From b0cc0ccb14c7a46c96aabac203917528d1e8f78d Mon Sep 17 00:00:00 2001 From: Craig Bryant Date: Wed, 6 May 2015 11:41:28 -0600 Subject: [PATCH] Change the default agent user to mon-agent Changed some places to templates to make it possible to change agent user using monasca_setup. There is one place that it is still hard coded The deb creation now uses a hardcoded mon-agent user instead of monasca-agent Change-Id: I8f2ee8903289d74c0397ccf911701c89e7a1b691 --- docs/Agent.md | 2 +- monasca_agent/collector/checks_d/postfix.py | 4 ++-- monasca_setup/detection/plugins/postfix.py | 3 ++- monasca_setup/main.py | 4 ++-- monasca_setup/service/linux.py | 9 +++++---- packaging/monasca-agent-deb/monasca-agent.init | 2 +- packaging/monasca-agent-deb/postinst | 7 ++++--- packaging/monasca-agent-deb/postrm | 2 +- packaging/monasca-agent-deb/supervisor.conf | 6 +++--- packaging/monasca-agent.init.template | 2 +- packaging/supervisor.conf.template | 6 +++--- 11 files changed, 25 insertions(+), 22 deletions(-) diff --git a/docs/Agent.md b/docs/Agent.md index 53d3ed72..cfe35838 100644 --- a/docs/Agent.md +++ b/docs/Agent.md @@ -34,7 +34,7 @@ The Agent is composed of the following components: | Component Name | Process Name | Description | | -------------- | ------------ | ----------- | -| Supervisor | supervisord | Runs as root, launches all other processes as the "monasca-agent" user. This process manages the lifecycle of the Collector, Forwarder and Statsd Daemon. It allows Start, Stop and Restart of all the agent processes together. | +| Supervisor | supervisord | Runs as root, launches all other processes as the user configured to run monasca-agent. This process manages the lifecycle of the Collector, Forwarder and Statsd Daemon. It allows Start, Stop and Restart of all the agent processes together. | | Collector | monasca-collector | Gathers system & application metrics on a configurable interval and sends them to the Forwarder process. The collector runs various plugins for collection of different plugins.| | Forwarder | monasca-forwarder | Gathers data from the collector and statsd and submits it to Monasca API over SSL (tcp/17123) | | Statsd Daemon | monasca-statsd | Statsd engine capable of handling dimensions associated with metrics submitted by a client that supports them. Also supports metrics from the standard statsd client. (udp/8125) | diff --git a/monasca_agent/collector/checks_d/postfix.py b/monasca_agent/collector/checks_d/postfix.py index 921e8eb8..95930233 100644 --- a/monasca_agent/collector/checks_d/postfix.py +++ b/monasca_agent/collector/checks_d/postfix.py @@ -10,8 +10,8 @@ class PostfixCheck(AgentCheck): WARNING: the user that monasca-agent runs as must have sudo access for the 'find' command sudo access is not required when running monasca-agent as root (not recommended) - example /etc/sudoers entry: - monasca-agent ALL=(ALL) NOPASSWD:/usr/bin/find + example /etc/sudoers entry (assumes monasca-agent runs as user mon-agent): + mon-agent ALL=(ALL) NOPASSWD:/usr/bin/find YAML config options: "directory" - the value of 'postconf -h queue_directory' diff --git a/monasca_setup/detection/plugins/postfix.py b/monasca_setup/detection/plugins/postfix.py index 301fd8f7..9d2cda3d 100644 --- a/monasca_setup/detection/plugins/postfix.py +++ b/monasca_setup/detection/plugins/postfix.py @@ -17,7 +17,8 @@ class Postfix(monasca_setup.detection.Plugin): """ if monasca_setup.detection.find_process_cmdline('postfix') is not None: # Test for sudo access - test_sudo = os.system('sudo -l -U monasca-agent find /var/spool/postfix/incoming -type f > /dev/null') + # TODO: don't hardcode the user. Need to get it from the arguments to monasca_setup + test_sudo = os.system('sudo -l -U mon-agent find /var/spool/postfix/incoming -type f > /dev/null') if test_sudo != 0: log.info("Postfix found but the required sudo access is not configured.\n\t" + "Refer to plugin documentation for more detail") diff --git a/monasca_setup/main.py b/monasca_setup/main.py index cd782ee6..ceccc32c 100644 --- a/monasca_setup/main.py +++ b/monasca_setup/main.py @@ -88,7 +88,7 @@ def main(argv=None): parser.add_argument('--skip_enable', help="By default the service is enabled, " + "which requires the script run as root. Set this to skip that step.", action="store_true") - parser.add_argument('--user', help="User name to run monasca-agent as", default='monasca-agent') + parser.add_argument('--user', help="User name to run monasca-agent as", default='mon-agent') parser.add_argument('-s', '--service', help="Service this node is associated with, added as a dimension.") parser.add_argument('--amplifier', help="Integer for the number of additional measurements to create. " + "Additional measurements contain the 'amplifier' dimension. " + @@ -133,7 +133,7 @@ def main(argv=None): # Write the supervisor.conf write_template(os.path.join(args.template_dir, 'supervisor.conf.template'), os.path.join(args.config_dir, 'supervisor.conf'), - {'prefix': PREFIX_DIR, 'log_dir': args.log_dir}, + {'prefix': PREFIX_DIR, 'log_dir': args.log_dir, 'monasca_user': args.user}, gid) # Run through detection and config building for the plugins diff --git a/monasca_setup/service/linux.py b/monasca_setup/service/linux.py index cc8475fd..2c66bac5 100644 --- a/monasca_setup/service/linux.py +++ b/monasca_setup/service/linux.py @@ -18,7 +18,7 @@ class LinuxInit(service.Service): def enable(self): """ Does user/group directory creation. """ - # Create monasca-agent user/group if needed + # Create user/group if needed try: user = pwd.getpwnam(self.username) except KeyError: @@ -108,7 +108,7 @@ class Systemd(LinuxInit): class SysV(LinuxInit): - def __init__(self, prefix_dir, config_dir, log_dir, template_dir, name='monasca-agent', username='monasca-agent'): + def __init__(self, prefix_dir, config_dir, log_dir, template_dir, username, name='monasca-agent'): """Setup this service with the given init template. """ @@ -125,7 +125,8 @@ class SysV(LinuxInit): # Write the init script and enable. with open(self.init_template, 'r') as template: with open(self.init_script, 'w') as conf: - conf.write(template.read().format(prefix=self.prefix_dir, config_dir=self.config_dir)) + conf.write(template.read().format(prefix=self.prefix_dir, monasca_user=self.username, + config_dir=self.config_dir)) os.chown(self.init_script, 0, 0) os.chmod(self.init_script, 0755) @@ -170,4 +171,4 @@ class SysV(LinuxInit): if len(glob.glob('/etc/rc?.d/S??monasca-agent')) > 0: return True else: - return False \ No newline at end of file + return False diff --git a/packaging/monasca-agent-deb/monasca-agent.init b/packaging/monasca-agent-deb/monasca-agent.init index 9c94e901..5a687497 100755 --- a/packaging/monasca-agent-deb/monasca-agent.init +++ b/packaging/monasca-agent-deb/monasca-agent.init @@ -17,7 +17,7 @@ export PYTHONPATH=$PYTHONPATH:/usr/monasca/agent/ AGENTPATH="/usr/local/bin/monasca-collector" AGENTCONF="/etc/monasca/agent/agent.yaml" MONASCASTATSDPATH="/usr/local/bin/monasca-statsd" -AGENTUSER="monasca-agent" +AGENTUSER="mon-agent" FORWARDERPATH="/usr/local/bin/monasca-forwarder" NAME="monasca-agent" DESC="Monasca Monitoring Agent" diff --git a/packaging/monasca-agent-deb/postinst b/packaging/monasca-agent-deb/postinst index 58974e80..d8919e9f 100644 --- a/packaging/monasca-agent-deb/postinst +++ b/packaging/monasca-agent-deb/postinst @@ -4,12 +4,13 @@ set -e case "$1" in configure) + AGENT_USER=mon-agent update-rc.d monasca-agent defaults - adduser --system monasca-agent --disabled-login --shell /bin/sh --no-create-home --quiet + adduser --system ${AGENT_USER} --disabled-login --shell /bin/sh --no-create-home --quiet usermod -d /usr/share/monasca/agent monasca-agent chown root:root /etc/init.d/monasca-agent - chown -R monasca-agent:root /etc/monasca/agent - chown -R monasca-agent:root /var/log/monasca/agent + chown -R ${AGENT_USER}:root /etc/monasca/agent + chown -R ${AGENT_USER}:root /var/log/monasca/agent chown -R root:root /usr/share/monasca/agent chown -h root:root /usr/bin/monasca-statsd chown -h root:root /usr/bin/monasca-collector diff --git a/packaging/monasca-agent-deb/postrm b/packaging/monasca-agent-deb/postrm index f2697500..05a98435 100644 --- a/packaging/monasca-agent-deb/postrm +++ b/packaging/monasca-agent-deb/postrm @@ -3,7 +3,7 @@ set -e if [ "$1" = purge ]; then update-rc.d monasca-agent remove - deluser monasca-agent + deluser mon-agent fi exit 0 diff --git a/packaging/monasca-agent-deb/supervisor.conf b/packaging/monasca-agent-deb/supervisor.conf index 260c1cd5..aef10e0a 100644 --- a/packaging/monasca-agent-deb/supervisor.conf +++ b/packaging/monasca-agent-deb/supervisor.conf @@ -24,7 +24,7 @@ stdout_logfile=NONE stderr_logfile=NONE priority=999 startsecs=2 -user=monasca-agent +user=mon-agent environment=LC_ALL=POSIX,PYTHONPATH='/usr/share/monasca/agent:$PYTHONPATH' [program:forwarder] @@ -33,7 +33,7 @@ stdout_logfile=NONE stderr_logfile=NONE startsecs=3 priority=998 -user=monasca-agent +user=mon-agent [program:statsd] command=/usr/bin/monasca-statsd @@ -41,7 +41,7 @@ stdout_logfile=NONE stderr_logfile=NONE startsecs=3 priority=998 -user=monasca-agent +user=mon-agent [group:monasca-agent] programs=forwarder,collector,statsd diff --git a/packaging/monasca-agent.init.template b/packaging/monasca-agent.init.template index 61d3daa0..76c9e583 100755 --- a/packaging/monasca-agent.init.template +++ b/packaging/monasca-agent.init.template @@ -16,7 +16,7 @@ PATH=$PATH:/sbin AGENTPATH="{prefix}/bin/monasca-collector" AGENTCONF="{config_dir}/agent.yaml" MONASCASTATSDPATH="{prefix}/bin/monasca-statsd" -AGENTUSER="monasca-agent" +AGENTUSER="{monasca_user}" FORWARDERPATH="{prefix}/bin/monasca-forwarder" NAME="monasca-agent" DESC="Monasca Monitoring Agent" diff --git a/packaging/supervisor.conf.template b/packaging/supervisor.conf.template index b43f184d..9ef7c531 100644 --- a/packaging/supervisor.conf.template +++ b/packaging/supervisor.conf.template @@ -23,7 +23,7 @@ stdout_logfile=NONE stderr_logfile=NONE priority=999 startsecs=2 -user=monasca-agent +user={monasca_user} autorestart=true [program:forwarder] @@ -32,7 +32,7 @@ stdout_logfile=NONE stderr_logfile=NONE startsecs=3 priority=998 -user=monasca-agent +user={monasca_user} autorestart=true [program:statsd] @@ -41,7 +41,7 @@ stdout_logfile=NONE stderr_logfile=NONE startsecs=3 priority=998 -user=monasca-agent +user={monasca_user} autorestart=true [group:monasca-agent]