Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Refacto user group #69

Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

Refacto user group #69

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
2c6e621
feat: Refacto group and user
AlcaYezzz Jun 20, 2024
628425a
feat: enable an optional additional group for users
AlcaYezzz Jun 21, 2024
0b76801
feat: update last group to steamengine_project_user
AlcaYezzz Jun 21, 2024
cff6be1
fix: symfony app env for cache clear
AlcaYezzz Jul 8, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
4 changes: 2 additions & 2 deletions tasks/common/post_deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
state: directory
path: "{{ steamengine_persistent_base_path }}/{{ item.path }}"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rwx,o=
when: new_build_to_deploy is defined and new_build_to_deploy
loop: "{{ steamengine_persistent_directories }}"
Expand All @@ -25,7 +25,7 @@
src: "{{ steamengine_persistent_base_path }}/{{ item.path }}"
dest: "/{{ steamengine_project_name }}/{{ item.symlink_src }}"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rwx,o=
when:
- item.symlink_src is defined and item.symlink_src
Expand Down
4 changes: 2 additions & 2 deletions tasks/common/runtime.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,9 +4,9 @@
ansible.builtin.template:
src: "steamengine_wrapper.sh.j2"
dest: "{{ steamengine_bin_path }}/steamengine"
owner: "root"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_project_user }}"
mode: 0750
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Juste read et execute pour l'owner ?
Le groupe n'en a pas besoin ? (question pour savoir)

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah ok je pense avoir compris why

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yep le donner au group c'est permettre aux utilisateurs applicatif de l'utiliser

Du coup je retire l'owner du root qui dans tout les cas à les droits et je donne les droits à l'utilisateur projet seulement et non applicatif dessus en read/execute

Avant il n'y avait que l'utilisateur projet dans ce groupe donc ça ne posait pas de problème

mode: 0500

- name: Create sudo configuration
ansible.builtin.copy:
Expand Down
10 changes: 5 additions & 5 deletions tasks/common/structure.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
path: "{{ item }}"
state: directory
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: 0751
with_items:
- "{{ steamengine_home_path }}"
Expand All @@ -15,7 +15,7 @@
path: "{{ item }}"
state: directory
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: 0750
with_items:
- "{{ steamengine_project_root_path }}"
Expand All @@ -25,9 +25,9 @@
ansible.builtin.file:
path: "{{ item }}"
state: directory
owner: "root"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_project_user }}"
mode: 0750
mode: 0500
with_items:
- "{{ steamengine_bin_path }}"

Expand All @@ -36,7 +36,7 @@
path: "{{ item }}"
state: directory
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: 0770
with_items:
- "{{ steamengine_logs_path }}"
23 changes: 20 additions & 3 deletions tasks/common/user.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,8 +5,9 @@
name: "{{ item }}"
state: present
with_items:
- "{{ steamengine_project_user }}"
- "{{ steamengine_app_user }}"
- "{{ steamengine_project_user }}"
- "{{ steamengine_additionnal_user_group | default([]) }}"

- name: "Create project app user {{ steamengine_app_user }}"
ansible.builtin.user:
Expand All @@ -15,7 +16,16 @@
home: "{{ steamengine_home_path }}/.app"
createhome: true
group: "{{ steamengine_app_user }}"
groups: "{{ steamengine_project_user }}"
append: true


- name: "Add projet app user {{ steamengine_app_user }} to additionnal group"
ansible.builtin.user:
name: "{{ steamengine_app_user }}"
groups: "{{ steamengine_additionnal_user_group }}"
append: true
when: steamengine_additionnal_user_group is defined

- name: "Create project user {{ steamengine_project_user }}"
ansible.builtin.user:
Expand All @@ -24,11 +34,18 @@
home: "{{ steamengine_home_path }}"
createhome: true
group: "{{ steamengine_project_user }}"
groups:
- "{{ steamengine_app_user }}"
groups: "{{ steamengine_app_user }}"
shell: "/bin/bash"
append: true


- name: "Add projet user {{ steamengine_project_user }} to additionnal group"
ansible.builtin.user:
name: "{{ steamengine_project_user }}"
groups: "{{ steamengine_additionnal_user_group }}"
append: true
when: steamengine_additionnal_user_group is defined

- name: "Ensure authorized_keys are present for user {{ steamengine_project_user }}"
ansible.builtin.authorized_key:
user: "{{ steamengine_project_user }}"
Expand Down
16 changes: 8 additions & 8 deletions tasks/drupal/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
dest: "{{ steamengine_project_root_path }}/project.zip"
checksum: "{{ checksum_verified }}"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rx,o=
headers: "{{ steamengine_build_url_headers }}"
validate_certs: "{{ steamengine_build_url_validate_certs }}"
Expand All @@ -28,7 +28,7 @@
src: "files/maintenance.html"
dest: "{{ steamengine_project_root_path }}/maintenance.html"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rx,o=
tags:
- steamengine_deploy
Expand All @@ -49,7 +49,7 @@
dest: "{{ tempdir.path }}"
remote_src: true
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
when: new_build_to_deploy
tags:
- steamengine_deploy_drupal
Expand All @@ -61,7 +61,7 @@
force: false
remote_src: true
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rx,o=
register: drupal_settings
when: new_build_to_deploy
Expand All @@ -74,7 +74,7 @@
block: "{{ steamengine_drupal_project_setting }}"
mode: u=rwx,g=rx,o=
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
when: new_build_to_deploy
tags:
- steamengine_deploy_drupal
Expand Down Expand Up @@ -104,11 +104,11 @@
tags:
- steamengine_deploy_drupal

- name: "Add read permission for {{ steamengine_app_user }}"
- name: "Add read permission for {{ steamengine_project_user }}"
ansible.builtin.file:
path: "{{ steamengine_project_root_path_web }}"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
recurse: true
mode: u=rwx,g=rx,o=
when: new_build_to_deploy
Expand Down Expand Up @@ -206,7 +206,7 @@
path: "{{ steamengine_project_root_path }}/maintenance.html"
state: absent
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rx,o=
tags:
- steamengine_deploy
Expand Down
4 changes: 2 additions & 2 deletions tasks/drupal/deploy_database.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
url: "{{ steamengine_drupal_db_dump_url }}"
dest: "{{ steamengine_project_root_path }}/db_dump.zip"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rx,o=
headers: "{{ steamengine_drupal_db_dump_url_headers }}"
register: db_dump
Expand All @@ -17,7 +17,7 @@
src: "{{ steamengine_project_root_path }}/db_dump.zip"
dest: "{{ steamengine_project_root_path }}"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rx,o=
remote_src: true
list_files: true
Expand Down
4 changes: 2 additions & 2 deletions tasks/drupal/deploy_env_file.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
{{ steamengine_drupal_env }}
dest: "{{ steamengine_conf_path }}/.env"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rw,g=r,o=

- name: Create env symlink
Expand All @@ -21,4 +21,4 @@
src: "{{ steamengine_conf_path }}/.env"
dest: "{{ steamengine_project_root_path_web }}/.env"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
29 changes: 25 additions & 4 deletions tasks/drupal/runtime.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,22 +1,43 @@
---

- name: "Add nginx user in {{ steamengine_app_user }} group"
- name: "Add nginx user in {{ steamengine_project_user }} group"
ansible.builtin.user:
name: "www-data"
groups: "{{ steamengine_app_user }}"
groups: "{{ steamengine_project_user }}"
append: true
when: ansible_os_family != 'RedHat'
tags:
- steamengine_runtime_drupal

- name: "Add nginx user in {{ steamengine_app_user }} group"
- name: "Add nginx user in additionnal group"
ansible.builtin.user:
name: "www-data"
groups: "{{ steamengine_project_user }}"
append: true
when: ansible_os_family != 'RedHat' and steamengine_additionnal_user_group is defined
tags:
- steamengine_runtime_drupal

- name: "Add nginx user in {{ steamengine_project_user }} group"
ansible.builtin.user:
name: "{{ item }}"
groups: "{{ steamengine_app_user }}"
groups: "{{ steamengine_project_user }}"
append: true
when: ansible_os_family == 'RedHat'
loop:
- "nginx" # nginx user for statics
- "apache" # php-fpm process for php
tags:
- steamengine_runtime_drupal

- name: "Add nginx user in additionnal group"
ansible.builtin.user:
name: "{{ item }}"
groups: "{{ steamengine_project_user }}"
append: true
when: ansible_os_family == 'RedHat' and steamengine_additionnal_user_group is defined
loop:
- "nginx" # nginx user for statics
- "apache" # php-fpm process for php
tags:
- steamengine_runtime_drupal
4 changes: 2 additions & 2 deletions tasks/include/deploy_database.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
url: "{{ steamengine_project_dump_bdd_url }}"
dest: "{{ steamengine_home_path }}/db_dump.zip"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rx,o=
register: db_dump

Expand All @@ -14,7 +14,7 @@
src: "{{ steamengine_home_path }}/db_dump.zip"
dest: "{{ steamengine_project_name }}"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rx,o=
remote_src: true
list_files: true
Expand Down
8 changes: 4 additions & 4 deletions tasks/nodejs/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,7 +5,7 @@
src: "nodejs_pm2_ecosystem.json.j2"
dest: "{{ steamengine_conf_path }}/nodejs_pm2_ecosystem.json"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rw,g=r,o=
notify:
- "{{ steamengine_project_name }} restart"
Expand All @@ -18,7 +18,7 @@
dest: "{{ steamengine_project_root_path }}/project.zip"
checksum: "{{ checksum_verified }}"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rx,o=
headers: "{{ steamengine_build_url_headers }}"
validate_certs: "{{ steamengine_build_url_validate_certs }}"
Expand Down Expand Up @@ -53,7 +53,7 @@
ansible.builtin.file:
path: "{{ steamengine_project_root_path }}/pm2"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rwx,o=
state: directory
tags:
Expand All @@ -71,7 +71,7 @@
ansible.builtin.file:
path: "{{ steamengine_project_root_path_web }}"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rwx,g=rx,o=
state: directory
when: new_build_to_deploy
Expand Down
4 changes: 2 additions & 2 deletions tasks/nodejs/deploy_env_file.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,7 +12,7 @@
{{ steamengine_node_env }}
dest: "{{ steamengine_conf_path }}/.env"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
mode: u=rw,g=r,o=

- name: Create env symlink
Expand All @@ -21,4 +21,4 @@
src: "{{ steamengine_conf_path }}/.env"
dest: "{{ steamengine_project_root_path_web }}/.env"
owner: "{{ steamengine_project_user }}"
group: "{{ steamengine_app_user }}"
group: "{{ steamengine_project_user }}"
13 changes: 11 additions & 2 deletions tasks/nodejs/runtime.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,11 +36,20 @@
tags:
- steamengine_runtime_nodejs

- name: "Add nginx user in {{ steamengine_app_user }} group"
- name: "Add nginx user in {{ steamengine_project_user }} group"
ansible.builtin.user:
name: "{{ (ansible_os_family == 'RedHat') | ternary('nginx', 'www-data') }}"
groups: "{{ steamengine_app_user }}"
groups: "{{ steamengine_project_user }}"
append: true
when: steamengine_nodejs_add_nginx_app_group
tags:
- steamengine_runtime_nodejs

- name: "Add nginx user in additionnal group"
ansible.builtin.user:
name: "{{ (ansible_os_family == 'RedHat') | ternary('nginx', 'www-data') }}"
groups: "{{ steamengine_project_user }}"
append: true
when: steamengine_nodejs_add_nginx_app_group and steamengine_additionnal_user_group is defined
tags:
- steamengine_runtime_nodejs
Loading
Loading