Set permissions for /opt/conf-meza and /opt/conf-meza/public

Make these dirs suitable for meza-ansible to manage them without using sudo.
enterprisemediawiki · May 13, 2019 · 4d56386 · 4d56386
1 parent 6ecc855
commit 4d56386
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 13 deletions.
diff --git a/config/core/defaults.yml b/config/core/defaults.yml
@@ -215,6 +215,11 @@ m_backups_owner: root
 m_backups_group: root
 
 
+m_config_public_mode: "0755"
+m_config_public_owner: meza-ansible
+m_config_public_group: wheel
+
+
 #
 # PHP config
 #

diff --git a/src/playbooks/site.yml b/src/playbooks/site.yml
@@ -71,6 +71,14 @@
       group: wheel
       mode: "0600"
 
+  - name: Ensure /opt/conf-meza owned by meza-ansible
+    file:
+      path: "/opt/conf-meza"
+      owner: meza-ansible
+      group: wheel
+      mode: "0755"
+
+
 # FIXME 800: Run against localhost
 - hosts: app-servers
   become: yes

diff --git a/src/roles/init-controller-config/tasks/main.yml b/src/roles/init-controller-config/tasks/main.yml
@@ -57,9 +57,9 @@
   file:
     path: "{{ m_local_public }}"
     state: directory
-    owner: root
-    group: root
-    mode: 0755
+    owner: "{{ m_config_public_owner }}"
+    group: "{{ m_config_public_group }}"
+    mode: "{{ m_config_public_mode }}"
     recurse: true
   delegate_to: localhost
   run_once: true
@@ -71,20 +71,20 @@
   file:
     path: "{{ m_local_public }}/wikis"
     state: directory
-    owner: root
-    group: root
-    mode: 0755
+    owner: "{{ m_config_public_owner }}"
+    group: "{{ m_config_public_group }}"
+    mode: "{{ m_config_public_mode }}"
   delegate_to: localhost
   run_once: true
 
 
 - name: Ensure pre/post settings directories exists in config
   file:
-    path: "/opt/conf-meza/public/{{ item }}"
+    path: "{{ m_local_public }}/{{ item }}"
     state: directory
-    owner: root
-    group: root
-    mode: 0755
+    owner: "{{ m_config_public_owner }}"
+    group: "{{ m_config_public_group }}"
+    mode: "{{ m_config_public_mode }}"
   delegate_to: localhost
   run_once: true
   with_items:
@@ -96,9 +96,9 @@
   template:
     src: "templates/{{ item }}.j2"
     dest: "{{ m_local_public }}/{{ item }}"
-    owner: root
-    group: root
-    mode: 0755
+    owner: "{{ m_config_public_owner }}"
+    group: "{{ m_config_public_group }}"
+    mode: "{{ m_config_public_mode }}"
     force: no
   delegate_to: localhost
   run_once: true

diff --git a/src/scripts/getmeza.sh b/src/scripts/getmeza.sh
@@ -80,6 +80,7 @@ if $ret; then
 	fi
 fi
 
+chown meza-ansible:wheel /opt/conf-meza
 
 echo
 echo "Add ansible master user"
-Original file line number
+Diff line change
@@ Expand Up / @@ -80,6 +80,7 @@ if $ret; then @@
     	fi
     fi
+    chown meza-ansible:wheel /opt/conf-meza
     echo
     echo "Add ansible master user"
@@ Expand Down @@