
   }