ODCS: use the same user/group on every machine.

2020-03-18 10:41:56 +00:00 · 2020-03-18 10:41:56 +00:00 · 14417c5f18
commit 14417c5f18
parent ebb4449e99
7 changed files with 49 additions and 58 deletions
--- a/roles/odcs/backend/tasks/main.yml
+++ b/roles/odcs/backend/tasks/main.yml
@ -35,9 +35,9 @@
  tags:
  - odcs
  - odcs/backend
- name: add the odcs user to the apache group
+- name: add the odcs-server user to the apache group
  user:
-    name: odcs
+    name: odcs-server
    group: apache
    groups: apache
    append: true
@ -51,7 +51,7 @@
  with_items:
  - odcs-manager upgradedb
  become: yes
-  become_user: odcs
+  become_user: odcs-server
  when: odcs_migrate_db
  notify:
  - restart odcs-celery-backend
--- a/roles/odcs/base/files/tmpfiles.d/odcs-backend.conf
+++ b/roles/odcs/base/files/tmpfiles.d/odcs-backend.conf
@ -1,3 +1,3 @@
-d /var/run/odcs-backend 0755 odcs fedmsg -
-d /var/log/odcs-backend 0755 odcs fedmsg -
+d /var/run/odcs-backend 0755 odcs-server -
+d /var/log/odcs-backend 0755 odcs-server -

--- a/roles/odcs/base/tasks/main.yml
+++ b/roles/odcs/base/tasks/main.yml
@ -49,14 +49,26 @@
  - odcs
  - odcs/backend

+- name: create odcs-server group
+  group:
+    name: odcs-server
+    gid: 64321
+    state: present
+
+- name: create odcs-server user
+  user:
+    name: odcs-server
+    uid: 64321
+    group: odcs-server
+
 - name: create ODCS_TARGET_DIR
  file:
    path: "{{ item }}"
    state: directory
-    owner: apache
-    group: apache
-    mode: 0777
-#    recurse: yes
+    owner: odcs-server
+    group: odcs-server
+    mode: 0644
+    recurse: yes
    follow: no
  with_items:
  - "{{ odcs_target_dir }}"
@ -78,7 +90,7 @@
  template:
    src: etc/odcs/config.py.j2
    dest: /etc/odcs/config.py
-    owner: odcs
+    owner: odcs-server
    group: apache
    mode: 0440
  notify:
@ -92,8 +104,8 @@
  template:
    src: etc/odcs/config.py.j2
    dest: /etc/odcs/config.py
-    owner: odcs
-    group: fedmsg
+    owner: odcs-server
+    group: odcs-server
    mode: 0440
  notify:
  - restart odcs-celery-backend
@ -106,8 +118,8 @@
  template:
    src: etc/odcs/raw_config_wrapper.conf.j2
    dest: /etc/odcs/raw_config_wrapper.conf
-    owner: odcs
-    group: fedmsg
+    owner: odcs-server
+    group: odcs-server
    mode: 0440
  notify:
  - restart odcs-celery-backend
@ -120,8 +132,8 @@
  template:
    src: etc/odcs/runroot_koji.conf.j2
    dest: /etc/odcs/runroot_koji.conf
-    owner: odcs
-    group: fedmsg
+    owner: odcs-server
+    group: odcs-server
    mode: 0440
  notify:
  - restart odcs-celery-backend
@ -142,8 +154,8 @@
  copy:
    src: "{{ roles_path }}/odcs/base/files/pungi.conf"
    dest: /etc/odcs/pungi.conf
-    owner: odcs
-    group: fedmsg
+    owner: odcs-server
+    group: odcs-server
    mode: 0640
  notify:
  - restart odcs-celery-backend
@ -156,8 +168,8 @@
  template:
    src: "etc/systemd/system/odcs-celery-backend.service.j2"
    dest: /etc/systemd/system/odcs-celery-backend.service
-    owner: odcs
-    group: fedmsg
+    owner: odcs-server
+    group: odcs-server
    mode: 0640
  notify:
  - restart odcs-celery-backend
@ -180,8 +192,8 @@
  template:
    src: "etc/systemd/system/odcs-celery-beat.service.j2"
    dest: /etc/systemd/system/odcs-celery-beat.service
-    owner: odcs
-    group: fedmsg
+    owner: odcs-server
+    group: odcs-server
    mode: 0640
  notify:
  - restart odcs-celery-beat
@ -194,8 +206,8 @@
  template:
    src: "fedora-messaging.toml.j2"
    dest: /etc/fedora-messaging/config.toml
-    owner: odcs
-    group: apache
+    owner: odcs-server
+    group: odcs-server
    mode: 0640
  tags:
  - odcs
@ -216,8 +228,8 @@
  copy:
    src: "{{ roles_path }}/odcs/base/files/tmpfiles.d/odcs-backend.conf"
    dest: /etc/tmpfiles.d/odcs-backend.conf
-    owner: odcs
-    group: fedmsg
+    owner: odcs-server
+    group: odcs-server
    mode: 0640
  notify:
  - restart odcs-celery-backend
@ -241,7 +253,7 @@
  copy:
    src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs-private-queue{{env_suffix}}.crt"
    dest: /etc/odcs/odcs-private-queue.crt
-    owner: odcs
+    owner: odcs-server
    group: apache
    mode: 0640
  tags:
@ -253,7 +265,7 @@
  copy:
    src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs-private-queue{{env_suffix}}.key"
    dest: /etc/odcs/odcs-private-queue.key
-    owner: odcs
+    owner: odcs-server
    group: apache
    mode: 0640
  tags:
@ -265,7 +277,7 @@
  copy:
    src: "{{private}}/files/rabbitmq/{{env}}/pki/issued/odcs{{env_suffix}}.crt"
    dest: /etc/odcs/odcs-rabbitmq.crt
-    owner: odcs
+    owner: odcs-server
    group: apache
    mode: 0640
  tags:
@ -277,7 +289,7 @@
  copy:
    src: "{{private}}/files/rabbitmq/{{env}}/pki/private/odcs{{env_suffix}}.key"
    dest: /etc/odcs/odcs-rabbitmq.key
-    owner: odcs
+    owner: odcs-server
    group: apache
    mode: 0640
  tags:
@ -289,7 +301,7 @@
  copy:
    src: "{{private}}/files/rabbitmq/{{env}}/pki/ca.crt"
    dest: /etc/odcs/ca.crt
-    owner: odcs
+    owner: odcs-server
    group: apache
    mode: 0640
  tags:
--- a/roles/odcs/base/templates/etc/systemd/system/odcs-celery-backend.service.j2
+++ b/roles/odcs/base/templates/etc/systemd/system/odcs-celery-backend.service.j2
@ -4,8 +4,8 @@ After=network.target remote-fs.target nss-lookup.target

 [Service]
 Type=forking
-User=odcs
-Group=fedmsg
+User=odcs-server
+Group=odcs-server
 WorkingDirectory=/tmp
 ExecStart=/bin/sh -c '/usr/bin/celery-3 multi start worker \
  -A odcs.server.celery_tasks --pidfile=/var/run/odcs-backend/%%n.pid \
--- a/roles/odcs/base/templates/etc/systemd/system/odcs-celery-beat.service.j2
+++ b/roles/odcs/base/templates/etc/systemd/system/odcs-celery-beat.service.j2
@ -4,8 +4,8 @@ After=network.target remote-fs.target nss-lookup.target

 [Service]
 Type=simple
-User=odcs
-Group=fedmsg
+User=odcs-server
+Group=odcs-server
 WorkingDirectory=/tmp
 ExecStart=/bin/sh -c '/usr/bin/celery-3 -A odcs.server.celery_tasks beat --loglevel=debug'

--- a/roles/odcs/frontend/tasks/main.yml
+++ b/roles/odcs/frontend/tasks/main.yml
@ -15,19 +15,6 @@
  - odcs/frontend
  - selinux

- name: create ODCS_TARGET_DIR
-  file:
-    path: "{{ odcs_target_dir }}"
-    state: directory
-    owner: apache
-    group: apache
-    mode: 0777
-#    recurse: yes
-    follow: no
-  tags:
-  -  odcs
-  -  odcs/frontend
-
 - name: generate the ODCS Apache config
  template:
    src: etc/httpd/conf.d/odcs.conf.j2
@ -80,18 +67,10 @@
  with_items:
  - odcs-manager upgradedb
  become: yes
-  become_user: odcs
+  become_user: odcs-server
  when: odcs_migrate_db
  tags:
  - odcs
  - odcs/frontend

-## THIS IS BROKEN BECAUSE fedora-messaging. and other things.
-# - name: install cron job for cleanup msg
-#   cron:
-#     name="Send ODCS cleanup message"
-#     job="/usr/bin/echo '{}'| fedmsg-logger --cert-prefix odcs --topic odcs.internal.msg --json-input"
-#   tags:
-#   - odcs
-#   - odcs/frontend

--- a/roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2
+++ b/roles/odcs/frontend/templates/etc/httpd/conf.d/odcs.conf.j2
@ -5,7 +5,7 @@ RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}
 {% endif %}

-WSGIDaemonProcess odcs user=apache group=apache processes={{wsgi_procs}} threads={{wsgi_threads}}
+WSGIDaemonProcess odcs user=odcs-server group=apache processes={{wsgi_procs}} threads={{wsgi_threads}}
 WSGIScriptAlias /{{ odcs_endpoint }} /usr/share/odcs/odcs.wsgi

 {% if env == 'staging' %}