fastd: run as user fastd

2018-07-26 17:59:49 +02:00 · 2018-07-26 17:59:49 +02:00 · 05a9eccc14
parent 1425383a90
commit 05a9eccc14
5 changed files with 20 additions and 8 deletions
--- a/roles/fastd-exporter/files/fastd-exporter.service
+++ b/roles/fastd-exporter/files/fastd-exporter.service
@ -3,7 +3,7 @@ Description=fastd Exporter

 [Service]
 Type=simple
-User=fastd-exporter
+User=fastd
 Environment=PATH=/usr/bin:/usr/local/bin
 EnvironmentFile=/etc/default/fastd-exporter
 ExecStart=/opt/go/bin/fastd-exporter $OPTIONS
--- a/roles/fastd-exporter/tasks/main.yml
+++ b/roles/fastd-exporter/tasks/main.yml
@ -1,8 +1,5 @@
 ---

- name: Create user
-  user: name=fastd-exporter
-
 - name: Install fastd-exporter
  shell: /usr/local/go/bin/go get -v -u {{ fastd_exporter_source }}
  args:
--- a/roles/fastd-exporter/templates/fastd-exporter.j2
+++ b/roles/fastd-exporter/templates/fastd-exporter.j2
@ -1 +1 @@
-OPTIONS="-metrics.perpeer -instances {{ site_code }}{{ range(fastd_instances)|join(',' + site_code) }}"
+OPTIONS="-instances {{ site_code }}{{ range(fastd_instances)|join(',' + site_code) }}"
--- a/roles/fastd/tasks/main.yml
+++ b/roles/fastd/tasks/main.yml
@ -1,5 +1,11 @@
 ---

+- name: Create group
+  group: name=fastd
+
+- name: Create user
+  user: name=fastd group=fastd
+
 - name: Install fastd
  apt: name=fastd state=latest

@ -15,13 +21,16 @@
 - name: Disable fastd default instance
  service: name=fastd enabled=no

- name: Create directories
+- name: Create config directory
  file: path=/etc/fastd/{{ site_code }} state=directory

- name: Create directories
+- name: Create config directories
  file: path=/etc/fastd/{{ site_code }}{{ item }}/peers state=directory
  with_sequence: start=0 count={{ fastd_instances }}

+- name: Create socket directory
+  file: path=/run/fastd owner=fastd group=fastd state=directory
+
 - name: Configure fastd
  template: src=fastd.conf.j2 dest=/etc/fastd/{{ site_code }}{{ item }}/fastd.conf
  with_sequence: start=0 count={{ fastd_instances }}
@ -31,6 +40,9 @@
  fastd_key: path=/etc/fastd/{{ site_code }}/secret.conf
  notify: Restart fastd

+- name: Permissions (secret)
+  file: owner=fastd group=fastd path=/etc/fastd/{{ site_code }}/secret.conf
+
 - name: Create symlinks (secret)
  file: src=/etc/fastd/{{ site_code }}/secret.conf dest=/etc/fastd/{{ site_code }}{{ item }}/secret.conf state=link
  with_sequence: start=0 count={{ fastd_instances }}
--- a/roles/fastd/templates/fastd.conf.j2
+++ b/roles/fastd/templates/fastd.conf.j2
@ -1,8 +1,11 @@
 # {{ ansible_managed }}

+user "fastd";
+group "fastd";
+
 log to syslog level warn;
 hide ip addresses yes;
-status socket "/run/fastd-{{ site_code }}{{ item }}.sock";
+status socket "/run/fastd/{{ site_code }}{{ item }}.sock";

 interface "vpn-{{ site_code }}{{ item }}";