run etcd under etcd user
I switched to root in past but it was just a workaround ... lets move to
right path.
Change-Id: Ie4c8d808a8c7cd11548f1ea2ad69f49bb173f9d3
diff --git a/etcd/files/systemd/etcd.service b/etcd/files/systemd/etcd.service
index 9456f93..6414481 100644
--- a/etcd/files/systemd/etcd.service
+++ b/etcd/files/systemd/etcd.service
@@ -10,6 +10,7 @@
Environment=ETCD_DATA_DIR=/var/lib/etcd/default
EnvironmentFile=-/etc/default/%p
Type=notify
+User=etcd
PermissionsStartOnly=true
#ExecStart=/bin/sh -c "GOMAXPROCS=$(nproc) /usr/bin/etcd $DAEMON_ARGS"
ExecStart=/usr/local/bin/etcd $DAEMON_ARGS
diff --git a/etcd/server/service.sls b/etcd/server/service.sls
index 3a10146..72c39ea 100644
--- a/etcd/server/service.sls
+++ b/etcd/server/service.sls
@@ -25,6 +25,13 @@
{%- endif %}
{%- endfor %}
+user_etcd:
+ user.present:
+ - name: etcd
+ - shell: /bin/false
+ - home: /var/lib/etcd
+ - gid_from_name: True
+
/tmp/etcd:
file.directory:
- user: root
@@ -74,7 +81,7 @@
/var/log/etcd.log:
file.managed:
- - user: root
+ - user: etcd
- group: root
- mode: 644
@@ -106,11 +113,14 @@
/var/lib/etcd/:
file.directory:
- user: etcd
+ - recurse:
+ - user
/var/lib/etcd/configenv:
file.managed:
- source: salt://etcd/files/configenv
- template: jinja
+ - user: etcd
- require:
- file: /var/lib/etcd/