From fd832de552b901b3c5b81fab43e45c7099fc8277 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Mon, 30 Sep 2013 21:44:03 +0000 Subject: [PATCH] Move elastic-recheck shell account out of /var/run * manifests/site.pp: Expect the SSH key in /home rather than in /var/run. * modules/elastic_recheck/manifests/init.pp: Change the recheck shell account for elastic-recheck to use a homedir in /home. Change-Id: I43f4a8cdcb803328388b7e92732e5cb9d6acb2a8 --- manifests/site.pp | 2 +- modules/elastic_recheck/manifests/init.pp | 18 +++++++++++++++++- 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/manifests/site.pp b/manifests/site.pp index 1390f1bf87..61938567d4 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -278,7 +278,7 @@ node 'logstash.openstack.org' { 'elasticsearch6.openstack.org:9200', ], # Config for elastic-recheck - gerrit_ssh_private_key => '/etc/elastic-recheck/id_rsa', + gerrit_ssh_private_key => '/home/recheck/.ssh/id_rsa', gerrit_ssh_private_key_contents => hiera('elastic-recheck_gerrit_ssh_private_key'), recheck_bot_nick => 'openstackrecheck', recheck_bot_passwd => hiera('elastic-recheck_ircbot_password'), diff --git a/modules/elastic_recheck/manifests/init.pp b/modules/elastic_recheck/manifests/init.pp index 27c3fb1bff..fd302a69eb 100644 --- a/modules/elastic_recheck/manifests/init.pp +++ b/modules/elastic_recheck/manifests/init.pp @@ -31,7 +31,7 @@ class elastic_recheck ( user { 'recheck': ensure => present, - home => '/var/run/elastic-recheck', + home => '/home/recheck', shell => '/bin/false', gid => 'recheck', require => Group['recheck'], @@ -115,6 +115,22 @@ class elastic_recheck ( ], } + file { '/home/recheck': + ensure => directory, + mode => '0700', + owner => 'recheck', + group => 'recheck', + require => User['recheck'], + } + + file { '/home/recheck/.ssh': + ensure => directory, + mode => '0700', + owner => 'recheck', + group => 'recheck', + require => User['recheck'], + } + file { $gerrit_ssh_private_key: ensure => present, mode => '0600',