opendev/system-config
Code Issues Proposed changes

Move elastic-recheck shell account out of /var/run

Browse Source 
* manifests/site.pp: Expect the SSH key in /home rather than in
/var/run.

* modules/elastic_recheck/manifests/init.pp: Change the recheck
shell account for elastic-recheck to use a homedir in /home.

Change-Id: I43f4a8cdcb803328388b7e92732e5cb9d6acb2a8
This commit is contained in:
Jeremy Stanley 2013-09-30 21:44:03 +00:00
parent d1bd696b56
commit fd832de552
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
manifests/site.pp
View File

@ -278,7 +278,7 @@ node 'logstash.openstack.org' {
'elasticsearch6.openstack.org:9200', 'elasticsearch6.openstack.org:9200',
], ],
# Config for elastic-recheck # Config for elastic-recheck
gerrit_ssh_private_key => '/etc/elastic-recheck/id_rsa', gerrit_ssh_private_key => '/home/recheck/.ssh/id_rsa',
gerrit_ssh_private_key_contents => hiera('elastic-recheck_gerrit_ssh_private_key'), gerrit_ssh_private_key_contents => hiera('elastic-recheck_gerrit_ssh_private_key'),
recheck_bot_nick => 'openstackrecheck', recheck_bot_nick => 'openstackrecheck',
recheck_bot_passwd => hiera('elastic-recheck_ircbot_password'), recheck_bot_passwd => hiera('elastic-recheck_ircbot_password'),

18
modules/elastic_recheck/manifests/init.pp
View File

@ -31,7 +31,7 @@ class elastic_recheck (
user { 'recheck': user { 'recheck':
ensure => present, ensure => present,
home => '/var/run/elastic-recheck', home => '/home/recheck',
shell => '/bin/false', shell => '/bin/false',
gid => 'recheck', gid => 'recheck',
require => Group['recheck'], require => Group['recheck'],
@ -115,6 +115,22 @@ class elastic_recheck (
], ],
} }
file { '/home/recheck':
ensure => directory,
mode => '0700',
owner => 'recheck',
group => 'recheck',
require => User['recheck'],
}
file { '/home/recheck/.ssh':
ensure => directory,
mode => '0700',
owner => 'recheck',
group => 'recheck',
require => User['recheck'],
}
file { $gerrit_ssh_private_key: file { $gerrit_ssh_private_key:
ensure => present, ensure => present,
mode => '0600', mode => '0600',