Commit 90210e75 authored by Victor Penso's avatar Victor Penso
Browse files

remove cvmfs user from the publishing procedure

parent 1eac88ca
......@@ -21,17 +21,17 @@ if [ "$#" -eq "2" ]; then
case "$1" in
publish)
# Prepare repository for update
su cvmfs -c "ssh -qt $repo_name 'sudo cvmfs_server transaction $repo_name'"
ssh -qt $repo_name 'cvmfs_server transaction $repo_name'
# sync local data to the corresponding CVMFS server
su cvmfs -c "rsync -vtza --exclude-from /cvmfs/$repo_name.exclude --delete --delete-excluded /cvmfs/$repo_name $repo_name:/cvmfs/"
rsync -vtza --exclude-from /cvmfs/$repo_name.exclude --delete --delete-excluded /cvmfs/$repo_name $repo_name:/cvmfs/
# Run publish on the CVMFS server as root, this needs to be
# allowed by sudo on the target machine!
su cvmfs -c "ssh -qt $repo_name 'sudo cvmfs_server publish'"
ssh -qt $repo_name 'sudo cvmfs_server publish'
# SSH terminal allocation is needed to allow the command
# a user switch (su)
;;
resign)
su cvmfs -c "ssh -qt $repo_name 'sudo cvmfs_server resign'"
ssh -qt $repo_name 'sudo cvmfs_server resign'
;;
*)
echo 'You can only publish or resign repositories!'
......
......@@ -15,9 +15,6 @@
# See the License for the specific language governing permissions and
# limitations under the License.
# The cvmfs user operates all remote actions on the CVMFS servers
user 'cvmfs'
# This variable contains the SSH configuration for the "cvmfs" user.
ssh_config = Hash.new
# list of all repository maintainers allowed to sync with the servers
......@@ -30,7 +27,7 @@ node.cvmfs.remote.each_pair do |repo,config|
# list of repository maintainers
maintainers = config[:maintainer]
group maintainer do
members ['cvmfs'] << maintainers
members maintainers
end
directory "/cvmfs/#{repo}" do
......@@ -63,24 +60,15 @@ node.cvmfs.remote.each_pair do |repo,config|
end
directory '/home/cvmfs/.ssh' do
owner 'cvmfs'
group 'cvmfs'
mode '0700'
recursive true
end
sys_ssh_config 'cvmfs' do
sys_ssh_config 'root' do
config ssh_config
end
if node.cvmfs.remote_key.empty?
Chef::Log.warn("No SSH login key to CVMFS servers provided")
else
file '/home/cvmfs/.ssh/id_rsa' do
file '/root/.ssh/id_rsa' do
content node.cvmfs.remote_key.gsub(/^ */,'').gsub(/^$\n/,'')
owner 'cvmfs'
group 'cvmfs'
mode '0600'
backup false
end
......
......@@ -7,7 +7,7 @@ run_list(
)
default_attributes(
:sys => {
:ssh => { :authorize => { 'cvmfs' => { :keys => [ 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ33u0CFd+KbcT1agerP3zAbG57iXPKWT8ACznmWidHjAma23O8QvDXc3TuKu7OnsWpV6kCNpOJqw35pf7c6xRK+ZVWk8MnKkEm/Ht2UGukVWsLhlAPczG3Def8bkR0DrzOybR/ytWjnUbxGeg3EyJwgelA76KpNc/qdBeYyZI6/CgH3D0jJKfRdftv+4AC/tBBqHUeUa/RR7vG4yTasQ8HAIvCH4q5E3VO0HsWFZAxwodtOkmqaEmUoKxvXL1jCnttELzte1eQqMCkDtS4LhxfAeFGLwEDUTX+9eXstDkUY9BO0v1xDJnge5d0InVmBony1waXJU3Z7JTQTMj7aZ9' ] } } }
:ssh => { :authorize => { 'root' => { :keys => [ 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDZ33u0CFd+KbcT1agerP3zAbG57iXPKWT8ACznmWidHjAma23O8QvDXc3TuKu7OnsWpV6kCNpOJqw35pf7c6xRK+ZVWk8MnKkEm/Ht2UGukVWsLhlAPczG3Def8bkR0DrzOybR/ytWjnUbxGeg3EyJwgelA76KpNc/qdBeYyZI6/CgH3D0jJKfRdftv+4AC/tBBqHUeUa/RR7vG4yTasQ8HAIvCH4q5E3VO0HsWFZAxwodtOkmqaEmUoKxvXL1jCnttELzte1eQqMCkDtS4LhxfAeFGLwEDUTX+9eXstDkUY9BO0v1xDJnge5d0InVmBony1waXJU3Z7JTQTMj7aZ9' ] } } }
},
:cvmfs => { :server => { :repos => [ 'alpha.devops.test' ] } }
)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment