redis: Don't set the owner of /var/{lib,log}/redis to a redis instance account

2018-12-17 14:43:42 +01:00 · 2018-12-17 14:43:42 +01:00 · fa49f249e7
parent f46f5ccbde
commit fa49f249e7
2 changed files with 12 additions and 2 deletions
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -18,6 +18,7 @@ The **patch** part changes incrementally at each release.
 ### Fixed
 * nginx: Munin url config is now a template to insert the server-status prefix
 * redis: In instance mode, ensure to replace the nrpe check_redis with the instance check script
+* redis: Don't set the owner of /var/{lib,log}/redis to a redis instance account 
 * nagios-nrpe: check_process now return the error code (making the check more usefull than /bin/true)

 ### Security
--- a/redis/tasks/instances.yml
+++ b/redis/tasks/instances.yml
@ -52,6 +52,17 @@
  tags:
    - redis

+- name: Ensure redis base folders will be accessible for all instances
+  file:
+    dest: "{{ item }}"
+    state: directory
+    mode: "0755"
+    owner: "redis"
+    group: "redis"
+  with_items:
+    - "/var/lib/redis"
+    - "/var/log/redis"
+
 - name: Instances directories are present
  file:
    dest: "{{ item }}"
@ -60,9 +71,7 @@
    owner: "redis-{{ redis_instance_name }}"
    group: "redis-{{ redis_instance_name }}"
  with_items:
-    - "/var/lib/redis"
    - "{{ redis_dbdir }}"
-    - "/var/log/redis"
    - "{{ redis_logfile | dirname }}"
  tags:
    - redis