2
0
mirror of https://github.com/xcat2/confluent.git synced 2024-11-25 19:10:10 +00:00

Set certificate ownership properly

When creating certificate for collective, ensure that the certificate
is usable by confluent when running
as non-root.
This commit is contained in:
Jarrod Johnson 2020-03-12 16:04:23 -04:00
parent a413f321fe
commit 9ee29aabe1

View File

@ -40,6 +40,12 @@ def make_certificate():
'/etc/confluent/srvcert.pem -subj /CN='
'{0}'.format(socket.gethostname()).split(' ')):
raise Exception('Error generating certificate')
try:
uid = pwd.getpwnam('confluent').pw_uid
os.chown('/etc/confluent/privkey.pem', uid, -1)
os.chown('/etc/confluent/srvcert.pem', uid, -1)
except KeyError:
pass
print('Certificate generated successfully')
os.umask(umask)