From e5081581d4d3b8ffb9fa66ead15bef13706d9825 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Fri, 19 Nov 2021 09:11:38 -0800 Subject: [PATCH] Switch lodgeit to run under a dedicated user This updates the lodgeit paste service to run under a dedicated user. We defer on updating the image to do this as we should coordinate with vexxhost on how that will impact them. This should be fine though as gerritbot updates proved we can run it this way. Change-Id: I44d3c53a01be475db1bfa17200da0a4800f85628 --- playbooks/roles/lodgeit/tasks/main.yaml | 15 +++++++++++++++ .../lodgeit/templates/docker-compose.yaml.j2 | 1 + 2 files changed, 16 insertions(+) diff --git a/playbooks/roles/lodgeit/tasks/main.yaml b/playbooks/roles/lodgeit/tasks/main.yaml index a172aa569b..26422a63e2 100644 --- a/playbooks/roles/lodgeit/tasks/main.yaml +++ b/playbooks/roles/lodgeit/tasks/main.yaml @@ -1,3 +1,18 @@ +- name: Create lodgeit group + group: + name: "lodgeit" + gid: "10100" + system: yes +- name: Create lodgeit user + user: + name: "lodgeit" + group: "lodgeit" + uid: "10100" + home: "/var/lib/lodgeit" + create_home: yes + shell: /bin/bash + system: yes + - name: Ensure /etc/lodgeit-compose directory file: state: directory diff --git a/playbooks/roles/lodgeit/templates/docker-compose.yaml.j2 b/playbooks/roles/lodgeit/templates/docker-compose.yaml.j2 index f917ec255d..d59c13406d 100644 --- a/playbooks/roles/lodgeit/templates/docker-compose.yaml.j2 +++ b/playbooks/roles/lodgeit/templates/docker-compose.yaml.j2 @@ -25,6 +25,7 @@ services: - mariadb restart: always network_mode: host + user: "10100:10100" command: ['/bin/bash', '-c', 'echo "*** Starting"; sleep 30; /usr/local/bin/uwsgi'] logging: driver: syslog