43 lines
1.0 KiB
Bash
43 lines
1.0 KiB
Bash
#!/bin/bash
|
|
#
|
|
# Copyright (c) 2022 Wind River Systems, Inc.
|
|
#
|
|
# SPDX-License-Identifier: Apache-2.0
|
|
#
|
|
# This script resets permissions of some Kubernetes *.key files to 0600 on controller-0 only.
|
|
|
|
FROM_RELEASE=$1
|
|
TO_RELEASE=$2
|
|
ACTION=$3
|
|
|
|
# This will log to /var/log/platform.log
|
|
function log {
|
|
logger -p local1.info $1
|
|
}
|
|
|
|
reset-k8s-key-file-permissions()
|
|
{
|
|
APISERVER_KEY="/etc/kubernetes/pki/apiserver-etcd-client.key"
|
|
CA_KEY="/etc/kubernetes/pki/ca.key"
|
|
declare -a FILE_LIST=("$APISERVER_KEY" "$CA_KEY" )
|
|
|
|
for file in "${FILE_LIST[@]}"; do
|
|
if [ -f "$file" ]; then
|
|
log "Resetting permissions for file $file ..."
|
|
chmod 0600 $file
|
|
fi
|
|
done
|
|
|
|
log "Kubernetes key files permissions successfully reset."
|
|
}
|
|
|
|
log "Script $0 invoked with from_release = $FROM_RELEASE to_release = $TO_RELEASE action = $ACTION"
|
|
|
|
if [ "$TO_RELEASE" == "22.12" ] && [ "$ACTION" == "activate" ]; then
|
|
reset-k8s-key-file-permissions
|
|
else
|
|
log "Script $0 execution skipped"
|
|
fi
|
|
|
|
exit 0
|