Revert "Update permission of files under /var/log/"

This reverts commit 617b6b78327544003adcf05c033c51f04406d4bc.

Reason for revert: puppet error on controller-1

Change-Id: I128168f90fffdd7f90ff5e2fd7fd298f3b7c9bca

puppet-manifests/src/manifests/aio.pp

@@ -125,11 +125,6 @@ class { '::platform::config::aio::post':
   stage => post,
 }
 
-class { '::platform::logpermission':
-  stage   => post,
-  require => Class['::platform::config::aio::post'],
-}
-
 if $::osfamily == 'Debian' {
   lookup('classes', {merge => unique}).include
 } else {

puppet-manifests/src/manifests/controller.pp

@@ -128,11 +128,6 @@ class { '::platform::config::controller::post':
   stage => post,
 }
 
-class { '::platform::logpermission':
-  stage   => post,
-  require => Class['::platform::config::controller::post'],
-}
-
 if $::osfamily == 'Debian' {
   lookup('classes', {merge => unique}).include
 } else {

puppet-manifests/src/manifests/storage.pp

@@ -46,11 +46,6 @@ class { '::platform::config::storage::post':
   stage => post,
 }
 
-class { '::platform::logpermission':
-  stage   => post,
-  require => Class['::platform::config::storage::post'],
-}
-
 if $::osfamily == 'Debian' {
   lookup('classes', {merge => unique}).include
 } else {

puppet-manifests/src/manifests/worker.pp

@@ -63,11 +63,6 @@ class { '::platform::config::worker::post':
   stage => post,
 }
 
-class { '::platform::logpermission':
-  stage   => post,
-  require => Class['::platform::config::worker::post'],
-}
-
 if $::osfamily == 'Debian' {
   lookup('classes', {merge => unique}).include
 } else {

puppet-manifests/src/modules/openstack/manifests/barbican.pp

@@ -150,8 +150,7 @@ class openstack::barbican::service (
 
   cron { 'barbican-cleaner':
     ensure      => 'present',
-    command     => '/usr/bin/barbican-manage db clean -p -e -L /var/log/barbican/barbican-clean.log && \
+    command     => '/usr/bin/barbican-manage db clean -p -e -L /var/log/barbican/barbican-clean.log',
-                    chmod 640 /var/log/barbican/barbican-clean.log',
     environment => 'PATH=/bin:/usr/bin:/usr/sbin',
     minute      => '50',
     hour        => '*/24',

puppet-manifests/src/modules/openstack/templates/barbican-api-logrotate.erb

@@ -11,5 +11,4 @@
     compress
     notifempty
     copytruncate
-    create 0640 root root
 }

puppet-manifests/src/modules/platform/manifests/collectd.pp

@@ -94,8 +94,7 @@ class platform::collectd
     command     => @(EOL/L),
         date --rfc-3339=s >> /var/log/rss-memory.log; \
         ps -e -o ppid,pid,nlwp,rss:10,vsz:10,comm,cmd --sort=-rss \
-        >> /var/log/rss-memory.log; \
+        >> /var/log/rss-memory.log
-        /bin/chmod 0640 /var/log/rss-memory.log
         |- EOL
   }
 

puppet-manifests/src/modules/platform/manifests/logpermission.pp

@@ -1,117 +0,0 @@
-class platform::logpermission {
-
-  # Set permissions to 640 only for files with less restrictive permissions
-  exec { 'set_log_permissions':
-    command => 'find /var/log -type f \( -perm -004 -o -perm -020 \) -exec chmod 640 {} \;',
-    path    => '/bin:/usr/bin',
-    onlyif  => 'find /var/log -type f \( -perm -004 -o -perm -020 \)',
-  }
-
-  # Set permissions to 750 for directories under /var/log if not already set
-  exec { 'set_log_directory_permissions':
-    command => 'find /var/log -type d \( -perm -001 -o -perm -010 -o -perm -100 \) -exec chmod 750 {} \;',
-    path    => '/bin:/usr/bin',
-    onlyif  => 'find /var/log -type d \( -perm -001 -o -perm -010 -o -perm -100 \)',
-  }
-
-  # Change ownership to root:root for specific log files
-  file { '/var/log/postgresql/postgresql-13-main.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/nfv-vim-events.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/nfv-vim-alarms.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/ceph/ceph-mds.controller-0.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/ceph/ceph-mgr.controller-0.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/ceph-manager.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/rabbitmq/startup_log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/rabbitmq/startup_err':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/rabbitmq/log/crash.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/rabbitmq/rabbit@localhost_upgrade.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/rabbitmq/rabbit@localhost.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/mgr-restful-plugin.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  file { '/var/log/barbican/barbican-api.log':
-    ensure => 'file',
-    owner  => 'root',
-    group  => 'root',
-    mode   => '0640',
-  }
-
-  # Use exec to change ownership for /var/log/memcached.log to avoid conflicts with other modules
-  exec { 'set_memcached_log_ownership':
-    command => 'chown root:root /var/log/memcached.log && chmod 640 /var/log/memcached.log',
-    path    => '/bin:/usr/bin',
-    onlyif  => 'stat -c "%U:%G" /var/log/memcached.log | grep -qv "root:root"',
-  }
-}
-
-