search

puppetlabs / bolt-vanagon

Apache License 2.0
2 stars 31 forks source link

(PE-24721) Add pe-bolt-server user and group #40

Closed lucywyman closed 6 years ago

lucywyman commented 6 years ago

This adds a pe-bolt-server user and group so that they can own the ssl certs for bolt-server

lucywyman commented 6 years ago

I'm making sure this actually adds a user, but I think this is gtg

lucywyman commented 6 years ago

Woo! Confirmed that, along with my branch of bolt, this adds the pe-bolt-server user with their correct homedir, and runs the service as that user. I've got an openstack instance at 10.32.161.253 and can add a public key if anyone wants to ssh in.

root@puppet-agent:~# sudo service pe-bolt-server status
● pe-bolt-server.service - PE Bolt Server
   Loaded: loaded (/lib/systemd/system/pe-bolt-server.service; disabled; vendor preset: enabled)
   Active: active (running) since Mon 2018-08-13 17:32:21 UTC; 2s ago
 Main PID: 7492 (bolt-server)
    Tasks: 6
   Memory: 30.8M
      CPU: 784ms
   CGroup: /system.slice/pe-bolt-server.service
           └─7492 puma 3.12.0 (ssl://0.0.0.0:8144?cert=/opt/puppetlabs/server/apps/bolt-server/var/pe-bolt-server/ca.pem&key=/opt/puppetlabs/server/apps/bolt-

Aug 13 17:32:21 puppet-agent systemd[1]: Started PE Bolt Server.
Aug 13 17:32:22 puppet-agent bolt-server[7492]: Puma starting in single mode...
Aug 13 17:32:22 puppet-agent bolt-server[7492]: * Version 3.12.0 (ruby 2.4.4-p296), codename: Llamas in Pajamas
Aug 13 17:32:22 puppet-agent bolt-server[7492]: * Min threads: 0, max threads: 16
Aug 13 17:32:22 puppet-agent bolt-server[7492]: * Environment: development
Aug 13 17:32:22 puppet-agent bolt-server[7492]: * Listening on ssl://0.0.0.0:8144?cert=/opt/puppetlabs/server/apps/bolt-server/var/pe-bolt-server/ca.pem&key=/
Aug 13 17:32:22 puppet-agent bolt-server[7492]: Use Ctrl-C to stop

root@puppet-agent:~# ps aux | grep bolt
pe-bolt+  7492  9.7  1.8 390336 38812 ?        Ssl  17:32   0:00 puma 3.12.0 (ssl://0.0.0.0:8144?cert=/opt/puppetlabs/server/apps/bolt-server/var/pe-bolt-server/ca.pem&key=/opt/puppetlabs/server/apps/bolt-server/var/pe-bolt-server/key.pem&ca=/opt/puppetlabs/server/apps/bolt-server/var/pe-bolt-server/ca.pem&verify_mode=force_peer) [/]
root      7507  0.0  0.0  12944   924 pts/0    S+   17:32   0:00 grep --color=auto bolt