gCubeSystem
/
ansible-playbook-gcore-enabling-services
15
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update permissions and group ownership for Docker secrets

This commit is contained in:
Antonio Calanducci 2023-11-02 16:59:40 +01:00
parent 279bfb4509
commit 4a149629d4
2 changed files with 20 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
roles/is-collector/templates/docker-compose.yml.j2
View File

@ -39,20 +39,25 @@ services:
secrets: secrets:
- source: {{ service_prefix }}-ghn-config-{{ scope_name }} - source: {{ service_prefix }}-ghn-config-{{ scope_name }}
target: /home/gcube/gCore/config/GHNConfig.xml target: /home/gcube/gCore/config/GHNConfig.xml
mode: 0444 gid: 333
mode: 0440
- source: {{ service_prefix }}-jndi-config-{{ scope_name }} - source: {{ service_prefix }}-jndi-config-{{ scope_name }}
target: /home/gcube/gCore/etc/is-collector-service/jndi-config.xml target: /home/gcube/gCore/etc/is-collector-service/jndi-config.xml
mode: 0444 gid: 333
mode: 0440
- source: {{ service_prefix }}-server-config-{{ scope_name }} - source: {{ service_prefix }}-server-config-{{ scope_name }}
target: /home/gcube/gCore/etc/globus_wsrf_core/server-config.wsdd target: /home/gcube/gCore/etc/globus_wsrf_core/server-config.wsdd
mode: 0444 gid: 333
mode: 0440
- source: gcube-dev-legacy-security-key - source: gcube-dev-legacy-security-key
target: /home/gcube/gCore/config/symm.key target: /home/gcube/gCore/config/symm.key
mode: 0444 gid: 333
mode: 0440
{% for item in gcube_dev_security_keys %} {% for item in gcube_dev_security_keys %}
- source: {{ item.name }} - source: {{ item.name }}
target: /home/gcube/gCore/config/{{ item.name }} target: /home/gcube/gCore/config/{{ item.name }}
mode: 044 gid: 333
mode: 0440
{% endfor %} {% endfor %}
deploy: deploy:
mode: replicated mode: replicated

15
roles/is-registry/templates/docker-compose.yml.j2
View File

@ -28,20 +28,25 @@ services:
secrets: secrets:
- source: ghn-config-{{ scope_name }} - source: ghn-config-{{ scope_name }}
target: /home/gcube/gCore/config/GHNConfig.xml target: /home/gcube/gCore/config/GHNConfig.xml
mode: 0444 gid: 333
mode: 0440
- source: jndi-config-{{ scope_name }} - source: jndi-config-{{ scope_name }}
target: /home/gcube/gCore/etc/is-registry-service/jndi-config.xml target: /home/gcube/gCore/etc/is-registry-service/jndi-config.xml
mode: 0444 gid: 333
mode: 0440
- source: server-config-{{ scope_name }} - source: server-config-{{ scope_name }}
target: /home/gcube/gCore/etc/globus_wsrf_core/server-config.wsdd target: /home/gcube/gCore/etc/globus_wsrf_core/server-config.wsdd
mode: 0444 gid: 333
mode: 0440
- source: gcube-dev-legacy-security-key - source: gcube-dev-legacy-security-key
target: /home/gcube/gCore/config/symm.key target: /home/gcube/gCore/config/symm.key
mode: 0444 gid: 333
mode: 0440
{% for item in gcube_dev_security_keys %} {% for item in gcube_dev_security_keys %}
- source: {{ item.name }} - source: {{ item.name }}
target: /home/gcube/gCore/config/{{ item.name }} target: /home/gcube/gCore/config/{{ item.name }}
mode: 044 gid: 333
mode: 0440
{% endfor %} {% endfor %}
deploy: deploy:
mode: replicated mode: replicated