Set certificate ownership properly

When creating certificate for collective, ensure that the certificate is usable by confluent when running as non-root.
2024-11-22 09:32:21 +00:00 · 2020-03-12 16:04:23 -04:00 · 2020-03-12 16:04:23 -04:00 · 9ee29aabe1
commit 9ee29aabe1
parent a413f321fe
1 changed files with 6 additions and 0 deletions
--- a/confluent_server/bin/collective
+++ b/confluent_server/bin/collective
@ -40,6 +40,12 @@ def make_certificate():
                              '/etc/confluent/srvcert.pem -subj /CN='
                              '{0}'.format(socket.gethostname()).split(' ')):
        raise Exception('Error generating certificate')
+    try:
+        uid = pwd.getpwnam('confluent').pw_uid
+        os.chown('/etc/confluent/privkey.pem', uid, -1)
+        os.chown('/etc/confluent/srvcert.pem', uid, -1)
+    except KeyError:
+        pass
    print('Certificate generated successfully')
    os.umask(umask)