Mobrovac has uploaded a new change for review.
https://gerrit.wikimedia.org/r/279597
Change subject: service::node: Have a proper shell and home for the service user
......................................................................
service::node: Have a proper shell and home for the service user
Up until now, the users running the services did not need to have a
login shell nor a home dir. However, we now need to have them set
properly as scap uses ssh to connect to the target nodes and execute the
deploy-local command. This patch fixes it.
Change-Id: I01d291cd729ba012dbcf2e831ac50632ab394add
---
M modules/service/manifests/node.pp
1 file changed, 11 insertions(+), 2 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/97/279597/1
diff --git a/modules/service/manifests/node.pp
b/modules/service/manifests/node.pp
index 33960f1..4df55a3 100644
--- a/modules/service/manifests/node.pp
+++ b/modules/service/manifests/node.pp
@@ -179,12 +179,21 @@
user { $title:
gid => $title,
- home => undef,
- shell => '/bin/false',
+ home => "/home/${title}",
+ shell => '/bin/bash',
system => true,
before => Service[$title],
}
+ # create the user's home; Puppet 3.x doesn't create it
+ file { "/home/${title}":
+ ensure => directory,
+ owner => $title,
+ group => $title,
+ mode => '0755',
+ require => [User[$title], Group[$title]]
+ }
+
# Configuration, directories
file { "/etc/${title}":
ensure => directory,
--
To view, visit https://gerrit.wikimedia.org/r/279597
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: I01d291cd729ba012dbcf2e831ac50632ab394add
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Mobrovac <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
