Set proper ownership for the Heka configuration
This change enforces the ownership on the configuration files: 'heka'
user and group for non-container installations and 'root' otherwise.
Change-Id: I92b58421dae0393335d460f41508e3e1c0e8f490
diff --git a/heka/_service.sls b/heka/_service.sls
index c421697..1a86b22 100644
--- a/heka/_service.sls
+++ b/heka/_service.sls
@@ -3,19 +3,17 @@
heka_{{ service_name }}_conf_dir:
file.directory:
- name: {{ server.prefix_dir }}/etc/{{ service_name }}
- - user: heka
+ - user: {{ server.owner }}
- mode: 750
- makedirs: true
-{%- if not server.container_mode %}
heka_{{ service_name }}_cache_dir:
file.directory:
- name: /var/cache/{{ service_name }}
- - user: heka
- - group: heka
+ - user: {{ server.owner }}
+ - group: {{ server.owner }}
- mode: 750
- makedirs: true
-{% endif %}
heka_{{ service_name }}_conf_dir_clean:
file.directory:
@@ -54,7 +52,7 @@
heka_{{ service_name }}_log_file:
file.managed:
- name: /var/log/{{ service_name }}.log
- - user: heka
+ - user: {{ server.owner }}
- mode: 644
- replace: false
@@ -216,7 +214,7 @@
- source: salt://heka/files/toml/global.toml
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- defaults:
service_name: {{ service_name }}
poolsize: {{ server.poolsize }}
@@ -235,7 +233,7 @@
- source: salt://heka/files/toml/decoder/{{ decoder.engine }}.toml
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: heka_{{ service_name }}_conf_dir
- require_in:
@@ -253,7 +251,7 @@
- source: salt://heka/files/toml/input/{{ input.engine }}.toml
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: heka_{{ service_name }}_conf_dir
- require_in:
@@ -273,7 +271,7 @@
- source: salt://heka/files/toml/filter/afd_alarm.toml
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: heka_{{ service_name }}_conf_dir
- require_in:
@@ -291,7 +289,7 @@
- source: salt://heka/files/lma_alarm.lua
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: {{ server.prefix_dir }}/usr/share/lma_collector
- defaults:
@@ -310,7 +308,7 @@
- source: salt://heka/files/gse_policies.lua
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: {{ server.prefix_dir }}/usr/share/lma_collector
- defaults:
@@ -325,7 +323,7 @@
- source: salt://heka/files/toml/filter/gse_alarm_cluster.toml
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: heka_{{ service_name }}_conf_dir
- require_in:
@@ -339,7 +337,7 @@
- source: salt://heka/files/gse_topology.lua
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: {{ server.prefix_dir }}/usr/share/lma_collector
- defaults:
@@ -356,7 +354,7 @@
- source: salt://heka/files/toml/filter/{{ filter.engine }}.toml
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: heka_{{ service_name }}_conf_dir
- require_in:
@@ -374,7 +372,7 @@
- source: salt://heka/files/toml/splitter/{{ splitter.engine }}.toml
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: heka_{{ service_name }}_conf_dir
- require_in:
@@ -392,7 +390,7 @@
- source: salt://heka/files/toml/encoder/{{ encoder.engine }}.toml
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: heka_{{ service_name }}_conf_dir
- require_in:
@@ -410,7 +408,7 @@
- source: salt://heka/files/toml/output/{{ output.engine }}.toml
- template: jinja
- mode: 640
- - group: heka
+ - group: {{ server.owner }}
- require:
- file: heka_{{ service_name }}_conf_dir
- require_in:
diff --git a/heka/map.jinja b/heka/map.jinja
index 07e39a2..e362fce 100644
--- a/heka/map.jinja
+++ b/heka/map.jinja
@@ -50,6 +50,7 @@
{% set log_collector = salt['grains.filter_by']({
'default': {
'container_mode': False,
+ 'owner': 'heka',
'alarms_enabled': True,
'emit_rates': True,
'prefix_dir': default_prefix_dir,
@@ -69,6 +70,7 @@
{% set metric_collector = salt['grains.filter_by']({
'default': {
'container_mode': False,
+ 'owner': 'heka',
'alarms_enabled': True,
'prefix_dir': default_prefix_dir,
'influxdb_port': default_influxdb_port,
@@ -90,6 +92,7 @@
{% set remote_collector = salt['grains.filter_by']({
'default': {
'container_mode': False,
+ 'owner': 'heka',
'alarms_enabled': True,
'emit_rates': True,
'prefix_dir': default_prefix_dir,
@@ -114,6 +117,7 @@
{% set aggregator = salt['grains.filter_by']({
'default': {
'container_mode': False,
+ 'owner': 'heka',
'alarms_enabled': True,
'prefix_dir': default_prefix_dir,
'influxdb_port': default_influxdb_port,
@@ -135,6 +139,7 @@
{% set ceilometer_collector = salt['grains.filter_by']({
'default': {
'container_mode': False,
+ 'owner': 'heka',
'alarms_enabled': True,
'prefix_dir': default_prefix_dir,
'influxdb_port': default_influxdb_port,
diff --git a/metadata/service/remote_collector/container.yml b/metadata/service/remote_collector/container.yml
index eefddda..52ac6b4 100644
--- a/metadata/service/remote_collector/container.yml
+++ b/metadata/service/remote_collector/container.yml
@@ -7,3 +7,4 @@
remote_collector:
enabled: true
container_mode: true
+ owner: root