summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorFrank Becker2012-11-23 00:13:48 (EST)
committer Frank Becker2012-11-23 00:13:48 (EST)
commita144ad36bdb9605fe6e30e5e9a16bf02fbb92763 (patch)
treeae30d901f6b6ef6b83c506ca0915ffefa0e02003
parent62891d084328df711905bc105ac110aa0cf1deca (diff)
downloadorg.eclipse.mylyn.builds-a144ad36bdb9605fe6e30e5e9a16bf02fbb92763.zip
org.eclipse.mylyn.builds-a144ad36bdb9605fe6e30e5e9a16bf02fbb92763.tar.gz
org.eclipse.mylyn.builds-a144ad36bdb9605fe6e30e5e9a16bf02fbb92763.tar.bz2
394051: ensure that services are running as a non privileged userrefs/changes/89/8789/2
use tools user Change-Id: Ic7c0356419d6d8c4844932e16b3bb82fdeb5923f Task-Url: https://bugs.eclipse.org/bugs/show_bug.cgi?id=394051
-rw-r--r--org.eclipse.mylyn.hudson.releng/manifests/default.pp7
-rw-r--r--org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/hudson.pp8
-rw-r--r--org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/init.pp2
-rw-r--r--org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/site.pp23
4 files changed, 34 insertions, 6 deletions
diff --git a/org.eclipse.mylyn.hudson.releng/manifests/default.pp b/org.eclipse.mylyn.hudson.releng/manifests/default.pp
index 7c8b92e..a8b37fa 100644
--- a/org.eclipse.mylyn.hudson.releng/manifests/default.pp
+++ b/org.eclipse.mylyn.hudson.releng/manifests/default.pp
@@ -2,5 +2,12 @@ Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }
include "hudson"
+user { "tools":
+ ensure => present,
+ membership => minimum,
+ shell => "/bin/bash",
+ managehome => 'true',
+}
+
hudson::defaultsites { "hudson":
}
diff --git a/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/hudson.pp b/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/hudson.pp
index 3bac25e..a854665 100644
--- a/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/hudson.pp
+++ b/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/hudson.pp
@@ -3,6 +3,8 @@ define hudson::hudson(
$type,
$qualifier = "",
$base = $hudson::base,
+ $userOwner = $hudson::userOwner,
+ $userGroup = $hudson::userGroup,
) {
include "hudson"
@@ -10,6 +12,7 @@ define hudson::hudson(
exec { "prepare $version":
command => "mkdir -p $base/archive $base/conf.d",
creates => "$base/archive",
+ user => "$userOwner",
require => Exec["prepare hudson"],
}
@@ -32,8 +35,9 @@ define hudson::hudson(
exec { "download $version":
command => "wget -O '$base/archive/${type}-$version.war' '$url'",
- creates => "$base/archive/${type}-$version.war",
- require => Exec["prepare $version"],
+ creates => "$base/archive/${type}-$version.war",
+ user => "$userOwner",
+ require => Exec["prepare $version"],
}
}
diff --git a/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/init.pp b/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/init.pp
index cfd63d9..74d75f3 100644
--- a/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/init.pp
+++ b/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/init.pp
@@ -1,6 +1,8 @@
class hudson {
$base = "/home/tools/hudson"
+ $userOwner = "tools"
+ $userGroup = "tools"
exec { "apt-get update":
command => "apt-get update",
diff --git a/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/site.pp b/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/site.pp
index b7368c7..88c5d49 100644
--- a/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/site.pp
+++ b/org.eclipse.mylyn.hudson.releng/modules/hudson/manifests/site.pp
@@ -4,11 +4,13 @@ define hudson::site(
$data,
$port,
$version,
- $allbasicauth = false,
- $certauth = false,
- $digestauth = false,
+ $allbasicauth = false,
+ $certauth = false,
+ $digestauth = false,
$base = $hudson::base,
$envinfo = "",
+ $userOwner = $hudson::userOwner,
+ $userGroup = $hudson::userGroup,
) {
$envbase = "$base/$envid"
$conf = "$base/conf.d"
@@ -23,17 +25,23 @@ define hudson::site(
file { "$envbase":
source => "puppet:///modules/hudson/${data}",
recurse => true,
+ owner => "$userOwner",
+ group => "$userGroup",
require => Exec["stop $envid"],
}
if $digestauth {
file { "$envbase/htpasswd.digest":
content => template('hudson/htpasswd.digest.erb'),
+ owner => "$userOwner",
+ group => "$userGroup",
require => File["$envbase"],
}
} else {
file { "$envbase/htpasswd":
content => template('hudson/htpasswd.erb'),
+ owner => "$userOwner",
+ group => "$userGroup",
require => File["$envbase"],
}
}
@@ -46,17 +54,23 @@ define hudson::site(
file { "$envbase/start.sh":
content => template('hudson/start.sh.erb'),
mode => 755,
+ owner => "$userOwner",
+ group => "$userGroup",
require => File["$envbase"],
}
file { "$envbase/stop.sh":
content => template('hudson/stop.sh.erb'),
mode => 755,
+ owner => "$userOwner",
+ group => "$userGroup",
require => File["$envbase"],
}
file { "$envbase/service.json":
content => template('hudson/service.json.erb'),
+ owner => "$userOwner",
+ group => "$userGroup",
require => File["$envbase"],
}
@@ -64,7 +78,8 @@ define hudson::site(
command => "$envbase/start.sh",
cwd => "$envbase",
require => File["$envbase/start.sh"],
- creates => "$envbase/pid",
+ user => "$userOwner",
+ creates => "$envbase/pid",
}
exec { "add $envbase to apache":