Merge pull request #24 from vutny/secure-config-datadir-permissions
Secure filesystem permissions for config file and data dir
This commit is contained in:
commit
ddfd7a7f87
2 changed files with 18 additions and 14 deletions
|
@ -1,18 +1,19 @@
|
||||||
{% from slspath + "/map.jinja" import consul with context %}
|
{%- from slspath + '/map.jinja' import consul with context -%}
|
||||||
|
|
||||||
consul-config:
|
consul-config:
|
||||||
file.serialize:
|
file.serialize:
|
||||||
- name: /etc/consul.d/config.json
|
- name: /etc/consul.d/config.json
|
||||||
{% if consul.service != False %}
|
|
||||||
- watch_in:
|
|
||||||
- service: consul
|
|
||||||
{% endif %}
|
|
||||||
- user: consul
|
|
||||||
- group: consul
|
|
||||||
- require:
|
|
||||||
- user: consul
|
|
||||||
- formatter: json
|
- formatter: json
|
||||||
- dataset: {{ consul.config }}
|
- dataset: {{ consul.config }}
|
||||||
|
- user: {{ consul.user }}
|
||||||
|
- group: {{ consul.group }}
|
||||||
|
- mode: 0640
|
||||||
|
- require:
|
||||||
|
- user: consul-user
|
||||||
|
{%- if consul.service %}
|
||||||
|
- watch_in:
|
||||||
|
- service: consul
|
||||||
|
{%- endif %}
|
||||||
|
|
||||||
{% for script in consul.scripts %}
|
{% for script in consul.scripts %}
|
||||||
consul-script-install-{{ loop.index }}:
|
consul-script-install-{{ loop.index }}:
|
||||||
|
@ -36,7 +37,7 @@ consul-script-config:
|
||||||
- user: {{ consul.user }}
|
- user: {{ consul.user }}
|
||||||
- group: {{ consul.group }}
|
- group: {{ consul.group }}
|
||||||
- require:
|
- require:
|
||||||
- user: consul
|
- user: consul-user
|
||||||
- formatter: json
|
- formatter: json
|
||||||
- dataset:
|
- dataset:
|
||||||
services: {{ consul.register }}
|
services: {{ consul.register }}
|
||||||
|
|
|
@ -1,4 +1,4 @@
|
||||||
{% from slspath+"/map.jinja" import consul with context %}
|
{%- from slspath + '/map.jinja' import consul with context -%}
|
||||||
|
|
||||||
consul-dep-unzip:
|
consul-dep-unzip:
|
||||||
pkg.installed:
|
pkg.installed:
|
||||||
|
@ -17,7 +17,8 @@ consul-group:
|
||||||
consul-user:
|
consul-user:
|
||||||
user.present:
|
user.present:
|
||||||
- name: {{ consul.user }}
|
- name: {{ consul.user }}
|
||||||
- gid: {{ consul.group }}
|
- groups:
|
||||||
|
- {{ consul.group }}
|
||||||
- createhome: False
|
- createhome: False
|
||||||
- system: True
|
- system: True
|
||||||
- require:
|
- require:
|
||||||
|
@ -29,13 +30,15 @@ consul-config-dir:
|
||||||
- name: /etc/consul.d
|
- name: /etc/consul.d
|
||||||
- user: {{ consul.user }}
|
- user: {{ consul.user }}
|
||||||
- group: {{ consul.group }}
|
- group: {{ consul.group }}
|
||||||
|
- mode: 0750
|
||||||
|
|
||||||
consul-data-dir:
|
consul-data-dir:
|
||||||
file.directory:
|
file.directory:
|
||||||
- name: {{ consul.config.data_dir }}
|
- name: {{ consul.config.data_dir }}
|
||||||
- user: consul
|
|
||||||
- group: consul
|
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
|
- user: {{ consul.user }}
|
||||||
|
- group: {{ consul.group }}
|
||||||
|
- mode: 0750
|
||||||
|
|
||||||
# Install agent
|
# Install agent
|
||||||
consul-download:
|
consul-download:
|
||||||
|
|
Loading…
Reference in a new issue