Allow configure user and group for Consul service
This commit is contained in:
parent
53250cd15b
commit
74f7fb4394
8 changed files with 54 additions and 21 deletions
|
@ -21,8 +21,8 @@ consul-script-install-{{ loop.index }}:
|
||||||
- name: {{ script.name }}
|
- name: {{ script.name }}
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- context: {{ script.get('context', {}) | yaml }}
|
- context: {{ script.get('context', {}) | yaml }}
|
||||||
- user: consul
|
- user: {{ consul.user }}
|
||||||
- group: consul
|
- group: {{ consul.group }}
|
||||||
- mode: 0755
|
- mode: 0755
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
|
@ -33,8 +33,8 @@ consul-script-config:
|
||||||
- watch_in:
|
- watch_in:
|
||||||
- service: consul
|
- service: consul
|
||||||
{% endif %}
|
{% endif %}
|
||||||
- user: consul
|
- user: {{ consul.user }}
|
||||||
- group: consul
|
- group: {{ consul.group }}
|
||||||
- require:
|
- require:
|
||||||
- user: consul
|
- user: consul
|
||||||
- formatter: json
|
- formatter: json
|
||||||
|
|
|
@ -3,6 +3,10 @@ consul:
|
||||||
download_host: releases.hashicorp.com
|
download_host: releases.hashicorp.com
|
||||||
|
|
||||||
service: false
|
service: false
|
||||||
|
|
||||||
|
user: consul
|
||||||
|
group: consul
|
||||||
|
|
||||||
config:
|
config:
|
||||||
server: false
|
server: false
|
||||||
bind_addr: 0.0.0.0
|
bind_addr: 0.0.0.0
|
||||||
|
|
|
@ -8,7 +8,8 @@ Environment="GOMAXPROCS=2" "PATH=/usr/local/bin:/usr/bin:/bin"
|
||||||
ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d
|
ExecStart=/usr/local/bin/consul agent -config-dir=/etc/consul.d
|
||||||
ExecReload=/bin/kill -HUP $MAINPID
|
ExecReload=/bin/kill -HUP $MAINPID
|
||||||
KillSignal=TERM
|
KillSignal=TERM
|
||||||
User=consul
|
User={{ user }}
|
||||||
|
Group={{ group }}
|
||||||
|
|
||||||
[Install]
|
[Install]
|
||||||
WantedBy=multi-user.target
|
WantedBy=multi-user.target
|
||||||
|
|
|
@ -24,7 +24,6 @@
|
||||||
. /etc/rc.d/init.d/functions
|
. /etc/rc.d/init.d/functions
|
||||||
|
|
||||||
prog="consul"
|
prog="consul"
|
||||||
user="consul"
|
|
||||||
exec="/usr/local/bin/$prog"
|
exec="/usr/local/bin/$prog"
|
||||||
pidfile="/var/run/$prog.pid"
|
pidfile="/var/run/$prog.pid"
|
||||||
lockfile="/var/lock/subsys/$prog"
|
lockfile="/var/lock/subsys/$prog"
|
||||||
|
@ -34,6 +33,9 @@ confdir="/etc/consul.d"
|
||||||
# pull in sysconfig settings
|
# pull in sysconfig settings
|
||||||
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
|
[ -e /etc/sysconfig/$prog ] && . /etc/sysconfig/$prog
|
||||||
|
|
||||||
|
user=${CONSUL_USER:-consul}
|
||||||
|
group=${CONSUL_GROUP:-consul}
|
||||||
|
|
||||||
export GOMAXPROCS=${GOMAXPROCS:-2}
|
export GOMAXPROCS=${GOMAXPROCS:-2}
|
||||||
|
|
||||||
start() {
|
start() {
|
||||||
|
@ -44,7 +46,7 @@ start() {
|
||||||
umask 077
|
umask 077
|
||||||
|
|
||||||
touch $logfile $pidfile
|
touch $logfile $pidfile
|
||||||
chown $user:$user $logfile $pidfile
|
chown "$user:$group" $logfile $pidfile
|
||||||
|
|
||||||
echo -n $"Starting $prog: "
|
echo -n $"Starting $prog: "
|
||||||
|
|
||||||
|
@ -56,7 +58,7 @@ start() {
|
||||||
## owned by consul:consul, using -pid-file results in a permission error.
|
## owned by consul:consul, using -pid-file results in a permission error.
|
||||||
daemon \
|
daemon \
|
||||||
--pidfile=$pidfile \
|
--pidfile=$pidfile \
|
||||||
--user=consul \
|
--user="$user" \
|
||||||
" { $exec agent -config-dir=$confdir &>> $logfile & } ; echo \$! >| $pidfile "
|
" { $exec agent -config-dir=$confdir &>> $logfile & } ; echo \$! >| $pidfile "
|
||||||
|
|
||||||
RETVAL=$?
|
RETVAL=$?
|
||||||
|
|
|
@ -6,8 +6,8 @@ stop on runlevel [!2345]
|
||||||
respawn
|
respawn
|
||||||
|
|
||||||
script
|
script
|
||||||
if [ -f "/etc/service/consul" ]; then
|
if [ -f /etc/default/consul ]; then
|
||||||
. /etc/service/consul
|
. /etc/default/consul
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Make sure to use all our CPUs, because Consul can block a scheduler thread
|
# Make sure to use all our CPUs, because Consul can block a scheduler thread
|
||||||
|
@ -16,7 +16,8 @@ script
|
||||||
# Get the public IP
|
# Get the public IP
|
||||||
BIND=`ifconfig eth0 | grep "inet addr" | awk '{ print substr($2,6) }'`
|
BIND=`ifconfig eth0 | grep "inet addr" | awk '{ print substr($2,6) }'`
|
||||||
|
|
||||||
exec start-stop-daemon --start -c consul \
|
exec start-stop-daemon --start \
|
||||||
|
--chuid ${CONSUL_USER:-consul}:${CONSUL_GROUP:-consul} \
|
||||||
--exec /usr/local/bin/consul agent -- \
|
--exec /usr/local/bin/consul agent -- \
|
||||||
-config-dir="/etc/consul.d" \
|
-config-dir="/etc/consul.d" \
|
||||||
${CONSUL_FLAGS} \
|
${CONSUL_FLAGS} \
|
||||||
|
|
|
@ -10,24 +10,25 @@ consul-bin-dir:
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
|
|
||||||
# Create consul user
|
# Create consul user
|
||||||
consul-user:
|
consul-group:
|
||||||
group.present:
|
group.present:
|
||||||
- name: consul
|
- name: {{ consul.group }}
|
||||||
|
|
||||||
|
consul-user:
|
||||||
user.present:
|
user.present:
|
||||||
- name: consul
|
- name: {{ consul.user }}
|
||||||
- createhome: false
|
- gid: {{ consul.group }}
|
||||||
- system: true
|
- createhome: False
|
||||||
- groups:
|
- system: True
|
||||||
- consul
|
|
||||||
- require:
|
- require:
|
||||||
- group: consul
|
- group: consul-group
|
||||||
|
|
||||||
# Create directories
|
# Create directories
|
||||||
consul-config-dir:
|
consul-config-dir:
|
||||||
file.directory:
|
file.directory:
|
||||||
- name: /etc/consul.d
|
- name: /etc/consul.d
|
||||||
- user: consul
|
- user: {{ consul.user }}
|
||||||
- group: consul
|
- group: {{ consul.group }}
|
||||||
|
|
||||||
consul-data-dir:
|
consul-data-dir:
|
||||||
file.directory:
|
file.directory:
|
||||||
|
|
|
@ -1,10 +1,29 @@
|
||||||
{%- from slspath+"/map.jinja" import consul with context -%}
|
{%- from slspath+"/map.jinja" import consul with context -%}
|
||||||
|
|
||||||
|
consul-init-env:
|
||||||
|
file.managed:
|
||||||
|
{%- if grains['os_family'] == 'Debian' %}
|
||||||
|
- name: /etc/default/consul
|
||||||
|
{%- else %}
|
||||||
|
- name: /etc/sysconfig/consul
|
||||||
|
- makedirs: True
|
||||||
|
{%- endif %}
|
||||||
|
- user: root
|
||||||
|
- group: root
|
||||||
|
- mode: 0644
|
||||||
|
- contents:
|
||||||
|
- CONSUL_USER={{ consul.user }}
|
||||||
|
- CONSUL_GROUP={{ consul.group }}
|
||||||
|
|
||||||
consul-init-file:
|
consul-init-file:
|
||||||
file.managed:
|
file.managed:
|
||||||
{%- if salt['test.provider']('service') == 'systemd' %}
|
{%- if salt['test.provider']('service') == 'systemd' %}
|
||||||
- source: salt://{{ slspath }}/files/consul.service
|
- source: salt://{{ slspath }}/files/consul.service
|
||||||
- name: /etc/systemd/system/consul.service
|
- name: /etc/systemd/system/consul.service
|
||||||
|
- template: jinja
|
||||||
|
- context:
|
||||||
|
user: {{ consul.user }}
|
||||||
|
group: {{ consul.group }}
|
||||||
- mode: 0644
|
- mode: 0644
|
||||||
{%- elif salt['test.provider']('service') == 'upstart' %}
|
{%- elif salt['test.provider']('service') == 'upstart' %}
|
||||||
- source: salt://{{ slspath }}/files/consul.upstart
|
- source: salt://{{ slspath }}/files/consul.upstart
|
||||||
|
@ -23,6 +42,7 @@ consul-service:
|
||||||
- name: consul
|
- name: consul
|
||||||
- enable: True
|
- enable: True
|
||||||
- watch:
|
- watch:
|
||||||
|
- file: consul-init-env
|
||||||
- file: consul-init-file
|
- file: consul-init-file
|
||||||
|
|
||||||
{%- endif %}
|
{%- endif %}
|
||||||
|
|
|
@ -2,6 +2,10 @@ consul:
|
||||||
# Start Consul agent service and enable it at boot time
|
# Start Consul agent service and enable it at boot time
|
||||||
service: True
|
service: True
|
||||||
|
|
||||||
|
# Set user and group for Consul config files and running service
|
||||||
|
user: consul
|
||||||
|
group: consul
|
||||||
|
|
||||||
config:
|
config:
|
||||||
server: True
|
server: True
|
||||||
bind_addr: 0.0.0.0
|
bind_addr: 0.0.0.0
|
||||||
|
|
Loading…
Reference in a new issue