i'm unable to reproduce this using the provided images from 2015-06-26

it should have been addressed by:
https://review.openstack.org/183509

Steve, I commented on the upstream review, but I don't think changing the umask from 077 to 0077 actually makes any difference.

I think this was fixed by Derek's earlier patch and that just hadn't made it into the image builds when this was first reported on 2015-06-08

note that https://review.openstack.org/183509 was in the 0.0.1 release of tripleo-puppet-elements and built into openstack-tripleo-puppet-elements-0.0.1-2

Permissions on /etc/puppet/hieradata look good now on puddle 2015-07-02-1.

I have abandoned the upstream change.

qe: please retest this and confirm permissions are 0700 on /etc/puppet/hieradata on the overcloud nodes

Now I created a deployment with http://rhos-release.virt.bos.redhat.com/mburns/2015-07-13.1/images/ .

The n-cpu node seams ok.
[heat-admin@overcloud-compute-0 ~]$ ls -ld /etc/puppet/hieradata/
drwx------. 2 root root 4096 Jul 15 09:09 /etc/puppet/hieradata/

Atilla -- we should mark this verified, not closed currentrelease.

os-refresh-config creates the directory with 700 at the first run,
but it does not changes the permission if the  directory already exists with wrong permission.

The directory does not exists on the base images.
So, If anyone has a system installed from the old images, he needs to change permissions manually, the newly installed systems expected to be ok.

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2015:1549