Add config option for executor process user
Also adds an 'executor' section to the configuration documentation. Also fixes an attribute name typo. Change-Id: I1f8387527e485d04ee3e22ba4673e9a0f02dd224
This commit is contained in:
parent
eb8564702c
commit
e7374204d3
|
@ -169,6 +169,29 @@ can be found on the :doc:`merger` page.
|
||||||
Path to PID lock file for the merger process.
|
Path to PID lock file for the merger process.
|
||||||
``pidfile=/var/run/zuul-merger/merger.pid``
|
``pidfile=/var/run/zuul-merger/merger.pid``
|
||||||
|
|
||||||
|
executor
|
||||||
|
""""""""
|
||||||
|
|
||||||
|
The zuul-executor process configuration.
|
||||||
|
|
||||||
|
**git_dir**
|
||||||
|
Directory that Zuul should clone local git repositories to.
|
||||||
|
``git_dir=/var/lib/zuul/git``
|
||||||
|
|
||||||
|
**log_config**
|
||||||
|
Path to log config file for the executor process.
|
||||||
|
``log_config=/etc/zuul/logging.yaml``
|
||||||
|
|
||||||
|
**private_key_file**
|
||||||
|
SSH private key file to be used when logging into worker nodes.
|
||||||
|
``private_key_file=~/.ssh/id_rsa``
|
||||||
|
|
||||||
|
**user**
|
||||||
|
User ID for the zuul-executor process. In normal operation as a daemon,
|
||||||
|
the executor should be started as the ``root`` user, but it will drop
|
||||||
|
privileges to this user during startup.
|
||||||
|
``user=zuul``
|
||||||
|
|
||||||
.. _connection:
|
.. _connection:
|
||||||
|
|
||||||
connection ArbitraryName
|
connection ArbitraryName
|
||||||
|
|
|
@ -39,9 +39,6 @@ import zuul.executor.server
|
||||||
# Similar situation with gear and statsd.
|
# Similar situation with gear and statsd.
|
||||||
|
|
||||||
|
|
||||||
# TODO(Shrews): Get this from the config file
|
|
||||||
USER = 'zuul'
|
|
||||||
|
|
||||||
FINGER_PORT = 79
|
FINGER_PORT = 79
|
||||||
|
|
||||||
|
|
||||||
|
@ -89,7 +86,7 @@ class Executor(zuul.cmd.ZuulApp):
|
||||||
|
|
||||||
self.log.info("Starting log streamer")
|
self.log.info("Starting log streamer")
|
||||||
streamer = zuul.lib.log_streamer.LogStreamer(
|
streamer = zuul.lib.log_streamer.LogStreamer(
|
||||||
USER, '0.0.0.0', FINGER_PORT, self.jobdir_root)
|
self.user, '0.0.0.0', FINGER_PORT, self.jobroot_dir)
|
||||||
|
|
||||||
# Keep running until the parent dies:
|
# Keep running until the parent dies:
|
||||||
pipe_read = os.fdopen(pipe_read)
|
pipe_read = os.fdopen(pipe_read)
|
||||||
|
@ -107,7 +104,7 @@ class Executor(zuul.cmd.ZuulApp):
|
||||||
'''
|
'''
|
||||||
if os.getuid() != 0:
|
if os.getuid() != 0:
|
||||||
return
|
return
|
||||||
pw = pwd.getpwnam(USER)
|
pw = pwd.getpwnam(self.user)
|
||||||
os.setgroups([])
|
os.setgroups([])
|
||||||
os.setgid(pw.pw_gid)
|
os.setgid(pw.pw_gid)
|
||||||
os.setuid(pw.pw_uid)
|
os.setuid(pw.pw_uid)
|
||||||
|
@ -116,12 +113,16 @@ class Executor(zuul.cmd.ZuulApp):
|
||||||
def main(self, daemon=True):
|
def main(self, daemon=True):
|
||||||
# See comment at top of file about zuul imports
|
# See comment at top of file about zuul imports
|
||||||
|
|
||||||
self.jobroot_dir = None
|
if self.config.has_option('executor', 'user'):
|
||||||
|
self.user = self.config.get('executor', 'user')
|
||||||
|
else:
|
||||||
|
self.user = 'zuul'
|
||||||
|
|
||||||
if self.config.has_option('zuul', 'jobroot_dir'):
|
if self.config.has_option('zuul', 'jobroot_dir'):
|
||||||
self.jobroot_dir = os.path.expanduser(
|
self.jobroot_dir = os.path.expanduser(
|
||||||
self.config.get('zuul', 'jobroot_dir'))
|
self.config.get('zuul', 'jobroot_dir'))
|
||||||
else:
|
else:
|
||||||
self.jobdir_root = tempfile.gettempdir()
|
self.jobroot_dir = tempfile.gettempdir()
|
||||||
|
|
||||||
self.setup_logging('executor', 'log_config')
|
self.setup_logging('executor', 'log_config')
|
||||||
self.log = logging.getLogger("zuul.Executor")
|
self.log = logging.getLogger("zuul.Executor")
|
||||||
|
|
Loading…
Reference in New Issue