diff options
author | Scott Dodson <sdodson@redhat.com> | 2017-12-01 08:46:43 -0500 |
---|---|---|
committer | GitHub <noreply@github.com> | 2017-12-01 08:46:43 -0500 |
commit | 18b741935c1a68ba02734ac24629d1cc25027a0b (patch) | |
tree | c62bb82435b1f92e5418b8c2103c18caa35623ec /roles | |
parent | fdf3edec3f880d21e19e2007065be3ed0ed59a13 (diff) | |
parent | 1eec1ab3395d07a06d76e756c8944163c62da422 (diff) | |
download | openshift-18b741935c1a68ba02734ac24629d1cc25027a0b.tar.gz openshift-18b741935c1a68ba02734ac24629d1cc25027a0b.tar.bz2 openshift-18b741935c1a68ba02734ac24629d1cc25027a0b.tar.xz openshift-18b741935c1a68ba02734ac24629d1cc25027a0b.zip |
Merge pull request #6205 from irozzo-1A/logging-become-master
Do not escalate privileges in jks generation tasks
Diffstat (limited to 'roles')
-rw-r--r-- | roles/openshift_logging/tasks/generate_jks.yaml | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml index 6e3204589..d6ac88dcc 100644 --- a/roles/openshift_logging/tasks/generate_jks.yaml +++ b/roles/openshift_logging/tasks/generate_jks.yaml @@ -24,21 +24,25 @@ local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r" when: elasticsearch_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/logging-es.jks" state=touch mode="u=rw,g=r,o=r" when: logging_es_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r" when: system_admin_jks.stat.exists changed_when: False + become: no - name: Create placeholder for previously created JKS certs to prevent recreating... local_action: file path="{{local_tmp.stdout}}/truststore.jks" state=touch mode="u=rw,g=r,o=r" when: truststore_jks.stat.exists changed_when: False + become: no - name: pulling down signing items from host fetch: @@ -57,10 +61,12 @@ vars: - top_dir: "{{local_tmp.stdout}}" when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists + become: no - name: Run JKS generation script local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}} check_mode: no + become: no when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists - name: Pushing locally generated JKS certs to remote host... |