cqrenet/matrix-docker-ansible-deploy
3
0
Fork 0
mirror of https://github.com/spantaleev/matrix-docker-ansible-deploy.git synced 2026-03-25 22:17:25 +00:00
Code Issues Wiki Activity

matrix-authentication-service: normalize generated key ownership

Browse Source 
Fix host-generated MAS key ownership and mode after creation so installs recover cleanly when become_user is not honored. Fixes https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5033
This commit is contained in:
Slavi Pantaleev
2026-03-16 16:49:51 +02:00
parent 7e0d86d2ea
commit c6d33b819a
1 changed files with 20 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
roles/custom/matrix-authentication-service/tasks/install.yml
View File

@@ -33,6 +33,25 @@
loop_control: loop_control:
loop_var: private_key_definition loop_var: private_key_definition
# We intentionally do a single fixup pass here (instead of in `prepare_key.yml`)
# so that we reconcile both newly generated keys and any pre-existing keys with
# incorrect ownership/mode in one place.
#
# This primarily protects against setups where `become_user` is effectively not
# honored (for example due to inventory misconfiguration such as `ansible_become=false`),
# which can lead to host-side key generation creating root-owned files.
#
# See: https://github.com/spantaleev/matrix-docker-ansible-deploy/issues/5033
- name: Ensure Matrix Authentication Service private keys have correct ownership and mode
ansible.builtin.file:
path: "{{ matrix_authentication_service_data_keys_path }}/{{ item.key_file }}"
state: file
mode: '0600'
owner: "{{ matrix_user_name }}"
group: "{{ matrix_group_name }}"
with_items: "{{ matrix_authentication_service_key_management_list }}"
register: matrix_authentication_service_private_keys_result
- name: Ensure Matrix Authentication Service configuration installed - name: Ensure Matrix Authentication Service configuration installed
ansible.builtin.copy: ansible.builtin.copy:
content: "{{ matrix_authentication_service_configuration | to_nice_yaml(indent=2, width=999999) }}" content: "{{ matrix_authentication_service_configuration | to_nice_yaml(indent=2, width=999999) }}"
@@ -117,4 +136,5 @@
or matrix_authentication_service_support_files_result.changed | default(false) or matrix_authentication_service_support_files_result.changed | default(false)
or matrix_authentication_service_systemd_service_result.changed | default(false) or matrix_authentication_service_systemd_service_result.changed | default(false)
or matrix_authentication_service_container_image_pull_result.changed | default(false) or matrix_authentication_service_container_image_pull_result.changed | default(false)
or matrix_authentication_service_private_keys_result.changed | default(false)
}} }}