Mirrors/servo
1
0
Fork 0
mirror of https://github.com/servo/servo.git synced 2025-07-23 15:23:42 +01:00
Code Issues Projects Releases Packages Wiki Activity

generic-worker on macOS: read-only config

Browse source
This commit is contained in:
Simon Sapin 2018-11-12 23:20:33 +01:00
parent ff1e2c2394
commit fe0e1ae7d3
2 changed files with 24 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

1
etc/taskcluster/macos/config/roster
View file

@ -5,3 +5,4 @@ mac1:
minion_opts: minion_opts:
providers: providers:
user: mac_user user: mac_user
group: mac_group

49
etc/taskcluster/macos/states/generic-worker.sls
View file

@ -1,4 +1,5 @@
{% set bin = "/usr/local/bin" %} {% set bin = "/usr/local/bin" %}
{% set etc = "/etc/generic-worker" %}
{% set user = "worker" %} {% set user = "worker" %}
{% set home = "/Users/" + user %} {% set home = "/Users/" + user %}
@ -17,19 +18,25 @@
- mode: 755 - mode: 755
- makedirs: True - makedirs: True
{{ user }} group:
group.present:
- name: {{ user }}
{{ user }}: {{ user }}:
user.present: user.present:
- home: {{ home }} - home: {{ home }}
- gid_from_name: True
# `user.present`s `createhome` is apparently not supported on macOS # `user.present`s `createhome` is apparently not supported on macOS
{{ home }}: {{ home }}:
file.directory: file.directory:
- user: {{ user }} - user: {{ user }}
{{ home }}/config.json: {{ etc }}/config.json:
file.serialize: file.serialize:
- user: {{ user }} - makedirs: True
- mode: 600 - group: {{ user }}
- mode: 640
- show_changes: False - show_changes: False
- formatter: json - formatter: json
- dataset: - dataset:
@ -43,41 +50,28 @@
clientId: {{ pillar["client_id"] }} clientId: {{ pillar["client_id"] }}
accessToken: {{ pillar["access_token"] }} accessToken: {{ pillar["access_token"] }}
livelogExecutable: {{ bin }}/livelog livelogExecutable: {{ bin }}/livelog
livelogCertificate: {{ home }}/livelog.crt livelogCertificate: {{ etc }}/livelog.crt
livelogKey: {{ home }}/livelog.key livelogKey: {{ etc }}/livelog.key
livelogSecret: {{ pillar["livelog_secret"] }} livelogSecret: {{ pillar["livelog_secret"] }}
- watch_in: - watch_in:
- service: net.generic.worker - service: net.generic.worker
{{ home }}/livelog.crt: {{ etc }}/livelog.crt:
file.managed: file.managed:
- contents_pillar: livelog_cert - contents_pillar: livelog_cert
- user: {{ user }} - group: {{ user }}
- mode: 600 - mode: 640
{{ home }}/livelog.key: {{ etc }}/livelog.key:
file.managed: file.managed:
- contents_pillar: livelog_key - contents_pillar: livelog_key
- user: {{ user }} - group: {{ user }}
- mode: 600 - mode: 640
{{ bin }}/generic-worker new-openpgp-keypair --file {{ home }}/key: {{ bin }}/generic-worker new-openpgp-keypair --file {{ home }}/key:
cmd.run: cmd.run:
- creates: {{ home }}/key - creates: {{ home }}/key
- runas: worker - runas: {{ user }}
{{ home }}/run:
file.managed:
- mode: 744
- user: {{ user }}
- template: jinja
- contents: |-
#!/bin/sh
# generic-worker overwrites its config file to fill in defaults,
# but we want to avoid touching config.json here
# so that SaltStack knows to (only) restart the service when it (really) changes.
cp -a config.json config-run.json
exec {{ bin }}/generic-worker run --config config-run.json
/Library/LaunchAgents/net.generic.worker.plist: /Library/LaunchAgents/net.generic.worker.plist:
file.managed: file.managed:
@ -93,7 +87,10 @@
<key>ProgramArguments</key> <key>ProgramArguments</key>
<array> <array>
<string>{{ home }}/run</string> <string>{{ bin }}/generic-worker</string>
<string>run</string>
<string>--config</string>
<string>{{ etc }}/config.json</string>
</array> </array>
<key>KeepAlive</key> <key>KeepAlive</key>