From 856866fdde6fd1e1217a65edf07665665090df7c Mon Sep 17 00:00:00 2001
From: Sorin Sbarnea <ssbarnea@redhat.com>
Date: Thu, 27 Aug 2020 18:41:21 +0100
Subject: [PATCH] More E208 mode fixes
Change-Id: I8157ec1f31b8c5a064b63002e8311b91ef9ce9ab
See: https://ansible-lint.readthedocs.io/en/latest/default_rules.html#file-permissions-not-mentioned
---
roles/build-docker-image/tasks/setup-buildx.yaml | 1 +
roles/git-prepare-nodecache/tasks/main.yaml | 1 +
roles/use-buildset-registry/tasks/main.yaml | 5 +++++
roles/use-buildset-registry/tasks/user-config.yaml | 1 +
roles/use-docker-mirror/tasks/mirror.yaml | 1 +
util-tasks/run-docker-registry.yaml | 2 ++
6 files changed, 11 insertions(+)
diff --git a/roles/build-docker-image/tasks/setup-buildx.yaml b/roles/build-docker-image/tasks/setup-buildx.yaml
index 51720a4c9..0b80c4bfe 100644
--- a/roles/build-docker-image/tasks/setup-buildx.yaml
+++ b/roles/build-docker-image/tasks/setup-buildx.yaml
@@ -28,6 +28,7 @@
copy:
content: "{{ buildset_registry.cert }}"
dest: "{{ buildkit_cert_tmp.path }}"
+ mode: preserve
when: buildset_registry is defined and buildset_registry.cert
- name: Copy buildset registry TLS cert into worker container
diff --git a/roles/git-prepare-nodecache/tasks/main.yaml b/roles/git-prepare-nodecache/tasks/main.yaml
index 0f69804c2..224c3ce3c 100644
--- a/roles/git-prepare-nodecache/tasks/main.yaml
+++ b/roles/git-prepare-nodecache/tasks/main.yaml
@@ -2,6 +2,7 @@
file:
path: "{{ git_cache_root }}/{{ zj_project.canonical_name | dirname }}"
state: directory
+ mode: 0775
with_items: "{{ zuul.projects.values() | list }}"
loop_control:
loop_var: zj_project
diff --git a/roles/use-buildset-registry/tasks/main.yaml b/roles/use-buildset-registry/tasks/main.yaml
index 6c4bc0e50..13c902bc9 100644
--- a/roles/use-buildset-registry/tasks/main.yaml
+++ b/roles/use-buildset-registry/tasks/main.yaml
@@ -34,11 +34,13 @@
file:
state: directory
path: /etc/docker
+ mode: 0755
- name: Write buildset registry TLS certificate
become: true
copy:
content: "{{ buildset_registry.cert }}"
dest: "{{ ca_dir }}/{{ buildset_registry_alias }}.crt"
+ mode: 0644
register: _tls_ca
- name: Update CA certs
command: "{{ ca_command }}"
@@ -74,6 +76,7 @@
copy:
content: "{{ docker_config | to_nice_json }}"
dest: /etc/docker/daemon.json
+ mode: 0644
become: true
- name: Restart docker daemon
@@ -89,6 +92,7 @@
file:
state: directory
path: /etc/containers
+ mode: 0755
- name: Modify registries.conf
become: yes
modify_registries_conf:
@@ -102,6 +106,7 @@
file:
state: directory
path: /etc/buildkit/
+ mode: 0755
- name: Modify buildkitd.toml
become: yes
modify_buildkitd_toml:
diff --git a/roles/use-buildset-registry/tasks/user-config.yaml b/roles/use-buildset-registry/tasks/user-config.yaml
index b4c9eea61..e133503ea 100644
--- a/roles/use-buildset-registry/tasks/user-config.yaml
+++ b/roles/use-buildset-registry/tasks/user-config.yaml
@@ -48,6 +48,7 @@
copy:
content: "{{ docker_config | to_nice_json }}"
dest: "/run/user/{{ ansible_user_uid }}/auth.json"
+ mode: 0600
# The next two tasks are for supporting k8s
- name: Check if /var/lib/kubelet exists
stat:
diff --git a/roles/use-docker-mirror/tasks/mirror.yaml b/roles/use-docker-mirror/tasks/mirror.yaml
index 17a968666..d845bae55 100644
--- a/roles/use-docker-mirror/tasks/mirror.yaml
+++ b/roles/use-docker-mirror/tasks/mirror.yaml
@@ -3,6 +3,7 @@
file:
state: directory
path: /etc/docker
+ mode: 0755
- name: Set docker_mirror fact
when:
diff --git a/util-tasks/run-docker-registry.yaml b/util-tasks/run-docker-registry.yaml
index 92c2441c1..b40f06976 100644
--- a/util-tasks/run-docker-registry.yaml
+++ b/util-tasks/run-docker-registry.yaml
@@ -19,6 +19,7 @@
file:
path: "{{ registry_tempdir.path }}/auth"
state: directory
+ mode: 0755
- name: Install passlib for htpasswd
become: true
@@ -33,6 +34,7 @@
create: true
crypt_scheme: bcrypt
path: "{{ registry_tempdir.path }}/auth/htpasswd"
+ mode: 0644
name: "{{ registry.username }}"
password: "{{ registry.password }}"