Merge pull request #1432 from sdodson/bz1302513

Don't make config files world readable

roles/openshift_master/tasks/main.yml

@@ -221,6 +221,9 @@
   template:
     dest: "{{ openshift.master.session_secrets_file }}"
     src: sessionSecretsFile.yaml.v1.j2
+    owner: root
+    group: root
+    mode: 0600
   when: openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined
   notify:
   - restart master
@@ -235,6 +238,9 @@
     dest: "{{ openshift_master_config_file }}"
     src: master.yaml.v1.j2
     backup: true
+    owner: root
+    group: root
+    mode: 0600
   notify:
   - restart master
   - restart master api

roles/openshift_node/tasks/main.yml

@@ -84,6 +84,9 @@
     dest: "{{ openshift_node_config_file }}"
     src: node.yaml.v1.j2
     backup: true
+    owner: root
+    group: root
+    mode: 0600
   notify:
   - restart node