[MediaWiki-commits] [Gerrit] operations/puppet[production]: uwsgi: uwsgi should run as root, not as www-data

Tue, 03 Jan 2017 21:20:07 -0800 

Andrew Bogott has uploaded a new change for review. ( 
https://gerrit.wikimedia.org/r/330370 )

Change subject: uwsgi:  uwsgi should run as root, not as www-data
......................................................................

uwsgi:  uwsgi should run as root, not as www-data

Uwsgi includes config options like uid and gid to set
the user that an app runs as.  Those args only work
if uwsgi itself is running as root.

For example, I need to run keystone with uwsgi as
the 'keystone' user.  That's not compatible with
the existing www-data presumption.

Bug: T150774
Change-Id: Ibb572f6a074ec549949803f2b33a73e06d6e5f37
---
M modules/uwsgi/manifests/init.pp
M modules/uwsgi/templates/initscripts/uwsgi-startup.upstart.erb
M modules/uwsgi/templates/initscripts/uwsgi.systemd.erb
M modules/uwsgi/templates/initscripts/uwsgi.upstart.erb
4 files changed, 8 insertions(+), 8 deletions(-)


  git pull ssh://gerrit.wikimedia.org:29418/operations/puppet 
refs/changes/70/330370/1

diff --git a/modules/uwsgi/manifests/init.pp b/modules/uwsgi/manifests/init.pp
index b98bfeb..9da85ad 100644
--- a/modules/uwsgi/manifests/init.pp
+++ b/modules/uwsgi/manifests/init.pp
@@ -44,8 +44,8 @@
 
     file { '/run/uwsgi':
         ensure => directory,
-        owner  => 'www-data',
-        group  => 'www-data',
+        owner  => 'root',
+        group  => 'root',
         mode   => '0755',
     }
 
@@ -56,7 +56,7 @@
             owner   => 'root',
             group   => 'root',
             mode    => '0444',
-            content => 'd /run/uwsgi 0755 www-data www-data',
+            content => 'd /run/uwsgi 0755 root root',
         }
     } else {
         base::service_unit { 'uwsgi-startup':
diff --git a/modules/uwsgi/templates/initscripts/uwsgi-startup.upstart.erb 
b/modules/uwsgi/templates/initscripts/uwsgi-startup.upstart.erb
index 7d11dd2..308710d 100644
--- a/modules/uwsgi/templates/initscripts/uwsgi-startup.upstart.erb
+++ b/modules/uwsgi/templates/initscripts/uwsgi-startup.upstart.erb
@@ -4,4 +4,4 @@
 
 task
 
-exec install -d -o www-data -g www-data /run/uwsgi
+exec install -d -o root -g root /run/uwsgi
diff --git a/modules/uwsgi/templates/initscripts/uwsgi.systemd.erb 
b/modules/uwsgi/templates/initscripts/uwsgi.systemd.erb
index 6bb9f6d..b236527 100644
--- a/modules/uwsgi/templates/initscripts/uwsgi.systemd.erb
+++ b/modules/uwsgi/templates/initscripts/uwsgi.systemd.erb
@@ -4,8 +4,8 @@
 
 [Service]
 ExecStart = /usr/bin/uwsgi --die-on-term --autoload --ini <%= @inipath %>
-User = www-data
-Group = www-data
+User = root
+Group = root
 SyslogIdentifier = uwsgi-<%= @basename %>
 
 [Install]
diff --git a/modules/uwsgi/templates/initscripts/uwsgi.upstart.erb 
b/modules/uwsgi/templates/initscripts/uwsgi.upstart.erb
index a182e72..fd6d7b5 100644
--- a/modules/uwsgi/templates/initscripts/uwsgi.upstart.erb
+++ b/modules/uwsgi/templates/initscripts/uwsgi.upstart.erb
@@ -1,8 +1,8 @@
 # This file is managed by Puppet
 description "<%= @title %> uwsgi app"
 
-setuid www-data
-setgid www-data
+setuid root
+setgid root
 
 exec /usr/bin/uwsgi --die-on-term --autoload --ini <%= @inipath %>
 

-- 
To view, visit https://gerrit.wikimedia.org/r/330370
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings

Gerrit-MessageType: newchange
Gerrit-Change-Id: Ibb572f6a074ec549949803f2b33a73e06d6e5f37
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <abog...@wikimedia.org>

_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits

Reply via email to