Filippo Giunchedi has submitted this change and it was merged.

Change subject: Point to a folder firejailed thumbor can actually write to
......................................................................


Point to a folder firejailed thumbor can actually write to

Refs T145632

Change-Id: I2071d7ea6545b7f9cd0d8aa2e0b041b2daa683d9
---
M modules/thumbor/files/thumbor.logrotate.conf
M modules/thumbor/files/thumbor.rsyslog.conf
M modules/thumbor/manifests/init.pp
M modules/thumbor/templates/server.conf.erb
4 files changed, 19 insertions(+), 13 deletions(-)

Approvals:
  Filippo Giunchedi: Looks good to me, approved
  jenkins-bot: Verified



diff --git a/modules/thumbor/files/thumbor.logrotate.conf 
b/modules/thumbor/files/thumbor.logrotate.conf
index c457d82..8bf2cd2 100644
--- a/modules/thumbor/files/thumbor.logrotate.conf
+++ b/modules/thumbor/files/thumbor.logrotate.conf
@@ -1,4 +1,4 @@
-/var/log/thumbor/thumbor.error.log
+/srv/log/thumbor/thumbor.error.log
 {
     rotate 4
     daily
diff --git a/modules/thumbor/files/thumbor.rsyslog.conf 
b/modules/thumbor/files/thumbor.rsyslog.conf
index 0d84006..195c88f 100644
--- a/modules/thumbor/files/thumbor.rsyslog.conf
+++ b/modules/thumbor/files/thumbor.rsyslog.conf
@@ -1,4 +1,4 @@
 if ($programname startswith 'thumbor') then {
-    action(type="omfile" file="/var/log/thumbor/thumbor.error.log")
+    action(type="omfile" file="/srv/log/thumbor/thumbor.error.log")
     stop
 }
diff --git a/modules/thumbor/manifests/init.pp 
b/modules/thumbor/manifests/init.pp
index 7c1fedb..e1899ce 100644
--- a/modules/thumbor/manifests/init.pp
+++ b/modules/thumbor/manifests/init.pp
@@ -39,18 +39,24 @@
         group  => 'root',
     }
 
-    file { '/var/log/thumbor':
-        ensure => directory,
-        owner  => 'thumbor',
-        group  => 'root',
-        mode   => '0755',
+    # We ensure the /srv/log (parent of $out_dir) manually here, as
+    # there is no proper class to rely on for this, and starting a
+    # separate would be an overkill for now.
+    if !defined(File['/srv/log']) {
+        file { '/srv/log':
+            ensure => 'directory',
+            mode   => '0755',
+            owner  => 'root',
+            group  => 'root',
+        }
     }
 
-    file { ['/srv/thumbor', '/srv/thumbor/tmp']:
-        ensure => directory,
-        mode   => '0755',
-        owner  => 'thumbor',
-        group  => 'thumbor',
+    file { ['/srv/thumbor', '/srv/thumbor/tmp', '/srv/log/thumbor']:
+        ensure  => directory,
+        mode    => '0755',
+        owner   => 'thumbor',
+        group   => 'thumbor',
+        require => File['/srv/log']
     }
 
     file { '/usr/local/lib/thumbor/tinyrgb.icc':
diff --git a/modules/thumbor/templates/server.conf.erb 
b/modules/thumbor/templates/server.conf.erb
index e74d7df..2a3bb92 100644
--- a/modules/thumbor/templates/server.conf.erb
+++ b/modules/thumbor/templates/server.conf.erb
@@ -191,7 +191,7 @@
             'level': 'WARNING',
             'class': 'logging.handlers.TimedRotatingFileHandler',
             'formatter': 'default',
-            'filename': '/var/log/thumbor/thumbor.404.log',
+            'filename': '/srv/log/thumbor/thumbor.404.log',
             'interval': 1,
             'when': 'D',
             'backupCount': 4,

-- 
To view, visit https://gerrit.wikimedia.org/r/315234
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: merged
Gerrit-Change-Id: I2071d7ea6545b7f9cd0d8aa2e0b041b2daa683d9
Gerrit-PatchSet: 7
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Gilles <gdu...@wikimedia.org>
Gerrit-Reviewer: Filippo Giunchedi <fgiunch...@wikimedia.org>
Gerrit-Reviewer: Gilles <gdu...@wikimedia.org>
Gerrit-Reviewer: jenkins-bot <>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to