From 05a9eccc1403c3fde5d464cc17c3c95bb7ac8644 Mon Sep 17 00:00:00 2001 From: Markus Hauschild Date: Thu, 26 Jul 2018 17:59:49 +0200 Subject: [PATCH] fastd: run as user fastd --- .../fastd-exporter/files/fastd-exporter.service | 2 +- roles/fastd-exporter/tasks/main.yml | 3 --- roles/fastd-exporter/templates/fastd-exporter.j2 | 2 +- roles/fastd/tasks/main.yml | 16 ++++++++++++++-- roles/fastd/templates/fastd.conf.j2 | 5 ++++- 5 files changed, 20 insertions(+), 8 deletions(-) diff --git a/roles/fastd-exporter/files/fastd-exporter.service b/roles/fastd-exporter/files/fastd-exporter.service index a652d6c..a7317c9 100644 --- a/roles/fastd-exporter/files/fastd-exporter.service +++ b/roles/fastd-exporter/files/fastd-exporter.service @@ -3,7 +3,7 @@ Description=fastd Exporter [Service] Type=simple -User=fastd-exporter +User=fastd Environment=PATH=/usr/bin:/usr/local/bin EnvironmentFile=/etc/default/fastd-exporter ExecStart=/opt/go/bin/fastd-exporter $OPTIONS diff --git a/roles/fastd-exporter/tasks/main.yml b/roles/fastd-exporter/tasks/main.yml index 52d87d5..20f9b14 100644 --- a/roles/fastd-exporter/tasks/main.yml +++ b/roles/fastd-exporter/tasks/main.yml @@ -1,8 +1,5 @@ --- -- name: Create user - user: name=fastd-exporter - - name: Install fastd-exporter shell: /usr/local/go/bin/go get -v -u {{ fastd_exporter_source }} args: diff --git a/roles/fastd-exporter/templates/fastd-exporter.j2 b/roles/fastd-exporter/templates/fastd-exporter.j2 index 445eeb9..71968e6 100644 --- a/roles/fastd-exporter/templates/fastd-exporter.j2 +++ b/roles/fastd-exporter/templates/fastd-exporter.j2 @@ -1 +1 @@ -OPTIONS="-metrics.perpeer -instances {{ site_code }}{{ range(fastd_instances)|join(',' + site_code) }}" +OPTIONS="-instances {{ site_code }}{{ range(fastd_instances)|join(',' + site_code) }}" diff --git a/roles/fastd/tasks/main.yml b/roles/fastd/tasks/main.yml index c8c705e..10f5561 100644 --- a/roles/fastd/tasks/main.yml +++ b/roles/fastd/tasks/main.yml @@ -1,5 +1,11 @@ --- +- name: Create group + group: name=fastd + +- name: Create user + user: name=fastd group=fastd + - name: Install fastd apt: name=fastd state=latest @@ -15,13 +21,16 @@ - name: Disable fastd default instance service: name=fastd enabled=no -- name: Create directories +- name: Create config directory file: path=/etc/fastd/{{ site_code }} state=directory -- name: Create directories +- name: Create config directories file: path=/etc/fastd/{{ site_code }}{{ item }}/peers state=directory with_sequence: start=0 count={{ fastd_instances }} +- name: Create socket directory + file: path=/run/fastd owner=fastd group=fastd state=directory + - name: Configure fastd template: src=fastd.conf.j2 dest=/etc/fastd/{{ site_code }}{{ item }}/fastd.conf with_sequence: start=0 count={{ fastd_instances }} @@ -31,6 +40,9 @@ fastd_key: path=/etc/fastd/{{ site_code }}/secret.conf notify: Restart fastd +- name: Permissions (secret) + file: owner=fastd group=fastd path=/etc/fastd/{{ site_code }}/secret.conf + - name: Create symlinks (secret) file: src=/etc/fastd/{{ site_code }}/secret.conf dest=/etc/fastd/{{ site_code }}{{ item }}/secret.conf state=link with_sequence: start=0 count={{ fastd_instances }} diff --git a/roles/fastd/templates/fastd.conf.j2 b/roles/fastd/templates/fastd.conf.j2 index 842c383..05be83f 100644 --- a/roles/fastd/templates/fastd.conf.j2 +++ b/roles/fastd/templates/fastd.conf.j2 @@ -1,8 +1,11 @@ # {{ ansible_managed }} +user "fastd"; +group "fastd"; + log to syslog level warn; hide ip addresses yes; -status socket "/run/fastd-{{ site_code }}{{ item }}.sock"; +status socket "/run/fastd/{{ site_code }}{{ item }}.sock"; interface "vpn-{{ site_code }}{{ item }}";