Run as user

examples/init.pp

@@ -1,16 +1,14 @@
 node default {
-
   $user = 'root'
   $password = 'root'
 
-  class { '::mysql::server':
+  class { 'mysql::server':
     root_password           => "%${password}%",
     remove_default_accounts => true,
-  } ->
-  class { '::orchestrator':
+  }
+  -> class { 'orchestrator':
     config_override => {
       'MySQLOrchestratorHost' => '127.0.0.1',
     },
   }
-
 }

manifests/config.pp

@@ -1,16 +1,13 @@
 #
-
 class orchestrator::config inherits orchestrator {
-
   # Create a merged together set of options.  Rightmost hashes win over left. Requires stdlib
   $options = merge($orchestrator::config_defaults, $orchestrator::config_override)
 
   file { $orchestrator::config:
     ensure  => file,
-    owner   => 0,
-    group   => 0,
-    mode    => '0644',
+    owner   => $orchestrator::service_user,
+    group   => $orchestrator::service_group,
+    mode    => '0640',
     content => template($orchestrator::config_template),
   }
-
 }

manifests/init.pp

@@ -1,21 +1,49 @@
+# @summary MySQL orchestrator: For managing replication and failover.
 #
-# MySQL orchestrator: For managing replication and failover.
-#
+# @param config
+#   full path to configuration file
+# @param config_defaults
+#   default configuration for orchestrator
+# @param config_override
+#   configuration overlay
+# @param config_template
+#   path to configuration file template
+# @param package_ensure
+#   ensure package resource
+# @param package_manage
+#   if true module will manage package
+# @param package_name
+#   list of packages install. Default ['orchestrator']
+# @param repo_manage
+#   if true module will manage repo with orchestrator package
+# @param service_enable
+#   if true service orchestrator will be enaled at boot
+# @param service_ensure
+#   ensure service resource
+# @param service_manage
+#   if true module willl manage service
+# @param service_name
+#   service name to manage. Default 'orchestrator'
+# @param service_user
+#   user to own the service. Default 'root'
+# @param service_group
+#   group to own the service. Default 'root'
 class orchestrator (
-  $config            = $orchestrator::params::config,
-  $config_defaults   = $orchestrator::params::config_defaults,
-  $config_override   = {},
-  $config_template   = $orchestrator::params::config_template,
-  $package_ensure    = $orchestrator::params::package_ensure,
-  $package_manage    = $orchestrator::params::package_manage,
-  $package_name      = $orchestrator::params::package_name,
-  $repo_manage       = $orchestrator::params::repo_manage,
-  $service_enable    = $orchestrator::params::service_enable,
-  $service_ensure    = $orchestrator::params::service_ensure,
-  $service_manage    = $orchestrator::params::service_manage,
-  $service_name      = $orchestrator::params::service_name,
+  String $config                        = $orchestrator::params::config,
+  Hash[String[1], Any] $config_defaults = $orchestrator::params::config_defaults,
+  Hash[String[1], Any] $config_override = {},
+  String $config_template               = $orchestrator::params::config_template,
+  String $package_ensure                = $orchestrator::params::package_ensure,
+  Boolean $package_manage               = $orchestrator::params::package_manage,
+  Array[String[1]] $package_name        = $orchestrator::params::package_name,
+  Boolean $repo_manage                  = $orchestrator::params::repo_manage,
+  Boolean $service_enable               = $orchestrator::params::service_enable,
+  String $service_ensure                = $orchestrator::params::service_ensure,
+  Boolean $service_manage               = $orchestrator::params::service_manage,
+  String $service_name                  = $orchestrator::params::service_name,
+  String $service_user                  = $orchestrator::params::service_user,
+  String $service_group                 = $orchestrator::params::service_group,
 ) inherits orchestrator::params {
-
   validate_absolute_path($config)
   validate_string($config_template)
   validate_string($package_ensure)
@@ -27,14 +55,15 @@
   validate_bool($service_manage)
   validate_string($service_name)
 
-  # Using anchor pattern based on known issue:
-  # http://docs.puppetlabs.com/puppet/2.7/reference/lang_containment.html#known-issues
-  anchor { 'orchestrator::begin': } ->
-  class { '::orchestrator::repo': } ->
-  class { '::orchestrator::install': } ->
-  class { '::orchestrator::config': } ~>
-  class { '::orchestrator::my_cnf': } ~>
-  class { '::orchestrator::service': } ->
-  anchor { 'orchestrator::end': }
+  contain orchestrator::repo
+  contain orchestrator::install
+  contain orchestrator::config
+  contain orchestrator::my_cnf
+  contain orchestrator::service
 
+  Class['orchestrator::repo']
+  -> Class['orchestrator::install']
+  -> Class['orchestrator::config']
+  ~> Class['orchestrator::my_cnf']
+  -> Class['orchestrator::service']
 }

manifests/install.pp

@@ -1,12 +1,8 @@
 #
 class orchestrator::install inherits orchestrator {
-
   if $orchestrator::package_manage {
-
     package { $orchestrator::package_name:
       ensure => $orchestrator::package_ensure,
     }
-
   }
-
 }

manifests/my_cnf.pp

@@ -3,11 +3,17 @@
   $cnf_erb = 'orchestrator/orchestrator.cnf.erb'
 
   file { $orchestrator::topology_cnf:
+    ensure  => file,
+    owner   => $orchestrator::service_user,
+    group   => $orchestrator::service_group,
+    mode    => '0640',
     content => template($cnf_erb),
-    mode    => '0644',
   }
   file { $orchestrator::srv_cnf:
+    ensure  => file,
+    owner   => $orchestrator::service_user,
+    group   => $orchestrator::service_group,
+    mode    => '0640',
     content => template($cnf_erb),
-    mode    => '0644',
   }
 }

manifests/params.pp

@@ -1,16 +1,17 @@
 #
 class orchestrator::params {
-
   $config            = '/etc/orchestrator.conf.json'
   $config_template   = 'orchestrator/orchestrator.conf.json.erb'
   $package_ensure    = 'present'
   $package_manage    = true
-  $package_name      = [ 'orchestrator' ]
+  $package_name      = ['orchestrator']
   $repo_manage       = true
   $service_enable    = true
   $service_ensure    = 'running'
   $service_manage    = true
   $service_name      = 'orchestrator'
+  $service_user      = 'root'
+  $service_group     = 'root'
   $srv_cnf           = '/etc/orchestrator_srv.cnf'
   $topology_cnf      = '/etc/orchestrator.cnf'
 
@@ -74,7 +75,7 @@
     'AuthUserHeader'                             => '',
     'PowerAuthUsers'                             => ['*'],
     'ClusterNameToAlias'                         => {
-      '127.0.0.1' => 'test suite'
+      '127.0.0.1' => 'test suite',
     },
     'AccessTokenUseExpirySeconds'                => 60,
     'AccessTokenExpiryMinutes'                   => 1440,
@@ -120,26 +121,26 @@
     'RecoveryPeriodBlockSeconds'                 => 600,
     'RecoveryIgnoreHostnameFilters'              => [],
     'RecoverMasterClusterFilters'                => [
-      '_master_pattern_'
+      '_master_pattern_',
     ],
     'RecoverIntermediateMasterClusterFilters'    => [
-      '_intermediate_master_pattern_'
+      '_intermediate_master_pattern_',
     ],
     'OnFailureDetectionProcesses'                => [
-      "echo 'Detected {failureType} on {failureCluster}. Affected replicas: {countSlaves}' >> /tmp/recovery.log"
+      "echo 'Detected {failureType} on {failureCluster}. Affected replicas: {countSlaves}' >> /tmp/recovery.log",
     ],
     'PreFailoverProcesses'                       => [
-      "echo 'Will recover from {failureType} on {failureCluster}' >> /tmp/recovery.log"
+      "echo 'Will recover from {failureType} on {failureCluster}' >> /tmp/recovery.log",
     ],
     'PostFailoverProcesses'                      => [
-      "echo '(for all types) Recovered from {failureType} on {failureCluster}. Failed: {failedHost}:{failedPort}; Successor: {successorHost}:{successorPort}' >> /tmp/recovery.log"
+      "echo '(for all types) Recovered from {failureType} on {failureCluster}. Failed: {failedHost}:{failedPort}; Successor: {successorHost}:{successorPort}' >> /tmp/recovery.log",
     ],
     'PostUnsuccessfulFailoverProcesses'          => [],
     'PostMasterFailoverProcesses'                => [
-      "echo 'Recovered from {failureType} on {failureCluster}. Failed: {failedHost}:{failedPort}; Promoted: {successorHost}:{successorPort}' >> /tmp/recovery.log"
+      "echo 'Recovered from {failureType} on {failureCluster}. Failed: {failedHost}:{failedPort}; Promoted: {successorHost}:{successorPort}' >> /tmp/recovery.log",
     ],
     'PostIntermediateMasterFailoverProcesses'    => [
-      "echo 'Recovered from {failureType} on {failureCluster}. Failed: {failedHost}:{failedPort}; Successor: {successorHost}:{successorPort}' >> /tmp/recovery.log"
+      "echo 'Recovered from {failureType} on {failureCluster}. Failed: {failedHost}:{failedPort}; Successor: {successorHost}:{successorPort}' >> /tmp/recovery.log",
     ],
     'CoMasterRecoveryMustPromoteOtherCoMaster'   => true,
     'DetachLostSlavesAfterMasterFailover'        => true,

manifests/repo.pp

@@ -19,5 +19,4 @@
       }
     }
   }
-
 }

manifests/service.pp

@@ -1,11 +1,23 @@
 #
 class orchestrator::service inherits orchestrator {
-
-  if ! ($orchestrator::service_ensure in [ 'running', 'stopped' ]) {
+  if ! ($orchestrator::service_ensure in ['running', 'stopped']) {
     fail('service_ensure parameter must be running or stopped')
   }
 
   if $orchestrator::service_manage == true {
+    if 'systemd' in $facts['init_systems'] {
+      include systemd
+
+      systemd::manage_dropin { '10_user.conf':
+        ensure        => 'present',
+        unit          => 'orchestrator.service',
+        service_entry => {
+          'User'  => $orchestrator::service_user,
+          'Group' => $orchestrator::service_group,
+        },
+        notify        => Service['orchestrator'],
+      }
+    }
 
     service { 'orchestrator':
       ensure     => $orchestrator::service_ensure,
@@ -15,7 +27,5 @@
       name       => $orchestrator::service_name,
       subscribe  => File[$orchestrator::config],
     }
-
   }
-
 }

metadata.json

@@ -48,7 +48,7 @@
         "15.04",
         "15.10",
         "16.04"
-     ]
+      ]
     }
   ],
   "requirements": [
@@ -57,6 +57,7 @@
   ],
   "dependencies": [
     { "name": "puppetlabs/stdlib", "version_requirement": ">= 3.2.0 <5.0.0" },
-    { "name": "computology/packagecloud", "version_requirement": ">= 0.2.0" }
+    { "name": "computology/packagecloud", "version_requirement": ">= 0.2.0" },
+    { "name": "voxpupuli/systemd", "version_requirement": ">= 4.1.0" }
   ]
 }