diff --git a/CHANGELOG.md b/CHANGELOG.md index ce9094c..6aafbfc 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,15 @@ +# 0.3.0 + +* Systemd support + +# 0.2.3 + +* Updated EL repository URL + +# 0.2.2 + +* Add a timeout in pubkey fetcher to prevent lockout when Conjur is unreachable + # 0.2.1 * Lower nslcd's idle_timelimit to one second diff --git a/Rakefile b/Rakefile index 136d0e7..e8726a3 100644 --- a/Rakefile +++ b/Rakefile @@ -10,11 +10,14 @@ end desc "Package cookbooks into a chef-solo tarball" task :package => :vendor do + `rm -rf vendor/cookbooks/conjur` `mkdir -p vendor/cookbooks/conjur` - `cp -r metadata.rb Berksfile Berksfile.lock CHANGELOG.md chefignore README.md attributes recipes spec vendor/cookbooks/conjur` - version=`git describe --tags`.strip + `cp -r metadata.rb Berksfile Berksfile.lock CHANGELOG.md chefignore \ + README.md attributes recipes files templates libraries \ + vendor/cookbooks/conjur` + version=`git describe --tags --dirty`.strip Dir.chdir 'vendor' tarball = "conjur-#{version}.tar.gz" puts "Building cookbook tarball #{tarball}" - `tar czf ../#{tarball} cookbooks` + `tar czv --numeric-owner --owner=0 --group=root --mode=og+r -f ../#{tarball} cookbooks` end diff --git a/files/default/systemd/logshipper.service b/files/default/systemd/logshipper.service new file mode 100644 index 0000000..cfdec51 --- /dev/null +++ b/files/default/systemd/logshipper.service @@ -0,0 +1,18 @@ +[Unit] +Description=Conjur log shipping service +Documentation=https://developer.conjur.net +Wants=rsyslog.service +Before=rsyslog.service + +[Service] +ExecStartPre=-/bin/rm /var/run/logshipper +ExecStartPre=/bin/mkfifo --context --mode 0460 /var/run/logshipper +ExecStartPre=/bin/chown logshipper /var/run/logshipper +ExecStart=/usr/sbin/logshipper -n /var/run/logshipper +Restart=always +User=logshipper +Group=conjur +PermissionsStartOnly=true + +[Install] +RequiredBy=rsyslog.service diff --git a/libraries/conjur_helper_methods.rb b/libraries/conjur_helper_methods.rb index 503e3d5..0b5090d 100644 --- a/libraries/conjur_helper_methods.rb +++ b/libraries/conjur_helper_methods.rb @@ -9,6 +9,8 @@ module ConjurDetect def self.detect_init if test 'x', '/sbin/runit' 'runit' + elsif test 'x', '/usr/bin/systemctl' + 'systemd' else 'upstart' end diff --git a/metadata.rb b/metadata.rb index f0ecb4c..b61fce2 100644 --- a/metadata.rb +++ b/metadata.rb @@ -3,7 +3,7 @@ maintainer_email 'support@conjur.net' license 'MIT License' description 'Installs/Configures conjur' -version '0.2.2' +version '0.3.0' recipe "conjur::install", "Installs Conjur base packages and configuration, suitable for a foundation image." @@ -11,6 +11,6 @@ depends "yum" depends "sshd-service" -%w(ubuntu).each do |platform| +%w(ubuntu centos).each do |platform| supports platform end diff --git a/recipes/_install_logshipper_systemd.rb b/recipes/_install_logshipper_systemd.rb new file mode 100644 index 0000000..58aa461 --- /dev/null +++ b/recipes/_install_logshipper_systemd.rb @@ -0,0 +1,13 @@ +cookbook_file '/etc/systemd/system/logshipper.service' do + source 'systemd/logshipper.service' + owner 'root' + group 'root' + mode '0644' +end + +bash 'enable and run logshipper' do + code """ + systemctl enable logshipper + systemctl restart rsyslog + """ +end