Allow configure user and group for Consul service

This commit is contained in:
Denys Havrysh 2017-11-28 12:16:19 +02:00
parent 53250cd15b
commit 74f7fb4394
8 changed files with 54 additions and 21 deletions

View file

@ -21,8 +21,8 @@ consul-script-install-{{ loop.index }}:
- name: {{ script.name }}
- template: jinja
- context: {{ script.get('context', {}) | yaml }}
- user: consul
- group: consul
- user: {{ consul.user }}
- group: {{ consul.group }}
- mode: 0755
{% endfor %}
@ -33,8 +33,8 @@ consul-script-config:
- watch_in:
- service: consul
{% endif %}
- user: consul
- group: consul
- user: {{ consul.user }}
- group: {{ consul.group }}
- require:
- user: consul
- formatter: json

View file

@ -3,6 +3,10 @@ consul:
download_host: releases.hashicorp.com
service: false
user: consul
group: consul
config:
server: false
bind_addr: 0.0.0.0

View file

@ -8,7 +8,8 @@ Environment="GOMAXPROCS=2" "PATH=/usr/local/bin:/usr/bin:/bin"
ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d
ExecReload=/bin/kill -HUP $MAINPID
KillSignal=TERM
User=consul
User={{ user }}
Group={{ group }}
[Install]
WantedBy=multi-user.target

View file

@ -24,7 +24,6 @@
. /etc/rc.d/init.d/functions
prog="consul"
user="consul"
exec="/usr/local/bin/$prog"
pidfile="/var/run/$prog.pid"
lockfile="/var/lock/subsys/$prog"
@ -34,6 +33,9 @@ confdir="/etc/consul.d"
# pull in sysconfig settings
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
user=${CONSUL_USER:-consul}
group=${CONSUL_GROUP:-consul}
export GOMAXPROCS=${GOMAXPROCS:-2}
start() {
@ -44,7 +46,7 @@ start() {
umask 077
touch $logfile $pidfile
chown $user:$user $logfile $pidfile
chown "$user:$group" $logfile $pidfile
echo -n $"Starting $prog: "
@ -56,7 +58,7 @@ start() {
## owned by consul:consul, using -pid-file results in a permission error.
daemon \
--pidfile=$pidfile \
--user=consul \
--user="$user" \
" { $exec agent -config-dir=$confdir &>> $logfile & } ; echo \$! >| $pidfile "
RETVAL=$?

View file

@ -6,8 +6,8 @@ stop on runlevel [!2345]
respawn
script
if [ -f "/etc/service/consul" ]; then
. /etc/service/consul
if [ -f /etc/default/consul ]; then
. /etc/default/consul
fi
# Make sure to use all our CPUs, because Consul can block a scheduler thread
@ -16,7 +16,8 @@ script
# Get the public IP
BIND=`ifconfig eth0 | grep "inet addr" | awk '{ print substr($2,6) }'`
exec start-stop-daemon --start -c consul \
exec start-stop-daemon --start \
--chuid ${CONSUL_USER:-consul}:${CONSUL_GROUP:-consul} \
--exec /usr/local/bin/consul agent -- \
-config-dir="/etc/consul.d" \
${CONSUL_FLAGS} \

View file

@ -10,24 +10,25 @@ consul-bin-dir:
- makedirs: True
# Create consul user
consul-user:
consul-group:
group.present:
- name: consul
- name: {{ consul.group }}
consul-user:
user.present:
- name: consul
- createhome: false
- system: true
- groups:
- consul
- name: {{ consul.user }}
- gid: {{ consul.group }}
- createhome: False
- system: True
- require:
- group: consul
- group: consul-group
# Create directories
consul-config-dir:
file.directory:
- name: /etc/consul.d
- user: consul
- group: consul
- user: {{ consul.user }}
- group: {{ consul.group }}
consul-data-dir:
file.directory:

View file

@ -1,10 +1,29 @@
{%- from slspath+"/map.jinja" import consul with context -%}
consul-init-env:
file.managed:
{%- if grains['os_family'] == 'Debian' %}
- name: /etc/default/consul
{%- else %}
- name: /etc/sysconfig/consul
- makedirs: True
{%- endif %}
- user: root
- group: root
- mode: 0644
- contents:
- CONSUL_USER={{ consul.user }}
- CONSUL_GROUP={{ consul.group }}
consul-init-file:
file.managed:
{%- if salt['test.provider']('service') == 'systemd' %}
- source: salt://{{ slspath }}/files/consul.service
- name: /etc/systemd/system/consul.service
- template: jinja
- context:
user: {{ consul.user }}
group: {{ consul.group }}
- mode: 0644
{%- elif salt['test.provider']('service') == 'upstart' %}
- source: salt://{{ slspath }}/files/consul.upstart
@ -23,6 +42,7 @@ consul-service:
- name: consul
- enable: True
- watch:
- file: consul-init-env
- file: consul-init-file
{%- endif %}

View file

@ -2,6 +2,10 @@ consul:
# Start Consul agent service and enable it at boot time
service: True
# Set user and group for Consul config files and running service
user: consul
group: consul
config:
server: True
bind_addr: 0.0.0.0