uncouple booth authfile mode from pcmk authfile

According to booth documentation, user and group of booth authfile should be set to hacluster/haclient (created and used by pacemaker) but mode of file doesn't need to be same as pacemaker authfile. To prevent confusion constant was renamed.
neo502721 · Feb 22, 2018 · b056d0e · b056d0e
1 parent 9fff224
commit b056d0e
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 4 deletions.
diff --git a/pcs/lib/booth/env.py b/pcs/lib/booth/env.py
@@ -61,7 +61,10 @@ def set_keyfile_access(file_path):
     except EnvironmentError as e:
         raise report_keyfile_io_error(file_path, "chown", e)
     try:
-        os.chmod(file_path, settings.pacemaker_authkey_file_mode)
+        # According to booth documentation, user and group of booth authfile
+        # should be set to hacluster/haclient (created and used by pacemaker)
+        # but mode of file doesn't need to be same as pacemaker authfile.
+        os.chmod(file_path, settings.booth_authkey_file_mode)
     except EnvironmentError as e:
         raise report_keyfile_io_error(file_path, "chmod", e)
 

diff --git a/pcs/lib/commands/test/test_booth.py b/pcs/lib/commands/test/test_booth.py
@@ -935,7 +935,7 @@ def setUp(self):
                 name="fs.open.authfile.write"
             )
             .fs.chown(self.authfile_path, self.pcmk_uid, self.pcmk_gid)
-            .fs.chmod(self.authfile_path, settings.pacemaker_authkey_file_mode)
+            .fs.chmod(self.authfile_path, settings.booth_authkey_file_mode)
         )
 
         self.addCleanup(
@@ -1150,7 +1150,7 @@ def test_unable_to_set_authfile_mode(self, pwd_mock, grp_mock):
                 self.authfile_path, self.pcmk_uid, self.pcmk_gid,
             )
             .fs.chmod(
-                self.authfile_path, settings.pacemaker_authkey_file_mode,
+                self.authfile_path, settings.booth_authkey_file_mode,
                 side_effect=EnvironmentError(1, self.reason, self.authfile_path)
             )
         )

diff --git a/pcs/settings_default.py b/pcs/settings_default.py
@@ -21,7 +21,7 @@
 corosync_qdevice_net_client_ca_file_name = "qnetd-cacert.crt"
 corosync_authkey_file = os.path.join(corosync_conf_dir, "authkey")
 pacemaker_authkey_file = "/etc/pacemaker/authkey"
-pacemaker_authkey_file_mode = 0o600
+booth_authkey_file_mode = 0o600
 cluster_conf_file = "/etc/cluster/cluster.conf"
 fence_agent_binaries = "/usr/sbin/"
 pengine_binary = "/usr/libexec/pacemaker/pengine"