Secure filesystem permissions for config file and data dir
This commit is contained in:
parent
57d1d5b8c2
commit
72936c538f
2 changed files with 18 additions and 14 deletions
|
@ -1,18 +1,19 @@
|
|||
{% from slspath + "/map.jinja" import consul with context %}
|
||||
{%- from slspath + '/map.jinja' import consul with context -%}
|
||||
|
||||
consul-config:
|
||||
file.serialize:
|
||||
- name: /etc/consul.d/config.json
|
||||
{% if consul.service != False %}
|
||||
- watch_in:
|
||||
- service: consul
|
||||
{% endif %}
|
||||
- user: consul
|
||||
- group: consul
|
||||
- require:
|
||||
- user: consul
|
||||
- formatter: json
|
||||
- dataset: {{ consul.config }}
|
||||
- user: {{ consul.user }}
|
||||
- group: {{ consul.group }}
|
||||
- mode: 0640
|
||||
- require:
|
||||
- user: consul-user
|
||||
{%- if consul.service %}
|
||||
- watch_in:
|
||||
- service: consul
|
||||
{%- endif %}
|
||||
|
||||
{% for script in consul.scripts %}
|
||||
consul-script-install-{{ loop.index }}:
|
||||
|
@ -36,7 +37,7 @@ consul-script-config:
|
|||
- user: {{ consul.user }}
|
||||
- group: {{ consul.group }}
|
||||
- require:
|
||||
- user: consul
|
||||
- user: consul-user
|
||||
- formatter: json
|
||||
- dataset:
|
||||
services: {{ consul.register }}
|
||||
|
|
|
@ -1,4 +1,4 @@
|
|||
{% from slspath+"/map.jinja" import consul with context %}
|
||||
{%- from slspath + '/map.jinja' import consul with context -%}
|
||||
|
||||
consul-dep-unzip:
|
||||
pkg.installed:
|
||||
|
@ -17,7 +17,8 @@ consul-group:
|
|||
consul-user:
|
||||
user.present:
|
||||
- name: {{ consul.user }}
|
||||
- gid: {{ consul.group }}
|
||||
- groups:
|
||||
- {{ consul.group }}
|
||||
- createhome: False
|
||||
- system: True
|
||||
- require:
|
||||
|
@ -29,13 +30,15 @@ consul-config-dir:
|
|||
- name: /etc/consul.d
|
||||
- user: {{ consul.user }}
|
||||
- group: {{ consul.group }}
|
||||
- mode: 0750
|
||||
|
||||
consul-data-dir:
|
||||
file.directory:
|
||||
- name: {{ consul.config.data_dir }}
|
||||
- user: consul
|
||||
- group: consul
|
||||
- makedirs: True
|
||||
- user: {{ consul.user }}
|
||||
- group: {{ consul.group }}
|
||||
- mode: 0750
|
||||
|
||||
# Install agent
|
||||
consul-download:
|
||||
|
|
Loading…
Reference in a new issue