Secure filesystem permissions for config file and data dir

This commit is contained in:
Denys Havrysh 2017-11-28 15:32:05 +02:00
parent 57d1d5b8c2
commit 72936c538f
2 changed files with 18 additions and 14 deletions

View file

@ -1,18 +1,19 @@
{% from slspath + "/map.jinja" import consul with context %} {%- from slspath + '/map.jinja' import consul with context -%}
consul-config: consul-config:
file.serialize: file.serialize:
- name: /etc/consul.d/config.json - name: /etc/consul.d/config.json
{% if consul.service != False %}
- watch_in:
- service: consul
{% endif %}
- user: consul
- group: consul
- require:
- user: consul
- formatter: json - formatter: json
- dataset: {{ consul.config }} - dataset: {{ consul.config }}
- user: {{ consul.user }}
- group: {{ consul.group }}
- mode: 0640
- require:
- user: consul-user
{%- if consul.service %}
- watch_in:
- service: consul
{%- endif %}
{% for script in consul.scripts %} {% for script in consul.scripts %}
consul-script-install-{{ loop.index }}: consul-script-install-{{ loop.index }}:
@ -36,7 +37,7 @@ consul-script-config:
- user: {{ consul.user }} - user: {{ consul.user }}
- group: {{ consul.group }} - group: {{ consul.group }}
- require: - require:
- user: consul - user: consul-user
- formatter: json - formatter: json
- dataset: - dataset:
services: {{ consul.register }} services: {{ consul.register }}

View file

@ -1,4 +1,4 @@
{% from slspath+"/map.jinja" import consul with context %} {%- from slspath + '/map.jinja' import consul with context -%}
consul-dep-unzip: consul-dep-unzip:
pkg.installed: pkg.installed:
@ -17,7 +17,8 @@ consul-group:
consul-user: consul-user:
user.present: user.present:
- name: {{ consul.user }} - name: {{ consul.user }}
- gid: {{ consul.group }} - groups:
- {{ consul.group }}
- createhome: False - createhome: False
- system: True - system: True
- require: - require:
@ -29,13 +30,15 @@ consul-config-dir:
- name: /etc/consul.d - name: /etc/consul.d
- user: {{ consul.user }} - user: {{ consul.user }}
- group: {{ consul.group }} - group: {{ consul.group }}
- mode: 0750
consul-data-dir: consul-data-dir:
file.directory: file.directory:
- name: {{ consul.config.data_dir }} - name: {{ consul.config.data_dir }}
- user: consul
- group: consul
- makedirs: True - makedirs: True
- user: {{ consul.user }}
- group: {{ consul.group }}
- mode: 0750
# Install agent # Install agent
consul-download: consul-download: