allow to run service without root privileges

igomura · igomura · commit f785418c1180 · 2023-04-12T22:29:40.000-07:00
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -5,9 +5,9 @@
 
   file { $orchestrator::config:
     ensure  => file,
-    owner   => 0,
-    group   => 0,
-    mode    => '0644',
+    owner   => $orchestrator::service_user,
+    group   => $orchestrator::service_group,
+    mode    => '0640',
     content => template($orchestrator::config_template),
   }
 }
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -24,6 +24,10 @@
 #   if true module willl manage service
 # @param service_name
 #   service name to manage. Default 'orchestrator'
+# @param service_user
+#   user to own the service. Default 'root'
+# @param service_group
+#   group to own the service. Default 'root'
 class orchestrator (
   String $config                        = $orchestrator::params::config,
   Hash[String[1], Any] $config_defaults = $orchestrator::params::config_defaults,
@@ -37,6 +41,8 @@
   String $service_ensure                = $orchestrator::params::service_ensure,
   Boolean $service_manage               = $orchestrator::params::service_manage,
   String $service_name                  = $orchestrator::params::service_name,
+  String $service_user                  = $orchestrator::params::service_user,
+  String $service_group                 = $orchestrator::params::service_group,
 ) inherits orchestrator::params {
   validate_absolute_path($config)
   validate_string($config_template)
diff --git a/manifests/my_cnf.pp b/manifests/my_cnf.pp
@@ -3,11 +3,17 @@
   $cnf_erb = 'orchestrator/orchestrator.cnf.erb'
 
   file { $orchestrator::topology_cnf:
+    ensure  => file,
+    owner   => $orchestrator::service_user,
+    group   => $orchestrator::service_group,
+    mode    => '0640',
     content => template($cnf_erb),
-    mode    => '0644',
   }
   file { $orchestrator::srv_cnf:
+    ensure  => file,
+    owner   => $orchestrator::service_user,
+    group   => $orchestrator::service_group,
+    mode    => '0640',
     content => template($cnf_erb),
-    mode    => '0644',
   }
 }
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -10,6 +10,8 @@
   $service_ensure    = 'running'
   $service_manage    = true
   $service_name      = 'orchestrator'
+  $service_user      = 'root'
+  $service_group     = 'root'
   $srv_cnf           = '/etc/orchestrator_srv.cnf'
   $topology_cnf      = '/etc/orchestrator.cnf'
 
diff --git a/manifests/service.pp b/manifests/service.pp
@@ -5,6 +5,19 @@
   }
 
   if $orchestrator::service_manage == true {
+    if 'systemd' in $facts['init_systems'] {
+      include systemd
+
+      systemd::manage_dropin { '10_user.conf':
+        ensure        => 'present',
+        unit          => 'orchestrator.service',
+        service_entry => {
+          'User'  => $orchestrator::service_user,
+          'Group' => $orchestrator::service_group,
+        },
+      }
+    }
+
     service { 'orchestrator':
       ensure     => $orchestrator::service_ensure,
       enable     => $orchestrator::service_enable,
diff --git a/metadata.json b/metadata.json
@@ -57,6 +57,7 @@
   ],
   "dependencies": [
     { "name": "puppetlabs/stdlib", "version_requirement": ">= 3.2.0 <5.0.0" },
-    { "name": "computology/packagecloud", "version_requirement": ">= 0.2.0" }
+    { "name": "computology/packagecloud", "version_requirement": ">= 0.2.0" },
+    { "name": "voxpupuli/systemd", "version_requirement": ">= 4.1.0" }
   ]
 }

Original file line number	Diff line number	Diff line change
`@@ -5,9 +5,9 @@`
`5`	`5`
`6`	`6`	`file { $orchestrator::config:`
`7`	`7`	`ensure => file,`
`8`		`- owner => 0,`
`9`		`- group => 0,`
`10`		`- mode => '0644',`
	`8`	`+ owner => $orchestrator::service_user,`
	`9`	`+ group => $orchestrator::service_group,`
	`10`	`+ mode => '0640',`
`11`	`11`	`content => template($orchestrator::config_template),`
`12`	`12`	`}`
`13`	`13`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,11 +3,17 @@`
`3`	`3`	`$cnf_erb = 'orchestrator/orchestrator.cnf.erb'`
`4`	`4`
`5`	`5`	`file { $orchestrator::topology_cnf:`
	`6`	`+ ensure => file,`
	`7`	`+ owner => $orchestrator::service_user,`
	`8`	`+ group => $orchestrator::service_group,`
	`9`	`+ mode => '0640',`
`6`	`10`	`content => template($cnf_erb),`
`7`		`- mode => '0644',`
`8`	`11`	`}`
`9`	`12`	`file { $orchestrator::srv_cnf:`
	`13`	`+ ensure => file,`
	`14`	`+ owner => $orchestrator::service_user,`
	`15`	`+ group => $orchestrator::service_group,`
	`16`	`+ mode => '0640',`
`10`	`17`	`content => template($cnf_erb),`
`11`		`- mode => '0644',`
`12`	`18`	`}`
`13`	`19`	`}`
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,7 @@`
`57`	`57`	`],`
`58`	`58`	`"dependencies": [`
`59`	`59`	`{ "name": "puppetlabs/stdlib", "version_requirement": ">= 3.2.0 <5.0.0" },`
`60`		`- { "name": "computology/packagecloud", "version_requirement": ">= 0.2.0" }`
	`60`	`+ { "name": "computology/packagecloud", "version_requirement": ">= 0.2.0" },`
	`61`	`+ { "name": "voxpupuli/systemd", "version_requirement": ">= 4.1.0" }`
`61`	`62`	`]`
`62`	`63`	`}`