summaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorScott Dodson <sdodson@redhat.com>2017-12-01 08:46:43 -0500
committerGitHub <noreply@github.com>2017-12-01 08:46:43 -0500
commit18b741935c1a68ba02734ac24629d1cc25027a0b (patch)
treec62bb82435b1f92e5418b8c2103c18caa35623ec /roles
parentfdf3edec3f880d21e19e2007065be3ed0ed59a13 (diff)
parent1eec1ab3395d07a06d76e756c8944163c62da422 (diff)
downloadopenshift-18b741935c1a68ba02734ac24629d1cc25027a0b.tar.gz
openshift-18b741935c1a68ba02734ac24629d1cc25027a0b.tar.bz2
openshift-18b741935c1a68ba02734ac24629d1cc25027a0b.tar.xz
openshift-18b741935c1a68ba02734ac24629d1cc25027a0b.zip
Merge pull request #6205 from irozzo-1A/logging-become-master
Do not escalate privileges in jks generation tasks
Diffstat (limited to 'roles')
-rw-r--r--roles/openshift_logging/tasks/generate_jks.yaml6
1 files changed, 6 insertions, 0 deletions
diff --git a/roles/openshift_logging/tasks/generate_jks.yaml b/roles/openshift_logging/tasks/generate_jks.yaml
index 6e3204589..d6ac88dcc 100644
--- a/roles/openshift_logging/tasks/generate_jks.yaml
+++ b/roles/openshift_logging/tasks/generate_jks.yaml
@@ -24,21 +24,25 @@
local_action: file path="{{local_tmp.stdout}}/elasticsearch.jks" state=touch mode="u=rw,g=r,o=r"
when: elasticsearch_jks.stat.exists
changed_when: False
+ become: no
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/logging-es.jks" state=touch mode="u=rw,g=r,o=r"
when: logging_es_jks.stat.exists
changed_when: False
+ become: no
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/system.admin.jks" state=touch mode="u=rw,g=r,o=r"
when: system_admin_jks.stat.exists
changed_when: False
+ become: no
- name: Create placeholder for previously created JKS certs to prevent recreating...
local_action: file path="{{local_tmp.stdout}}/truststore.jks" state=touch mode="u=rw,g=r,o=r"
when: truststore_jks.stat.exists
changed_when: False
+ become: no
- name: pulling down signing items from host
fetch:
@@ -57,10 +61,12 @@
vars:
- top_dir: "{{local_tmp.stdout}}"
when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
+ become: no
- name: Run JKS generation script
local_action: script generate-jks.sh {{local_tmp.stdout}} {{openshift_logging_namespace}}
check_mode: no
+ become: no
when: not elasticsearch_jks.stat.exists or not logging_es_jks.stat.exists or not system_admin_jks.stat.exists or not truststore_jks.stat.exists
- name: Pushing locally generated JKS certs to remote host...