ansible: set ovirt-vmconsole ownership on certificate files

ovirt-vmconsole is running under its own user and need access to certificates. This only worked till now since the certificates were mistakenly opened to others, but now it prevents sshd to acess its host key
oVirt · Jul 28, 2022 · ec71685 · ec71685
1 parent 3e0b763
commit ec71685
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/...er-service-project/project/roles/ovirt-host-deploy-vm-console-certificates/tasks/main.yml b/...er-service-project/project/roles/ovirt-host-deploy-vm-console-certificates/tasks/main.yml
@@ -54,14 +54,18 @@
     copy:
       content: "{{ ovirt_ca_key }}"
       dest: "{{ ovirt_vmconsole_ca_file }}"
+      owner: 'ovirt-vmconsole'
+      group: 'ovirt-vmconsole'
       mode: 0644
 
   - name: Add cert files
     copy:
       src: "{{ ovirt_pki_dir }}/certs/{{ ovirt_vds_hostname }}-ssh-cert.pub"
       dest: "{{ ovirt_vmconsole_cert_file }}"
       remote_src: no
-      mode: preserve
+      owner: 'ovirt-vmconsole'
+      group: 'ovirt-vmconsole'
+      mode: 0644
 
   - name: Set vmconsole key path
     set_fact: