Make the replication service sudo to www-data to expire tiles
authorTom Hughes <tom@compton.nu>
Sat, 6 Jul 2013 13:40:27 +0000 (14:40 +0100)
committerTom Hughes <tom@compton.nu>
Sat, 6 Jul 2013 13:40:27 +0000 (14:40 +0100)
cookbooks/tile/recipes/default.rb
cookbooks/tile/templates/default/replicate.erb
cookbooks/tile/templates/default/sudoers.erb [new file with mode: 0644]

index bb7459eceb452c13303a813a1c5e6520ad5485fc..190aed4a16b5be0c718afacc7dc9d790e9277271 100644 (file)
@@ -367,6 +367,13 @@ template "/usr/local/bin/expire-tiles" do
   mode 0755
 end
 
+template "/etc/sudoers.d/tile" do
+  source "sudoers.erb"
+  owner "root"
+  group "root"
+  mode 0440
+end
+
 directory "/var/lib/replicate" do
   owner "tile"
   group "tile"
index f996afb04e4248637422f38d675796c5b600bf1b..5d940375bf36e60d6e96a19c5b5692fc6b3e6a1e 100644 (file)
@@ -59,7 +59,7 @@ do
 <% end -%>
 
             # Expire tiles which are touched by the changes
-            /usr/local/bin/expire-tiles ${file} > /dev/null 2>&1 &
+            sudo -u www-data /usr/local/bin/expire-tiles ${file} > /dev/null 2>&1 &
        fi
 
         # Delete old downloads
diff --git a/cookbooks/tile/templates/default/sudoers.erb b/cookbooks/tile/templates/default/sudoers.erb
new file mode 100644 (file)
index 0000000..90db9cd
--- /dev/null
@@ -0,0 +1,4 @@
+# DO NOT EDIT - This file is being maintained by Chef
+
+# Allow the replication service to expire tiles
+tile ALL=(www-data) NOPASSWD: /usr/local/bin/expire-tiles