Add umask parameter to not depend on system umask ... (issue #94)

tasks/client.yml

@@ -9,6 +9,7 @@
       owner: "{{ sensu_user_name }}"
       group: "{{ sensu_group_name }}"
       src: "{{ sensu_client_config  }}"
+      mode: "0640"
     notify: restart sensu-client service
 
   - include: "{{ role_path }}/tasks/SmartOS/client.yml"

tasks/common.yml

@@ -9,6 +9,7 @@
       state: directory
       owner: "{{ sensu_user_name }}"
       group: "{{ sensu_group_name }}"
+      mode: "0640"
 
   - name: Deploy Sensu Redis configuration
     template:
@@ -29,6 +30,7 @@
       owner: "{{ sensu_user_name }}"
       group: "{{ sensu_group_name }}"
       src: "{{ sensu_rabbitmq_config }}"
+      mode: "0640"
     when: sensu_transport == "rabbitmq"
           and sensu_deploy_rabbitmq_config
     notify:
@@ -43,6 +45,7 @@
       owner: "{{ sensu_user_name }}"
       group: "{{ sensu_group_name }}"
       src: transport.json.j2
+      mode: "0640"
     when: sensu_deploy_transport_config
     notify:
       - restart sensu-server service

tasks/plugins.yml

@@ -22,7 +22,7 @@
       - client_definitions
 
   - name: Ensure any remote plugins defined are present
-    shell: sensu-install -p {{ item }}
+    shell: umask 0022; sensu-install -p {{ item }}
     with_items: "{{ sensu_remote_plugins }}"
     changed_when: false
     when: sensu_remote_plugins > 0

tasks/ssl.yml

@@ -22,8 +22,9 @@
       remote_src: "{{ sensu_ssl_deploy_remote_src }}"
       group: "{{ sensu_group_name }}"
       dest: "{{ sensu_config_path }}/ssl/{{ item.dest }}"
+      mode: " {{ item.perm }}"
     with_items:
-      - {src: "{{ sensu_ssl_client_cert }}", dest: cert.pem}
-      - {src: "{{ sensu_ssl_client_key }}", dest: key.pem}
+      - {src: "{{ sensu_ssl_client_cert }}", dest: cert.pem , perm: "0644" }
+      - {src: "{{ sensu_ssl_client_key }}" , dest: key.pem  , perm: "0640" }
     notify: restart sensu-client service
     when: sensu_ssl_manage_certs