Adjust minion PKI permissions
Needed for non-root Syndic operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
parent
2a7a9decee
commit
1c0551755f
GPG Key ID:
1ED2F138E7E6FF57
|
|
@ -220,14 +220,16 @@ salt-minion-pki-dir:
|
|||
- name: {{ salt_settings.config_path | path_join('pki', 'minion') }}
|
||||
{% endif %}
|
||||
- user: {{ salt_settings.rootuser }}
|
||||
- group:
|
||||
- group: salt
|
||||
{#
|
||||
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
|
||||
wheel
|
||||
{%- else %}
|
||||
{{ salt_settings.rootgroup }}
|
||||
{%- endif %}
|
||||
#}
|
||||
{%- if grains['kernel'] != 'Windows' %}
|
||||
- mode: 700
|
||||
- mode: 750
|
||||
{% endif %}
|
||||
- makedirs: True
|
||||
|
||||
|
|
@ -239,14 +241,16 @@ permissions-minion.pem:
|
|||
- name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pem') }}
|
||||
{% endif %}
|
||||
- user: {{ salt_settings.rootuser }}
|
||||
- group:
|
||||
- group: salt
|
||||
{#
|
||||
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
|
||||
wheel
|
||||
{%- else %}
|
||||
{{ salt_settings.rootgroup }}
|
||||
{%- endif %}
|
||||
#}
|
||||
{%- if grains['kernel'] != 'Windows' %}
|
||||
- mode: 400
|
||||
- mode: 440
|
||||
{% endif %}
|
||||
- replace: False
|
||||
- require:
|
||||
|
|
|
|||
Loading…
Reference in New Issue