From bc1745115b6a9c7837075a4353d60a1e5a1e2ca9 Mon Sep 17 00:00:00 2001 From: James Page Date: Tue, 17 Jul 2018 15:28:40 -0400 Subject: [PATCH] Update WSGI process group Ensure WSGI processes run under the 'gnocchi' group to support restriction in permissions to /etc/gnocchi/* to root or members of the gnocchi group. This change also picks up changes in charms.openstack to support this functionality, as well as fixing misc issues with upgrades. Change-Id: I14d865cd96b7c250ad92c8bdee74693a6eccc769 Closes-Bug: 1780490 Closes-Bug: 1779062 Related-Bug: 1781468 --- src/templates/gnocchi-api.conf | 2 +- src/templates/newton/gnocchi-api.conf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/src/templates/gnocchi-api.conf b/src/templates/gnocchi-api.conf index 0474b00..93d1f1c 100644 --- a/src/templates/gnocchi-api.conf +++ b/src/templates/gnocchi-api.conf @@ -7,7 +7,7 @@ Listen {{ options.service_listen_info.gnocchi_api.public_port }} - WSGIDaemonProcess gnocchi-api processes={{ options.wsgi_worker_context.processes }} threads=10 user=gnocchi display-name=%{GROUP} + WSGIDaemonProcess gnocchi-api processes={{ options.wsgi_worker_context.processes }} threads=10 user=gnocchi group=gnocchi display-name=%{GROUP} WSGIProcessGroup gnocchi-api WSGIScriptAlias / /usr/share/gnocchi-common/app.wsgi WSGIApplicationGroup %{GLOBAL} diff --git a/src/templates/newton/gnocchi-api.conf b/src/templates/newton/gnocchi-api.conf index 6845775..cef4fa4 100644 --- a/src/templates/newton/gnocchi-api.conf +++ b/src/templates/newton/gnocchi-api.conf @@ -7,7 +7,7 @@ Listen {{ options.service_listen_info.gnocchi_api.public_port }} - WSGIDaemonProcess gnocchi-api processes={{ options.wsgi_worker_context.processes }} threads=10 user=gnocchi display-name=%{GROUP} + WSGIDaemonProcess gnocchi-api processes={{ options.wsgi_worker_context.processes }} threads=10 user=gnocchi group=gnocchi display-name=%{GROUP} WSGIProcessGroup gnocchi-api WSGIScriptAlias / /usr/bin/gnocchi-api WSGIApplicationGroup %{GLOBAL}