From 8b3bb61ae7840b456f6ecee5b6ae0bafff74581a Mon Sep 17 00:00:00 2001
From: Monty Taylor <mordred@inaugust.com>
Date: Wed, 9 Mar 2016 11:37:12 -0600
Subject: [PATCH] Make the shade cache and groups writable by admin

In order for individuals to be able to run launch node commands without
becoming root, make these group owned and group writeable by admin.

Change-Id: I0a2fa336919be24d41a6a9c0a88b91a87536cbcc
---
 .../manifests/puppetmaster.pp                 | 28 +++++++++++++++++--
 1 file changed, 26 insertions(+), 2 deletions(-)

diff --git a/modules/openstack_project/manifests/puppetmaster.pp b/modules/openstack_project/manifests/puppetmaster.pp
index 605901238b..0ce6c31ded 100644
--- a/modules/openstack_project/manifests/puppetmaster.pp
+++ b/modules/openstack_project/manifests/puppetmaster.pp
@@ -233,6 +233,9 @@ class openstack_project::puppetmaster (
 
   file { '/etc/ansible/hosts':
     ensure  => directory,
+    owner   => 'root',
+    group   => 'admin',
+    mode    => '0755',
   }
 
   file { '/etc/ansible/hosts/puppet':
@@ -255,8 +258,15 @@ class openstack_project::puppetmaster (
   file { '/etc/ansible/hosts/emergency':
     ensure  => present,
     owner   => 'root',
-    group   => 'root',
-    mode    => '0644',
+    group   => 'admin',
+    mode    => '0664',
+  }
+
+  file { '/etc/ansible/hosts/generated-groups':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'admin',
+    mode    => '0664',
   }
 
   file { '/etc/ansible/hosts/infracloud':
@@ -275,6 +285,20 @@ class openstack_project::puppetmaster (
     notify => Exec['expand_groups'],
   }
 
+  file { '/var/cache/ansible-inventory':
+    ensure  => directory,
+    owner   => 'root',
+    group   => 'admin',
+    mode    => '2775',
+  }
+
+  file { '/var/cache/ansible-inventory/ansible-inventory.cache':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'admin',
+    mode    => '0664',
+  }
+
   file { '/usr/local/bin/expand-groups.sh':
     owner  => 'root',
     group  => 'root',