Browse Source

Switch lodgeit to run under a dedicated user

This updates the lodgeit paste service to run under a dedicated user. We
defer on updating the image to do this as we should coordinate with
vexxhost on how that will impact them. This should be fine though as
gerritbot updates proved we can run it this way.

Change-Id: I44d3c53a01be475db1bfa17200da0a4800f85628
changes/06/818606/1
Clark Boylan 6 months ago
parent
commit
e5081581d4
  1. 15
      playbooks/roles/lodgeit/tasks/main.yaml
  2. 1
      playbooks/roles/lodgeit/templates/docker-compose.yaml.j2

15
playbooks/roles/lodgeit/tasks/main.yaml

@ -1,3 +1,18 @@
- name: Create lodgeit group
group:
name: "lodgeit"
gid: "10100"
system: yes
- name: Create lodgeit user
user:
name: "lodgeit"
group: "lodgeit"
uid: "10100"
home: "/var/lib/lodgeit"
create_home: yes
shell: /bin/bash
system: yes
- name: Ensure /etc/lodgeit-compose directory
file:
state: directory

1
playbooks/roles/lodgeit/templates/docker-compose.yaml.j2

@ -25,6 +25,7 @@ services:
- mariadb
restart: always
network_mode: host
user: "10100:10100"
command: ['/bin/bash', '-c', 'echo "*** Starting"; sleep 30; /usr/local/bin/uwsgi']
logging:
driver: syslog

Loading…
Cancel
Save