Closed lucywyman closed 6 years ago
I'm making sure this actually adds a user, but I think this is gtg
Woo! Confirmed that, along with my branch of bolt, this adds the pe-bolt-server user with their correct homedir, and runs the service as that user. I've got an openstack instance at 10.32.161.253 and can add a public key if anyone wants to ssh in.
root@puppet-agent:~# sudo service pe-bolt-server status
● pe-bolt-server.service - PE Bolt Server
Loaded: loaded (/lib/systemd/system/pe-bolt-server.service; disabled; vendor preset: enabled)
Active: active (running) since Mon 2018-08-13 17:32:21 UTC; 2s ago
Main PID: 7492 (bolt-server)
Tasks: 6
Memory: 30.8M
CPU: 784ms
CGroup: /system.slice/pe-bolt-server.service
└─7492 puma 3.12.0 (ssl://0.0.0.0:8144?cert=/opt/puppetlabs/server/apps/bolt-server/var/pe-bolt-server/ca.pem&key=/opt/puppetlabs/server/apps/bolt-
Aug 13 17:32:21 puppet-agent systemd[1]: Started PE Bolt Server.
Aug 13 17:32:22 puppet-agent bolt-server[7492]: Puma starting in single mode...
Aug 13 17:32:22 puppet-agent bolt-server[7492]: * Version 3.12.0 (ruby 2.4.4-p296), codename: Llamas in Pajamas
Aug 13 17:32:22 puppet-agent bolt-server[7492]: * Min threads: 0, max threads: 16
Aug 13 17:32:22 puppet-agent bolt-server[7492]: * Environment: development
Aug 13 17:32:22 puppet-agent bolt-server[7492]: * Listening on ssl://0.0.0.0:8144?cert=/opt/puppetlabs/server/apps/bolt-server/var/pe-bolt-server/ca.pem&key=/
Aug 13 17:32:22 puppet-agent bolt-server[7492]: Use Ctrl-C to stop
root@puppet-agent:~# ps aux | grep bolt
pe-bolt+ 7492 9.7 1.8 390336 38812 ? Ssl 17:32 0:00 puma 3.12.0 (ssl://0.0.0.0:8144?cert=/opt/puppetlabs/server/apps/bolt-server/var/pe-bolt-server/ca.pem&key=/opt/puppetlabs/server/apps/bolt-server/var/pe-bolt-server/key.pem&ca=/opt/puppetlabs/server/apps/bolt-server/var/pe-bolt-server/ca.pem&verify_mode=force_peer) [/]
root 7507 0.0 0.0 12944 924 pts/0 S+ 17:32 0:00 grep --color=auto bolt
This adds a pe-bolt-server user and group so that they can own the ssl certs for bolt-server