From 98f83858e6105d594b29ad1f1606f422e90cfcfb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rafa=C5=82=20Rzepecki?= Date: Mon, 21 Dec 2015 17:58:09 +0100 Subject: [PATCH] Rearrange rsyslog and logshipper deps in systemd Also, create the fifo on demand, with correct security context. Finally works. --- files/default/systemd/logshipper.service | 9 +++++++-- recipes/_install_logshipper_systemd.rb | 4 ++-- 2 files changed, 9 insertions(+), 4 deletions(-) diff --git a/files/default/systemd/logshipper.service b/files/default/systemd/logshipper.service index ea18d1f..cfdec51 100644 --- a/files/default/systemd/logshipper.service +++ b/files/default/systemd/logshipper.service @@ -1,13 +1,18 @@ [Unit] Description=Conjur log shipping service Documentation=https://developer.conjur.net -RequiresOverridable=rsyslog.service +Wants=rsyslog.service +Before=rsyslog.service [Service] +ExecStartPre=-/bin/rm /var/run/logshipper +ExecStartPre=/bin/mkfifo --context --mode 0460 /var/run/logshipper +ExecStartPre=/bin/chown logshipper /var/run/logshipper ExecStart=/usr/sbin/logshipper -n /var/run/logshipper Restart=always User=logshipper Group=conjur +PermissionsStartOnly=true [Install] -WantedBy=rsyslog.target +RequiredBy=rsyslog.service diff --git a/recipes/_install_logshipper_systemd.rb b/recipes/_install_logshipper_systemd.rb index 428f945..58aa461 100644 --- a/recipes/_install_logshipper_systemd.rb +++ b/recipes/_install_logshipper_systemd.rb @@ -2,12 +2,12 @@ source 'systemd/logshipper.service' owner 'root' group 'root' - mode '0755' + mode '0644' end bash 'enable and run logshipper' do code """ systemctl enable logshipper - systemctl start logshipper + systemctl restart rsyslog """ end