openstack-monasca-agent: various fixes
* Fixed enabling-disabling systemd service * Fixed permissions * Create rundir for tmpfiles (we need this because /run is mounted as tmpfs sometimes). * Write pid file in systemd service. * Create /sbin/rcopenstack-monasca-agent symlink on SUSE * Restricted sudoers file to just the privileges actually required by checks. Change-Id: I49a82805491235aa118b3d8482330b97dc232c01 Co-Authored-By: Thomas Bechtold <tbechtold@suse.com>
This commit is contained in:
parent
96245d453c
commit
5cccfc040b
|
@ -27,6 +27,7 @@ Url: https://wiki.openstack.org/wiki/Monasca
|
|||
Source0: https://pypi.io/packages/source/m/%{sname}/%{sname}-%{version}.tar.gz
|
||||
Source1: %{name}-sudoers
|
||||
Source2: %{name}.service
|
||||
Source3: openstack-monasca-agent.tmpfiles
|
||||
BuildRequires: openstack-macros
|
||||
BuildRequires: {{ py2pkg('PyYAML') }}
|
||||
BuildRequires: {{ py2pkg('devel') }}
|
||||
|
@ -117,31 +118,52 @@ install -d -m 750 %{buildroot}%{_prefix}/lib/monasca/agent/custom_detect.d
|
|||
|
||||
# /var
|
||||
install -d -m 750 %{buildroot}%{_localstatedir}/log/%{sname}
|
||||
install -d -m 700 %{buildroot}%{_localstatedir}/run/%{sname}
|
||||
|
||||
# sudoers configuration
|
||||
install -D -m 440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers.d/%{name}
|
||||
|
||||
# systemd unit file
|
||||
install -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
|
||||
%if 0%{?suse_version}
|
||||
mkdir -p %{buildroot}%{_sbindir}
|
||||
ln -sr %{buildroot}%{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
|
||||
%endif
|
||||
|
||||
# systemd tmpfile
|
||||
install -D -m 644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/openstack-monasca-agent.conf
|
||||
|
||||
%pre
|
||||
# create user and groups
|
||||
%openstack_pre_user_group_create %{username} %{groupname}
|
||||
|
||||
%post
|
||||
%tmpfiles_create %{_tmpfilesdir}/openstack-monasca-agent.conf
|
||||
%systemd_post %{name}.service
|
||||
|
||||
%preun
|
||||
%systemd_preun %{name}.service
|
||||
|
||||
%postun
|
||||
%systemd_postun %{name}.service
|
||||
|
||||
%check
|
||||
find . -type f -name *.pyc -delete
|
||||
PYTHONPATH=. NOSE_EXCLUDE=test_override_values nosetests tests -v
|
||||
|
||||
%files
|
||||
%defattr(-, %{username}, %{groupname})
|
||||
%dir %{_sysconfdir}/monasca
|
||||
%dir %attr(0750, %{username}, %{groupname}) %{_sysconfdir}/monasca/agent
|
||||
%dir %attr(0750, %{username}, %{groupname}) %{_sysconfdir}/monasca/agent/conf.d
|
||||
%_tmpfilesdir/openstack-monasca-agent.conf
|
||||
%config %{_sysconfdir}/monasca/agent
|
||||
%config %{_sysconfdir}/sudoers.d/%{name}
|
||||
%dir %{_prefix}/lib/monasca
|
||||
%{_prefix}/lib/monasca/agent
|
||||
%dir %{_localstatedir}/log/%{sname}
|
||||
%{_unitdir}/%{name}.service
|
||||
%if 0%{?suse_version}
|
||||
%{_sbindir}/rc%{name}
|
||||
%endif
|
||||
|
||||
%files -n python-%{sname}
|
||||
%doc README.md
|
||||
|
|
|
@ -1 +1,4 @@
|
|||
monasca-agent ALL = (root) NOPASSWD:ALL
|
||||
# Needed for monasca_agent.collector.checks_d.swift_diags
|
||||
monasca-agent ALL = (root) NOPASSWD:/usr/local/bin/diagnostics /usr/local/bin/swift-checker
|
||||
# Needed for monasca_agent.collector.checks_d.postfix
|
||||
monasca-agent ALL = (root) NOPASSWD:NOEXEC:/usr/bin/find
|
||||
|
|
|
@ -6,7 +6,7 @@ Type=simple
|
|||
User=monasca-agent
|
||||
Group=monasca
|
||||
Restart=on-failure
|
||||
ExecStart=/usr/bin/supervisord -c /etc/monasca/agent/supervisor.conf -n
|
||||
ExecStart=/usr/bin/supervisord -c /etc/monasca/agent/supervisor.conf -n --pidfile /run/openstack-monasca-agent/monasca-agent-supervisord.pid
|
||||
|
||||
[Install]
|
||||
WantedBy=multi-user.target
|
||||
|
|
|
@ -0,0 +1 @@
|
|||
d /run/openstack-monasca-agent 0700 monasca-agent monasca -
|
Loading…
Reference in New Issue