create /var/run/consul with permissions suitable for storing unix sockets

Signed-off-by: Steven Armstrong <steven@icarus.ethz.ch>
10 years ago · b515601c9c
parent 6662535c28
commit b515601c9c
5 changed files with 30 additions and 4 deletions
--- a/cdist/conf/type/__consul_agent/files/consul-prepare.upstart
+++ b/cdist/conf/type/__consul_agent/files/consul-prepare.upstart
@ -0,0 +1,9 @@
+start on starting consul
+
+task
+
+script
+   mkdir -p /var/run/consul
+   chown consul:consul /var/run/consul
+   chmod 2770 /var/run/consul
+end script
--- a/cdist/conf/type/__consul_agent/files/consul.systemd
+++ b/cdist/conf/type/__consul_agent/files/consul.systemd
@ -7,6 +7,11 @@ After=basic.target network.target
 User=consul
 Group=consul
 Environment="GOMAXPROCS=2"
+# Run ExecStartPre with root-permissions
+PermissionsStartOnly=true
+ExecStartPre=/usr/bin/mkdir -p /var/run/consul
+ExecStartPre=/usr/bin/chown consul:consul /var/run/consul
+ExecStartPre=/usr/bin/chmod 2770 /var/run/consul
 ExecStart=/usr/local/bin/consul agent -config-dir /etc/consul/conf.d
 ExecReload=/bin/kill -HUP $MAINPID
 KillMode=process
--- a/cdist/conf/type/__consul_agent/files/consul.sysv-debian
+++ b/cdist/conf/type/__consul_agent/files/consul.sysv-debian
@ -1,6 +1,7 @@
 #!/bin/sh
 #
 # 2015 Nico Schottelius (nico-cdist at schottelius.org)
+# 2015 Steven Armstrong (steven-cdist at armstrong.cc)
 #
 # This file is part of cdist.
 #
@ -29,6 +30,10 @@ CONSUL=/usr/local/bin/consul
 CONFIG=/etc/$NAME/conf.d
 PID_FILE=/var/run/$NAME/pidfile

+mkdir -p /var/run/$NAME
+chown consul:consul /var/run/$NAME
+chmod 2770 /var/run/$NAME
+
 export PATH="${PATH:+$PATH:}/usr/sbin:/sbin"

 case "$1" in
@ -51,7 +56,7 @@ case "$1" in
            log_end_msg 1 || true
        fi
    ;;
-    
+
    reload)
        log_daemon_msg "Reloading consul agent" "consul" || true
        if start-stop-daemon --stop --signal HUP --quiet --oknodo --pidfile $PID_FILE --exec $CONSUL; then
--- a/cdist/conf/type/__consul_agent/files/consul.sysv-redhat
+++ b/cdist/conf/type/__consul_agent/files/consul.sysv-redhat
@ -22,7 +22,9 @@ LOG_FILE=/var/log/$NAME
 export GOMAXPROCS=${GOMAXPROCS:-2}

 mkdir -p /var/run/$NAME
-chown consul /var/run/$NAME
+chown consul:consul /var/run/$NAME
+chmod 2770 /var/run/$NAME
+

 start() {
   echo -n "Starting $NAME: "
--- a/cdist/conf/type/__consul_agent/manifest
+++ b/cdist/conf/type/__consul_agent/manifest
@ -160,10 +160,15 @@ init_systemd()

 init_upstart()
 {
-    __file /etc/init/consul.conf \
+    __file /etc/init/consul-prepare.conf \
        --owner root --group root --mode 0644 \
        --state "$state" \
-        --source "$__type/files/consul.upstart"
+        --source "$__type/files/consul-prepare.upstart"
+    require="__file/etc/init/consul-prepare.conf" \
+        __file /etc/init/consul.conf \
+            --owner root --group root --mode 0644 \
+            --state "$state" \
+            --source "$__type/files/consul.upstart"
    require="__file/etc/init/consul.conf" __start_on_boot consul
 }