openstack-monasca-agent: various fixes

* Fixed enabling-disabling systemd service * Fixed permissions * Create rundir for tmpfiles (we need this because /run is mounted as tmpfs sometimes). * Write pid file in systemd service. * Create /sbin/rcopenstack-monasca-agent symlink on SUSE * Restricted sudoers file to just the privileges actually required by checks. Change-Id: I49a82805491235aa118b3d8482330b97dc232c01 Co-Authored-By: Thomas Bechtold <tbechtold@suse.com>
2017-04-07 10:53:35 +02:00 · 2017-04-07 10:53:35 +02:00 · 5cccfc040b
parent 96245d453c
commit 5cccfc040b
4 changed files with 30 additions and 4 deletions
--- a/openstack/monasca-agent/monasca-agent.spec.j2
+++ b/openstack/monasca-agent/monasca-agent.spec.j2
@ -27,6 +27,7 @@ Url:            https://wiki.openstack.org/wiki/Monasca
 Source0:        https://pypi.io/packages/source/m/%{sname}/%{sname}-%{version}.tar.gz
 Source1:        %{name}-sudoers
 Source2:        %{name}.service
+Source3:        openstack-monasca-agent.tmpfiles
 BuildRequires:  openstack-macros
 BuildRequires:  {{ py2pkg('PyYAML') }}
 BuildRequires:  {{ py2pkg('devel') }}
@ -117,31 +118,52 @@ install -d -m 750 %{buildroot}%{_prefix}/lib/monasca/agent/custom_detect.d

 # /var
 install -d -m 750  %{buildroot}%{_localstatedir}/log/%{sname}
-install -d -m 700  %{buildroot}%{_localstatedir}/run/%{sname}

 # sudoers configuration
 install -D -m 440 %{SOURCE1} %{buildroot}%{_sysconfdir}/sudoers.d/%{name}

 # systemd unit file
 install -D -m 644 %{SOURCE2} %{buildroot}%{_unitdir}/%{name}.service
+%if 0%{?suse_version}
+mkdir -p %{buildroot}%{_sbindir}
+ln -sr %{buildroot}%{_sbindir}/service %{buildroot}%{_sbindir}/rc%{name}
+%endif
+
+# systemd tmpfile
+install -D -m 644 %{SOURCE3} %{buildroot}/%{_tmpfilesdir}/openstack-monasca-agent.conf

 %pre
 # create user and groups
 %openstack_pre_user_group_create %{username} %{groupname}

+%post
+%tmpfiles_create %{_tmpfilesdir}/openstack-monasca-agent.conf
+%systemd_post %{name}.service
+
+%preun
+%systemd_preun %{name}.service
+
+%postun
+%systemd_postun %{name}.service
+
 %check
 find . -type f -name *.pyc -delete
 PYTHONPATH=. NOSE_EXCLUDE=test_override_values nosetests tests -v

 %files
-%defattr(-, %{username}, %{groupname})
 %dir %{_sysconfdir}/monasca
+%dir %attr(0750, %{username}, %{groupname}) %{_sysconfdir}/monasca/agent
+%dir %attr(0750, %{username}, %{groupname}) %{_sysconfdir}/monasca/agent/conf.d
+%_tmpfilesdir/openstack-monasca-agent.conf
 %config %{_sysconfdir}/monasca/agent
 %config %{_sysconfdir}/sudoers.d/%{name}
 %dir %{_prefix}/lib/monasca
 %{_prefix}/lib/monasca/agent
 %dir %{_localstatedir}/log/%{sname}
 %{_unitdir}/%{name}.service
+%if 0%{?suse_version}
+%{_sbindir}/rc%{name}
+%endif

 %files -n python-%{sname}
 %doc README.md
--- a/openstack/monasca-agent/openstack-monasca-agent-sudoers
+++ b/openstack/monasca-agent/openstack-monasca-agent-sudoers
@ -1 +1,4 @@
-monasca-agent ALL = (root) NOPASSWD:ALL
+# Needed for monasca_agent.collector.checks_d.swift_diags
+monasca-agent ALL = (root) NOPASSWD:/usr/local/bin/diagnostics /usr/local/bin/swift-checker
+# Needed for monasca_agent.collector.checks_d.postfix
+monasca-agent ALL = (root) NOPASSWD:NOEXEC:/usr/bin/find
--- a/openstack/monasca-agent/openstack-monasca-agent.service
+++ b/openstack/monasca-agent/openstack-monasca-agent.service
@ -6,7 +6,7 @@ Type=simple
 User=monasca-agent
 Group=monasca
 Restart=on-failure
-ExecStart=/usr/bin/supervisord -c /etc/monasca/agent/supervisor.conf -n
+ExecStart=/usr/bin/supervisord -c /etc/monasca/agent/supervisor.conf -n --pidfile /run/openstack-monasca-agent/monasca-agent-supervisord.pid

 [Install]
 WantedBy=multi-user.target
--- a/openstack/monasca-agent/openstack-monasca-agent.tmpfiles
+++ b/openstack/monasca-agent/openstack-monasca-agent.tmpfiles
@ -0,0 +1 @@
+d /run/openstack-monasca-agent 0700 monasca-agent monasca -
				`@ -0,0 +1 @@`
				`d /run/openstack-monasca-agent 0700 monasca-agent monasca -`