Infrastructure/ansible
3
0
Fork 0
Code Issues Pull requests 6 Projects Releases Packages Wiki Activity Actions

bodhi: Configure the backend to run as apache instead of the masher user.

Browse source
This commit is contained in:
Luke Macken 2016-03-21 19:43:07 +00:00
parent 5bcdc2e565
commit 94608f070d
2 changed files with 30 additions and 25 deletions
Download patch file Download diff file Expand all files Collapse all files

4
roles/bodhi2/backend/files/fedmsg-hub.conf
View file

@ -1,3 +1,3 @@
[Service] [Service]
User=masher User=apache
Group=masher Group=apache

51
roles/bodhi2/backend/tasks/main.yml
View file

@ -44,8 +44,13 @@
tags: tags:
- bodhi - bodhi
- name: add nrpe to the masher group so it can talk to the monitoring socket - name: add apache user to the masher group so it can talk to the monitoring socket
user: name=nrpe groups=masher append=yes user: name=apache groups=mock,ftpsync,masher append=yes
tags:
- bodhi
- name: add nrpe to the apache group so it can talk to the monitoring socket
user: name=nrpe groups=apache append=yes
tags: tags:
- fedmsgmonitor - fedmsgmonitor
- nagios/client - nagios/client
@ -65,15 +70,15 @@
- name: change owner and group attributes of bodhi.pem file - name: change owner and group attributes of bodhi.pem file
file: > file: >
path="/etc/pki/bodhi/bodhi.pem" path="/etc/pki/bodhi/bodhi.pem"
owner=masher owner=apache
group=masher group=apache
when: inventory_hostname.startswith('bodhi-backend') when: inventory_hostname.startswith('bodhi-backend')
tags: tags:
- bodhi - bodhi
- config - config
- name: change owner and group attributes of /var/log/bodhi directory - name: change owner and group attributes of /var/log/bodhi directory
file: path=/var/log/bodhi owner=masher group=masher file: path=/var/log/bodhi owner=apache group=apache
when: inventory_hostname.startswith('bodhi-backend') when: inventory_hostname.startswith('bodhi-backend')
tags: tags:
- bodhi - bodhi
@ -83,8 +88,8 @@
template: > template: >
src=mash.conf src=mash.conf
dest=/etc/bodhi/mash.conf dest=/etc/bodhi/mash.conf
owner=masher owner=apache
group=masher group=apache
mode=0640 mode=0640
tags: tags:
- config - config
@ -94,7 +99,7 @@
copy: > copy: >
src="{{ item }}" src="{{ item }}"
dest="/etc/bodhi/{{ item }}" dest="/etc/bodhi/{{ item }}"
owner=masher owner=apache
mode=0640 mode=0640
with_items: with_items:
- f21-updates.mash - f21-updates.mash
@ -256,7 +261,7 @@
# bodhi jobs, previously run by the TurboGears scheduler. # bodhi jobs, previously run by the TurboGears scheduler.
- name: bodhi-approve-testing cron job. - name: bodhi-approve-testing cron job.
cron: name="bodhi-approve-testing" hour="*/6" minute=0 user="masher" cron: name="bodhi-approve-testing" hour="*/6" minute=0 user="apache"
job="/usr/bin/bodhi-approve-testing /etc/bodhi/production.ini" job="/usr/bin/bodhi-approve-testing /etc/bodhi/production.ini"
cron_file=bodhi-approve-testing-job cron_file=bodhi-approve-testing-job
when: inventory_hostname.startswith('bodhi-backend02') and env == "production" when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
@ -266,7 +271,7 @@
- cron - cron
- name: bodhi-expire-overrides cron job. - name: bodhi-expire-overrides cron job.
cron: name="bodhi-expire-overrides" hour="*" minute=0 user="masher" cron: name="bodhi-expire-overrides" hour="*" minute=0 user="apache"
job="/usr/bin/bodhi-expire-overrides /etc/bodhi/production.ini" job="/usr/bin/bodhi-expire-overrides /etc/bodhi/production.ini"
cron_file=bodhi-expire-overrides-job cron_file=bodhi-expire-overrides-job
when: inventory_hostname.startswith('bodhi-backend02') and env == "production" when: inventory_hostname.startswith('bodhi-backend02') and env == "production"
@ -275,11 +280,11 @@
- bodhi - bodhi
- cron - cron
- name: have the masher own the bodhi config - name: have the apache own the bodhi config
file: > file: >
path="/etc/bodhi/production.ini" path="/etc/bodhi/production.ini"
owner=masher owner=apache
group=masher group=apache
when: inventory_hostname.startswith('bodhi') when: inventory_hostname.startswith('bodhi')
tags: tags:
- config - config
@ -297,7 +302,7 @@
- config - config
- bodhi - bodhi
- name: install a femdsg-hub.service drop-in to run it as the masher - name: install a femdsg-hub.service drop-in to run it as the apache
copy: > copy: >
src="fedmsg-hub.conf" src="fedmsg-hub.conf"
dest="/usr/lib/systemd/system/fedmsg-hub.service.d/fedmsg-hub.conf" dest="/usr/lib/systemd/system/fedmsg-hub.service.d/fedmsg-hub.conf"
@ -311,21 +316,21 @@
- bodhi - bodhi
- config - config
- name: have the masher own /var/cache/mash - name: have the apache own /var/cache/mash
file: > file: >
path="/var/cache/mash" path="/var/cache/mash"
owner=masher owner=apache
group=masher group=apache
when: inventory_hostname.startswith('bodhi-backend') when: inventory_hostname.startswith('bodhi-backend')
tags: tags:
- config - config
- bodhi - bodhi
- name: have the masher own /var/cache/bodhi because of course.. - name: have the apache own /var/cache/bodhi because of course..
file: > file: >
path="/var/cache/bodhi" path="/var/cache/bodhi"
owner=masher owner=apache
group=masher group=apache
when: inventory_hostname.startswith('bodhi-backend') when: inventory_hostname.startswith('bodhi-backend')
tags: tags:
- config - config
@ -335,7 +340,7 @@
file: > file: >
dest=/var/run/fedmsg dest=/var/run/fedmsg
mode=2775 mode=2775
owner=masher owner=apache
group=nrpe group=nrpe
state=directory state=directory
ignore_errors: true ignore_errors: true
@ -349,7 +354,7 @@
file: > file: >
dest=/var/run/fedmsg/monitoring-fedmsg-hub.socket dest=/var/run/fedmsg/monitoring-fedmsg-hub.socket
mode=0775 mode=0775
owner=masher owner=apache
group=nrpe group=nrpe
state=file state=file
ignore_errors: true ignore_errors: true
@ -361,7 +366,7 @@
template: > template: >
src=atomic-config.py.j2 src=atomic-config.py.j2
dest=/usr/lib/python2.7/site-packages/fedmsg_atomic_composer/config.py dest=/usr/lib/python2.7/site-packages/fedmsg_atomic_composer/config.py
owner=masher owner=apache
mode=0644 mode=0644
tags: tags:
- config - config