setting correct perms on pass files for unison

2014-01-09 11:32:21 +01:00
parent 09911cfeb4
commit a16b94c3ea
2 changed files with 9 additions and 4 deletions
--- a/hooks/rabbit_utils.py
+++ b/hooks/rabbit_utils.py
@@ -16,6 +16,7 @@ COOKIE_PATH = '/var/lib/rabbitmq/.erlang.cookie'
 ENV_CONF = '/etc/rabbitmq/rabbitmq-env.conf'
 RABBITMQ_CONF = '/etc/rabbitmq/rabbitmq.config'
 SSH_USER = 'juju_rabbit'
+RABBIT_USER = 'rabbitmq'
 LIB_PATH = '/var/lib/rabbitmq/'


@@ -229,6 +230,7 @@ def synchronize_service_credentials():
    peers = cluster.peer_units()
    if peers and not cluster.oldest_peer(peers):
        utils.juju_log('INFO', 'Deferring action to oldest service unit.')
+        return

    utils.juju_log('INFO', 'Synchronizing service passwords to all peers.')
    unison.sync_to_peers(peer_interface='cluster',
--- a/hooks/rabbitmq_server_relations.py
+++ b/hooks/rabbitmq_server_relations.py
@@ -34,8 +34,8 @@ def install():

    # ensure user + permissions for peer relations that
    # may be syncing data there via SSH_USER.
-    unison.ensure_user(user=rabbit.SSH_USER, group='rabbit')
-    rabbit.execute("chmod -R u+wrx %s" % rabbit.LIB_PATH)
+    unison.ensure_user(user=rabbit.SSH_USER, group=rabbit.RABBIT_USER)
+    rabbit.execute("chmod g+wrx %s" % rabbit.LIB_PATH)


 def amqp_changed(relation_id=None, remote_unit=None, needs_leader=True):
@@ -59,6 +59,9 @@ def amqp_changed(relation_id=None, remote_unit=None, needs_leader=True):
        password = subprocess.check_output(cmd).strip()
        with open(password_file, 'wb') as out:
            out.write(password)
+        # assign current user and permissions
+        rabbit.execute("chmod g+wrx %s" % password_file)
+        rabbit.execute("chown %s:%s %s" % rabbit.RABBIT_USER, rabbit.RABBIT_USER, password_file)

    rabbit.create_vhost(vhost)
    rabbit.create_user(rabbit_user, password)
@@ -290,7 +293,7 @@ def update_nrpe_checks():

    nrpe_compat = NRPE()
    nrpe_compat.add_check(
-        shortname='rabbitmq',
+        shortname=rabbit.RABBIT_USER,
        description='Check RabbitMQ',
        check_cmd='{}/check_rabbitmq.py --user {} --password {} --vhost {}'
                  ''.format(NAGIOS_PLUGINS, user, password, vhost)
@@ -317,7 +320,7 @@ MAN_PLUGIN = 'rabbitmq_management'

 def config_changed():
    unison.ensure_user(user=rabbit.SSH_USER, group='rabbit')
-    rabbit.execute("chmod -R u+wrx %s" % rabbit.LIB_PATH)
+    rabbit.execute("chmod g+wrx %s" % rabbit.LIB_PATH)

    if utils.config_get('management_plugin') is True:
        rabbit.enable_plugin(MAN_PLUGIN)