From c9a2b9bf93d89916950938643bedbce841668cc2 Mon Sep 17 00:00:00 2001
From: Scott Dodson <sdodson@redhat.com>
Date: Wed, 17 Feb 2016 14:06:56 -0500
Subject: Don't make config files world readable

---
 roles/openshift_master/tasks/main.yml | 6 ++++++
 roles/openshift_node/tasks/main.yml   | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 23dfacf79..dd66eeebb 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -221,6 +221,9 @@
   template:
     dest: "{{ openshift.master.session_secrets_file }}"
     src: sessionSecretsFile.yaml.v1.j2
+    owner: root
+    group: root
+    mode: 0600
   when: openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined
   notify:
   - restart master
@@ -235,6 +238,9 @@
     dest: "{{ openshift_master_config_file }}"
     src: master.yaml.v1.j2
     backup: true
+    owner: root
+    group: root
+    mode: 0600
   notify:
   - restart master
   - restart master api
diff --git a/roles/openshift_node/tasks/main.yml b/roles/openshift_node/tasks/main.yml
index acf2f74e3..43253d72b 100644
--- a/roles/openshift_node/tasks/main.yml
+++ b/roles/openshift_node/tasks/main.yml
@@ -84,6 +84,9 @@
     dest: "{{ openshift_node_config_file }}"
     src: node.yaml.v1.j2
     backup: true
+    owner: root
+    group: root
+    mode: 0600
   notify:
   - restart node
 
-- 
cgit v1.2.3