diff options
author | elijah <elijah@riseup.net> | 2015-09-03 23:24:43 -0700 |
---|---|---|
committer | Micah Anderson <micah@leap.se> | 2015-09-15 10:56:41 -0400 |
commit | 2b1911f17b0ed5ee5ad2384e176b84b84243802f (patch) | |
tree | 71ae0d63e8cb08c4e64285017f08aa4f863bf021 /puppet | |
parent | 2d20633ceaa670c58ca575eb2a751605bf5b4156 (diff) |
make couchdb.admin.yml only readable by root, make non-admin cron run as webapp user.
Diffstat (limited to 'puppet')
-rw-r--r-- | puppet/modules/site_webapp/manifests/couchdb.pp | 16 | ||||
-rw-r--r-- | puppet/modules/site_webapp/manifests/cron.pp | 4 |
2 files changed, 12 insertions, 8 deletions
diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp index 1dbc745d..5cf7f953 100644 --- a/puppet/modules/site_webapp/manifests/couchdb.pp +++ b/puppet/modules/site_webapp/manifests/couchdb.pp @@ -14,29 +14,29 @@ class site_webapp::couchdb { file { '/srv/leap/webapp/config/couchdb.yml': content => template('site_webapp/couchdb.yml.erb'), - owner => leap-webapp, - group => leap-webapp, + owner => 'leap-webapp', + group => 'leap-webapp', mode => '0600', require => Vcsrepo['/srv/leap/webapp']; '/srv/leap/webapp/config/couchdb.admin.yml': content => template('site_webapp/couchdb.admin.yml.erb'), - owner => leap-webapp, - group => leap-webapp, + owner => 'root', + group => 'root', mode => '0600', require => Vcsrepo['/srv/leap/webapp']; '/srv/leap/webapp/log': ensure => directory, - owner => leap-webapp, - group => leap-webapp, + owner => 'leap-webapp', + group => 'leap-webapp', mode => '0755', require => Vcsrepo['/srv/leap/webapp']; '/srv/leap/webapp/log/production.log': ensure => present, - owner => leap-webapp, - group => leap-webapp, + owner => 'leap-webapp', + group => 'leap-webapp', mode => '0666', require => Vcsrepo['/srv/leap/webapp']; } diff --git a/puppet/modules/site_webapp/manifests/cron.pp b/puppet/modules/site_webapp/manifests/cron.pp index d26ee312..7147a0d2 100644 --- a/puppet/modules/site_webapp/manifests/cron.pp +++ b/puppet/modules/site_webapp/manifests/cron.pp @@ -5,12 +5,14 @@ class site_webapp::cron { 'rotate_databases': command => 'cd /srv/leap/webapp && bundle exec rake db:rotate', environment => 'RAILS_ENV=production', + user => 'root', hour => [0,6,12,18], minute => 0; 'delete_tmp_databases': command => 'cd /srv/leap/webapp && bundle exec rake db:deletetmp', environment => 'RAILS_ENV=production', + user => 'root', hour => 1, minute => 1; @@ -19,6 +21,7 @@ class site_webapp::cron { 'remove_expired_sessions': command => 'cd /srv/leap/webapp && bundle exec rake cleanup:sessions', environment => 'RAILS_ENV=production', + user => 'leap-webapp', hour => 2, minute => 30, ensure => absent; @@ -26,6 +29,7 @@ class site_webapp::cron { 'remove_expired_tokens': command => 'cd /srv/leap/webapp && bundle exec rake cleanup:tokens', environment => 'RAILS_ENV=production', + user => 'leap-webapp', hour => 3, minute => 0; } |