394051: ensure that services are running as a non privileged userrefs/changes/92/8792/1

Change-Id: I3f061c6ceae6fa74ebc6e69a86c4187de0e8bcd0 Task-Url: https://bugs.eclipse.org/bugs/show_bug.cgi?id=394051
author: Frank Becker 2012-11-21 14:33:29 (EST)
committer: Frank Becker 2012-11-21 14:33:29 (EST)
commit: a33434de28d2d6e4c62f173357e97443199e19bf (patch) (side-by-side diff)
tree: 6c12cad8a5e7c710ea187c44f953e26058f52db6
parent: 16b7963b8627cac4e80e75409d3f9a2cb32c2af6 (diff)
download: org.eclipse.mylyn.reviews-a33434de28d2d6e4c62f173357e97443199e19bf.zip
org.eclipse.mylyn.reviews-a33434de28d2d6e4c62f173357e97443199e19bf.tar.gz
org.eclipse.mylyn.reviews-a33434de28d2d6e4c62f173357e97443199e19bf.tar.bz2
5 files changed, 58 insertions, 18 deletions
diff --git a/org.eclipse.mylyn.gerrit.releng/manifests/default.pp b/org.eclipse.mylyn.gerrit.releng/manifests/default.pp
index ba6f9b7..ea76dea 100644
--- a/org.eclipse.mylyn.gerrit.releng/manifests/default.pp
+++ b/org.eclipse.mylyn.gerrit.releng/manifests/default.pp
@@ -1,4 +1,11 @@
 Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }
+  
+ user { "tools":
+        ensure => present,
+        membership => minimum,
+        shell => "/bin/bash",
+        managehome => 'true',
+}
 
 include apache
 
diff --git a/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/defaultsites.pp b/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/defaultsites.pp
index 831ba56..b371c11 100644
--- a/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/defaultsites.pp
+++ b/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/defaultsites.pp
@@ -1,4 +1,6 @@
 define gerrit::defaultsites {
+  $userOwner = "tools"
+  $userGroup = "tools"
 
 exec { "apt-get update":
     command => "apt-get update",
diff --git a/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/gerrit.pp b/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/gerrit.pp
new file mode 100644
index 0000000..3743d76
--- a/dev/null
+++ b/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/gerrit.pp
@@ -0,0 +1,24 @@
+define gerrit::gerrit(
+	$version = "$title",
+	$base = "/home/tools/gerrit",
+	$postfix = "",
+) {  
+
+  include "gerrit"
+  
+	Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }	
+	
+	exec { "prepare $version":
+		command => "mkdir -p $base/archive $base/conf.d",
+        user => "$gerrit::userOwner",
+		creates => "$base/archive",
+	}
+	
+	exec { "download gerrit $version":
+    command => "wget -O $base/archive/gerrit-$version.war https://gerrit.googlecode.com/files/gerrit${postfix}-${version}.war",
+	  creates => "$base/archive/gerrit-$version.war",
+      user => "$gerrit::userOwner",
+	  require => Exec["prepare $version"],
+	}
+	
+}
+\ No newline at end of file
diff --git a/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/init.pp b/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/init.pp
index efa23a0..910e6aa 100644
--- a/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/init.pp
+++ b/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/init.pp
@@ -1,19 +1,7 @@
-define gerrit(
-	$version = "$title",
-	$base = "/home/tools/gerrit",
-	$postfix = "",
-) {  
-	Exec { path => [ "/bin/", "/sbin/" , "/usr/bin/", "/usr/sbin/" ] }	
-	
-	exec { "prepare $version":
-		command => "mkdir -p $base/archive $base/conf.d",
-		creates => "$base/archive",
-	}
-	
-	exec { "download gerrit $version":
-    command => "wget -O $base/archive/gerrit-$version.war https://gerrit.googlecode.com/files/gerrit${postfix}-${version}.war",
-	  creates => "$base/archive/gerrit-$version.war",
-	  require => Exec["prepare $version"],
-	}
-	
+class gerrit {
+
+  $base = "/home/tools/gerrit"
+  $userOwner = "tools"
+  $userGroup = "tools"
+
 }
 \ No newline at end of file
diff --git a/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/site.pp b/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/site.pp
index 19191bb..3d0f77e 100644
--- a/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/site.pp
+++ b/org.eclipse.mylyn.gerrit.releng/modules/gerrit/manifests/site.pp
@@ -17,12 +17,14 @@ define gerrit::site(
   exec { "stop $envid":
     command => "/bin/sh -c '(cd $envbase && $envbase/bin/gerrit.sh stop)'",
     require => Gerrit["$version"],
+    user => "$gerrit::userOwner",
     onlyif => "test -x $envbase/bin/gerrit.sh && $envbase/bin/gerrit.sh check | grep -q 'Gerrit running'",
   }
 
   exec { "configure $envid":
     command => "java -jar $base/archive/gerrit-$version.war init --batch --site-path $envbase --no-auto-start",
     require => Exec["stop $envid"],
+    user => "$gerrit::userOwner",
     creates => "$envbase",
   }
 
@@ -33,50 +35,66 @@ define gerrit::site(
 	
 	file { "$envbase":
     ensure => "directory",
+    owner   => "$gerrit::userOwner",
+    group   => "$gerrit::userGroup",
     require => Exec["configure $envid"]
   }
 	
 	file { "$conf/$envid.conf":
     content => template('gerrit/gerrit.conf.erb'),
+    owner   => "$gerrit::userOwner",
+    group   => "$gerrit::userGroup",
     notify => Service["apache2"],
 	}
 
 	if $digestauth {
 		file { "$envbase/htpasswd.digest":
     	content => template('gerrit/htpasswd.digest.erb'),
+        owner   => "$gerrit::userOwner",
+        group   => "$gerrit::userGroup",
 			require => File["$envbase"],
 		}
 	} else {
 		file { "$envbase/htpasswd":
 	    content => template('gerrit/htpasswd.erb'),
+        owner   => "$gerrit::userOwner",
+        group   => "$gerrit::userGroup",
 			require => File["$envbase"],
 		}
 	}
 
   file { "$envbase/admin.id_rsa":
     source => "puppet:///modules/gerrit/admin.id_rsa",
+    owner   => "$gerrit::userOwner",
+    group   => "$gerrit::userGroup",
     require => File["$envbase"],
   }
 
   file { "$envbase/setup.sql":
     source => "puppet:///modules/gerrit/setup.sql",
+    owner   => "$gerrit::userOwner",
+    group   => "$gerrit::userGroup",
     require => File["$envbase"],
   }
 
   file { "$envbase/service.json":
     content => template('gerrit/service.json.erb'),
+    owner   => "$gerrit::userOwner",
+    group   => "$gerrit::userGroup",
     require => File["$envbase"],
   }
       
   exec { "create admin user for $envid":
     command => "java -jar bin/gerrit.war gsql < $envbase/setup.sql",
     cwd => "$envbase",
+    user => "$gerrit::userOwner",
     require => [ Exec["configure $envid"], File["$envbase/setup.sql"], File["$envbase/admin.id_rsa"], ],
   }
 
   exec { "start $envid":
     command => "$envbase/bin/gerrit.sh start",
     cwd => "$envbase",
+    user => "$gerrit::userOwner",
     require => [ Exec["create admin user for $envid"], File["$envbase/etc/gerrit.config"] ],
     creates => "$envbase/log/gerrit.pid",
   }
@@ -85,6 +103,7 @@ define gerrit::site(
 
   exec { "create project for $envid":
     command => "$ssh gerrit create-project --name org.eclipse.mylyn.test --empty-commit",
+#    user => "$gerrit::userOwner",
     require => Exec["start $envid"],
     creates => "$envbase/git/org.eclipse.mylyn.test.git"
   }
author	Frank Becker	2012-11-21 14:33:29 (EST)
committer	Frank Becker	2012-11-21 14:33:29 (EST)
commit	a33434de28d2d6e4c62f173357e97443199e19bf (patch) (side-by-side diff)
tree	6c12cad8a5e7c710ea187c44f953e26058f52db6
parent	16b7963b8627cac4e80e75409d3f9a2cb32c2af6 (diff)
download	org.eclipse.mylyn.reviews-a33434de28d2d6e4c62f173357e97443199e19bf.zip org.eclipse.mylyn.reviews-a33434de28d2d6e4c62f173357e97443199e19bf.tar.gz org.eclipse.mylyn.reviews-a33434de28d2d6e4c62f173357e97443199e19bf.tar.bz2