diff options
Diffstat (limited to 'modules')
| -rw-r--r-- | modules/mga-advisories/manifests/init.pp | 27 | ||||
| -rw-r--r-- | modules/mga-advisories/templates/adv-move-pkg | 8 | ||||
| -rw-r--r-- | modules/mga-advisories/templates/mga-advisories.conf | 1 | ||||
| -rw-r--r-- | modules/mga-advisories/templates/sudoers.adv-move-pkg | 1 | ||||
| -rw-r--r-- | modules/mga-advisories/templates/update_script | 2 |
5 files changed, 32 insertions, 7 deletions
diff --git a/modules/mga-advisories/manifests/init.pp b/modules/mga-advisories/manifests/init.pp index 714e947b..59b3fd4e 100644 --- a/modules/mga-advisories/manifests/init.pp +++ b/modules/mga-advisories/manifests/init.pp @@ -8,6 +8,8 @@ class mga-advisories( $advisories_dir = "${mgaadv_homedir}/advisories" $status_dir = "${mgaadv_homedir}/status" $update_script = '/usr/local/bin/update_mga-advisories' + $move_script = '/root/tmp/mgatools-new/mga-move-pkg' + $move_wrapper_script = '/usr/local/bin/mga-adv-move-pkg' group { $mgaadv_login: ensure => present, @@ -73,12 +75,25 @@ class mga-advisories( content => template('mga-advisories/update_script'), } - cron { $update_script: - command => $update_script, - user => $mgaadv_login, - hour => '*', - minute => '10', - require => Subversion::Snapshot[$advisories_dir], + file { $move_wrapper_script: + ensure => present, + owner => root, + group => root, + mode => '0755', + content => template('mga-advisories/adv-move-pkg'), + } + + sudo::sudoers_config { 'mga-adv-move-pkg': + content => template('mga-advisories/sudoers.adv-move-pkg') } + + # Disable for now... we may re-instate once it's been a little more tested. + #cron { $update_script: + # command => $update_script, + # user => $mgaadv_login, + # hour => '*', + # minute => '10', + # require => Subversion::Snapshot[$advisories_dir], + #} } # vim: sw=2 diff --git a/modules/mga-advisories/templates/adv-move-pkg b/modules/mga-advisories/templates/adv-move-pkg new file mode 100644 index 00000000..39d246ec --- /dev/null +++ b/modules/mga-advisories/templates/adv-move-pkg @@ -0,0 +1,8 @@ +#!/bin/sh + +if [ "$USER" != "<%= @mgaadv_login %>" ]; then + echo "This script must be run as the <%= @mgaadv_login %> user." >&2 + exit 1 +fi + +exec sudo <%= @move_script %> "$@" diff --git a/modules/mga-advisories/templates/mga-advisories.conf b/modules/mga-advisories/templates/mga-advisories.conf index 1503b310..caf09a6c 100644 --- a/modules/mga-advisories/templates/mga-advisories.conf +++ b/modules/mga-advisories/templates/mga-advisories.conf @@ -1,5 +1,6 @@ mode: site send_adv_mail: yes +move_pkg_cmd: <%= @move_wrapper_script %> send_report_mail: yes out_dir: <%= @vhostdir %> advisories_dir: <%= @advisories_dir %> diff --git a/modules/mga-advisories/templates/sudoers.adv-move-pkg b/modules/mga-advisories/templates/sudoers.adv-move-pkg new file mode 100644 index 00000000..5d9618a9 --- /dev/null +++ b/modules/mga-advisories/templates/sudoers.adv-move-pkg @@ -0,0 +1 @@ +<%= @mgaadv_login %> ALL=(root) NOPASSWD:<%= @move_script %> * diff --git a/modules/mga-advisories/templates/update_script b/modules/mga-advisories/templates/update_script index cdd20ea2..71d8d1d4 100644 --- a/modules/mga-advisories/templates/update_script +++ b/modules/mga-advisories/templates/update_script @@ -13,4 +13,4 @@ fi cd <%= @advisories_dir %> svn up -exec /usr/bin/mgaadv mksite +exec /usr/bin/mgaadv process |